diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
index 0439544ae0e3a1..b6e473c4f0e466 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java
@@ -80,16 +80,17 @@ public void analyze(Analyzer analyzer) throws AnalysisException {
                 userIdent = ConnectContext.get().getCurrentUserIdentity();
             }
         }
+        boolean isSelf = userIdent != null && ConnectContext.get().getCurrentUserIdentity().equals(userIdent);
         Preconditions.checkState(isAll || userIdent != null);
-        UserIdentity self = ConnectContext.get().getCurrentUserIdentity();
-
         // if show all grants, or show other user's grants, need global GRANT priv.
-        if (isAll || !self.equals(userIdent)) {
+        if (isAll || !isSelf) {
             if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
                 ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "GRANT");
             }
         }
-        if (userIdent != null && !Env.getCurrentEnv().getAccessManager().getAuth().doesUserExist(userIdent)) {
+        // ldap user not exist in userManager, so should not check
+        if (userIdent != null && !isSelf && !Env.getCurrentEnv().getAccessManager().getAuth()
+                .doesUserExist(userIdent)) {
             throw new AnalysisException(String.format("User: %s does not exist", userIdent));
         }
     }