GRANT ALL PRIVILEGES statement
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.
What it detects
GRANT ALL (PRIVILEGES) hands a role every permission on the target instead of the specific ones it needs, so a compromise of that role compromises the whole database or schema.
Why it matters
GRANT ALL PRIVILEGES gives a role every permission on the target (create, alter, drop, insert, delete, and more), not just the ones the application actually uses. If that role's credentials leak or the application has an injection flaw, the attacker inherits the same unrestricted access rather than a narrow, contained one.
How to fix it
Replace ALL PRIVILEGES with the specific privileges the role needs (typically SELECT, INSERT, UPDATE, DELETE for an application role; add others only when a real feature requires them). Grant schema-level or table-level privileges rather than instance-wide ones where possible, and use a separate, more privileged role only for migrations.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo