It appears that in 10.3 there was a new privilege introduced, DELETE HISTORY, which means ALL will not work anymore if the user doesn’t have it.
It still works. However, in 10.3 there is a new privilege DELETE HISTORY which your sys_dbcreator is missing, so it doesn’t have ALL on the database level anymore, and thus cannot grant it.
The only way to do this is to manually specify all the privileges now. I hope I am wrong but this appears to be the case. I suspect this may be a bug in the RDS provisioning and they should add this privilege to the new admin user that is created.
Update: Just chatted with AWS support and they are aware of the issue and agree that the DELETE HISTORY privilege should get GRANT ALL working again. I also asked them to update their provisioning scripts to get this added. They recommended using 10.2 in the meantime.
- https://jira.mariadb.org/browse/MDEV-18884 (GRANT ALL returns Access denied for user with GRANT OPTION)