diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go
index 270234ec8780c..26000de57bb79 100644
--- a/privilege/privileges/cache.go
+++ b/privilege/privileges/cache.go
@@ -479,8 +479,10 @@ func (p *MySQLPrivilege) showGrants(user, host string) []string {
 	for _, record := range p.User {
 		if record.User == user && record.Host == host {
 			g := userPrivToString(record.Privileges)
-			s := fmt.Sprintf(`GRANT %s ON *.* TO '%s'@'%s'`, g, record.User, record.Host)
-			gs = append(gs, s)
+			if len(g) > 0 {
+				s := fmt.Sprintf(`GRANT %s ON *.* TO '%s'@'%s'`, g, record.User, record.Host)
+				gs = append(gs, s)
+			}
 			break // it's unique
 		}
 	}
@@ -489,8 +491,10 @@ func (p *MySQLPrivilege) showGrants(user, host string) []string {
 	for _, record := range p.DB {
 		if record.User == user && record.Host == host {
 			g := dbPrivToString(record.Privileges)
-			s := fmt.Sprintf(`GRANT %s ON %s.* TO '%s'@'%s'`, g, record.DB, record.User, record.Host)
-			gs = append(gs, s)
+			if len(g) > 0 {
+				s := fmt.Sprintf(`GRANT %s ON %s.* TO '%s'@'%s'`, g, record.DB, record.User, record.Host)
+				gs = append(gs, s)
+			}
 		}
 	}
 
@@ -498,8 +502,10 @@ func (p *MySQLPrivilege) showGrants(user, host string) []string {
 	for _, record := range p.TablesPriv {
 		if record.User == user && record.Host == host {
 			g := tablePrivToString(record.TablePriv)
-			s := fmt.Sprintf(`GRANT %s ON %s.%s TO '%s'@'%s'`, g, record.DB, record.TableName, record.User, record.Host)
-			gs = append(gs, s)
+			if len(g) > 0 {
+				s := fmt.Sprintf(`GRANT %s ON %s.%s TO '%s'@'%s'`, g, record.DB, record.TableName, record.User, record.Host)
+				gs = append(gs, s)
+			}
 		}
 	}
 	return gs
diff --git a/privilege/privileges/privileges_test.go b/privilege/privileges/privileges_test.go
index 9b3f9d24d5e62..f78410093cb4e 100644
--- a/privilege/privileges/privileges_test.go
+++ b/privilege/privileges/privileges_test.go
@@ -216,6 +216,19 @@ func (s *testPrivilegeSuite) TestShowGrants(c *C) {
 		`GRANT ALL PRIVILEGES ON test1.* TO 'show'@'localhost'`,
 		`GRANT Update ON test.test TO 'show'@'localhost'`}
 	c.Assert(testutil.CompareUnorderedStringSlice(gs, expected), IsTrue)
+
+	// Fix a issue that empty privileges is displayed when revoke after grant.
+	mustExec(c, se, "TRUNCATE TABLE mysql.db")
+	mustExec(c, se, "TRUNCATE TABLE mysql.user")
+	mustExec(c, se, "TRUNCATE TABLE mysql.tables_priv")
+	mustExec(c, se, "GRANT ALL PRIVILEGES ON `te%`.* TO 'show'@'localhost'")
+	mustExec(c, se, "REVOKE ALL PRIVILEGES ON `te%`.* FROM 'show'@'localhost'")
+	mustExec(c, se, `FLUSH PRIVILEGES;`)
+	gs, err = pc.ShowGrants(se, &auth.UserIdentity{Username: "show", Hostname: "localhost"})
+	c.Assert(err, IsNil)
+	// It should not be "GRANT ON `te%`.* to 'show'@'localhost'"
+	c.Assert(gs, HasLen, 0)
+
 }
 
 func (s *testPrivilegeSuite) TestDropTablePriv(c *C) {