diff --git a/pkg/ccl/roleccl/role.go b/pkg/ccl/roleccl/role.go
index f0197813eda8..afe63b668dc7 100644
--- a/pkg/ccl/roleccl/role.go
+++ b/pkg/ccl/roleccl/role.go
@@ -78,11 +78,11 @@ func grantRolePlanHook(
 		ctx, span := tracing.ChildSpan(ctx, stmt.StatementTag())
 		defer tracing.FinishSpan(span)
 
-		if err := utilccl.CheckEnterpriseEnabled(
-			p.ExecCfg().Settings, p.ExecCfg().ClusterID(), p.ExecCfg().Organization(), "GRANT <role>",
-		); err != nil {
-			return err
-		}
+		// Note: we do not check the license for GRANT <role>, only for
+		// CREATE/DROP <role>. This is because we want to allow
+		// non-licensed users to add/remove users from the admin role, so
+		// they can grant administrative privileges to user accounts that
+		// are not superusers like "root".
 
 		hasAdminRole, err := p.HasAdminRole(ctx)
 		if err != nil {