diff --git a/src/observer/virtual_table/ob_show_grants.cpp b/src/observer/virtual_table/ob_show_grants.cpp
index fdc56228cc..60da288c11 100644
--- a/src/observer/virtual_table/ob_show_grants.cpp
+++ b/src/observer/virtual_table/ob_show_grants.cpp
@@ -767,7 +767,7 @@ int ObShowGrants::has_show_grants_priv(uint64_t show_user_id) const
     //FIXME@xiyu: schema_cache: master aad alloc, which is no need as we use arena for priv
     ObArenaAllocator alloc;
     ObStmtNeedPrivs stmt_need_privs(alloc);
-    ObNeedPriv need_priv("mysql", "", OB_PRIV_DB_LEVEL, OB_PRIV_SELECT, false);
+    ObNeedPriv need_priv("mysql", "user", OB_PRIV_TABLE_LEVEL, OB_PRIV_SELECT, false);
     if (OB_FAIL(stmt_need_privs.need_privs_.init(1))) {
       SERVER_LOG(WARN, "fail to init need_privs", K(ret));
     } else if (OB_FAIL(stmt_need_privs.need_privs_.push_back(need_priv))) {
diff --git a/src/sql/privilege_check/ob_privilege_check.cpp b/src/sql/privilege_check/ob_privilege_check.cpp
index 71efc12d31..5c96fccd56 100644
--- a/src/sql/privilege_check/ob_privilege_check.cpp
+++ b/src/sql/privilege_check/ob_privilege_check.cpp
@@ -1491,6 +1491,8 @@ int get_revoke_stmt_need_privs(
                                          stmt->get_database_name(),
                                          stmt->get_table_name()))) {
       LOG_WARN("Can not grant information_schema database", K(ret));
+    } else if (lib::is_mysql_mode() && stmt->get_revoke_all()) {
+      //check privs at resolver
     } else {
       need_priv.db_ = stmt->get_database_name();
       need_priv.table_ = stmt->get_table_name();
diff --git a/src/sql/resolver/dcl/ob_revoke_resolver.cpp b/src/sql/resolver/dcl/ob_revoke_resolver.cpp
index 9698da34e2..4c616e3201 100644
--- a/src/sql/resolver/dcl/ob_revoke_resolver.cpp
+++ b/src/sql/resolver/dcl/ob_revoke_resolver.cpp
@@ -321,6 +321,23 @@ int ObRevokeResolver::resolve_mysql(const ParseNode &parse_tree)
           users_node = node->children_[0];
           revoke_stmt->set_revoke_all(true);
           revoke_stmt->set_grant_level(OB_PRIV_USER_LEVEL);
+          if (OB_SUCC(ret)) {
+            ObSessionPrivInfo session_priv;
+            ObArenaAllocator alloc;
+            ObStmtNeedPrivs stmt_need_privs(alloc);
+            ObNeedPriv need_priv("mysql", "", OB_PRIV_DB_LEVEL, OB_PRIV_UPDATE, false);
+            OZ (stmt_need_privs.need_privs_.init(1));
+            OZ (stmt_need_privs.need_privs_.push_back(need_priv));
+            //check CREATE USER or UPDATE privilege on mysql
+            params_.session_info_->get_session_priv_info(session_priv);
+            if (OB_SUCC(ret) && OB_FAIL(schema_checker_->check_priv(session_priv, stmt_need_privs))) {
+              stmt_need_privs.need_privs_.at(0) =
+                  ObNeedPriv("", "", OB_PRIV_USER_LEVEL, OB_PRIV_CREATE_USER, false);
+              if (OB_FAIL(schema_checker_->check_priv(session_priv, stmt_need_privs))) {
+                LOG_WARN("no priv", K(ret));
+              }
+            }
+          }
         }
         //resolve privileges
         if (OB_SUCC(ret) && (NULL != privs_node)) {