diff --git a/pkg/controller/mysql/grant/reconciler.go b/pkg/controller/mysql/grant/reconciler.go
index b1e9f6f6..920c9778 100644
--- a/pkg/controller/mysql/grant/reconciler.go
+++ b/pkg/controller/mysql/grant/reconciler.go
@@ -194,14 +194,22 @@ func (c *external) getPrivileges(ctx context.Context, username, dbname string, t
 		return nil, nil, errors.Wrap(err, errCurrentGrant)
 	}
 
-	// In mysql when all grants are revoked from user, it still grants usage (meaning no privileges) on *.*
-	// So the grant can be considered as non existent, just like when privileges slice is nil/empty
+	// In mysql when all grants are revoked from user, it still grants usage (meaning no
+	// privileges) on *.* So the grant can be considered as non existent, just like when
+	// privileges slice is nil/empty
 	// https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_usage
-	if privileges == nil || privilegesEqual(privileges, []string{"USAGE"}) {
+	var ret []string
+	for _, p := range privileges {
+		if p != "USAGE" {
+			ret = append(ret, p)
+		}
+	}
+
+	if ret == nil {
 		return nil, &managed.ExternalObservation{ResourceExists: false}, nil
 	}
 
-	return privileges, nil, nil
+	return ret, nil, nil
 }
 
 func (c *external) parseGrantRows(ctx context.Context, username string, host string, dbname string, table string) ([]string, error) {
diff --git a/pkg/controller/mysql/grant/reconciler_test.go b/pkg/controller/mysql/grant/reconciler_test.go
index 218a7f5e..5417ccd9 100644
--- a/pkg/controller/mysql/grant/reconciler_test.go
+++ b/pkg/controller/mysql/grant/reconciler_test.go
@@ -379,7 +379,8 @@ func TestObserve(t *testing.T) {
 					ResourceExists:   true,
 					ResourceUpToDate: false,
 				},
-				err: nil,
+				observedPrivileges: []string{"INSERT"},
+				err:                nil,
 			},
 		},
 		"SuccessDiffGrantUsage": {