diff --git a/src/auth/models.cpp b/src/auth/models.cpp
index e03928bc0..dc0282086 100644
--- a/src/auth/models.cpp
+++ b/src/auth/models.cpp
@@ -103,6 +103,8 @@ std::string PermissionLevelToString(PermissionLevel level) {
   }
 }
 
+const std::string ASTERISK = "*";
+
 Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) {}
 
 PermissionLevel Permissions::Has(Permission permission) const {
@@ -200,18 +202,36 @@ PermissionLevel LabelPermissions::Has(const std::string &permission) const {
 }
 
 void LabelPermissions::Grant(const std::string &permission) {
+  if (permission == ASTERISK) {
+    grants_.clear();
+    grants_.insert(permission);
+
+    return;
+  }
+
   auto deniedPermissionIter = denies_.find(permission);
 
   if (deniedPermissionIter != denies_.end()) {
     denies_.erase(deniedPermissionIter);
   }
 
+  if (grants_.size() == 1 && grants_.find(ASTERISK) != grants_.end()) {
+    grants_.erase(ASTERISK);
+  }
+
   if (grants_.find(permission) == grants_.end()) {
     grants_.insert(permission);
   }
 }
 
 void LabelPermissions::Revoke(const std::string &permission) {
+  if (permission == ASTERISK) {
+    grants_.clear();
+    denies_.clear();
+
+    return;
+  }
+
   auto deniedPermissionIter = denies_.find(permission);
   auto grantedPermissionIter = grants_.find(permission);
 
@@ -225,12 +245,23 @@ void LabelPermissions::Revoke(const std::string &permission) {
 }
 
 void LabelPermissions::Deny(const std::string &permission) {
+  if (permission == ASTERISK) {
+    denies_.clear();
+    denies_.insert(permission);
+
+    return;
+  }
+
   auto grantedPermissionIter = grants_.find(permission);
 
   if (grantedPermissionIter != grants_.end()) {
     grants_.erase(grantedPermissionIter);
   }
 
+  if (denies_.size() == 1 && denies_.find(ASTERISK) != denies_.end()) {
+    denies_.erase(ASTERISK);
+  }
+
   if (denies_.find(permission) == denies_.end()) {
     denies_.insert(permission);
   }
diff --git a/src/query/frontend/ast/cypher_main_visitor.cpp b/src/query/frontend/ast/cypher_main_visitor.cpp
index 741d4146e..ca20c6afc 100644
--- a/src/query/frontend/ast/cypher_main_visitor.cpp
+++ b/src/query/frontend/ast/cypher_main_visitor.cpp
@@ -1336,12 +1336,12 @@ antlrcpp::Any CypherMainVisitor::visitRevokePrivilege(MemgraphCypher::RevokePriv
  */
 antlrcpp::Any CypherMainVisitor::visitLabelList(MemgraphCypher::LabelListContext *ctx) {
   std::vector<std::string> labels;
-  for (auto *label : ctx->label()) {
-    if (label->ASTERISK()) {
-      labels.push_back("*");
-    } else {
+  if (ctx->listOfLabels()) {
+    for (auto *label : ctx->listOfLabels()->label()) {
       labels.push_back(label->symbolicName()->accept(this).as<std::string>());
     }
+  } else {
+    labels.emplace_back("*");
   }
 
   return labels;
diff --git a/src/query/frontend/opencypher/grammar/MemgraphCypher.g4 b/src/query/frontend/opencypher/grammar/MemgraphCypher.g4
index 6988ac80b..2ecf171cc 100644
--- a/src/query/frontend/opencypher/grammar/MemgraphCypher.g4
+++ b/src/query/frontend/opencypher/grammar/MemgraphCypher.g4
@@ -260,9 +260,11 @@ privilege : CREATE
 
 privilegeList : privilege ( ',' privilege )* ;
 
-labelList : COLON label ( ',' COLON label )* ;
+labelList : '*' | listOfLabels ;
 
-label : ( '*' | symbolicName ) ;
+listOfLabels : label ( ',' label )* ;
+
+label : COLON symbolicName ;
 
 showPrivileges : SHOW PRIVILEGES FOR userOrRole=userOrRoleName ;