diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc
index 1b579a75acb..9be90bdb023 100644
--- a/sql/auth/sql_user.cc
+++ b/sql/auth/sql_user.cc
@@ -1932,7 +1932,6 @@ bool change_password(THD *thd, LEX_USER *lex_user, const char *new_password,
                             retain_current_password))
     return true;
 
-  Acl_cache_lock_guard acl_cache_lock(thd, Acl_cache_lock_mode::WRITE_MODE);
   /*
     This statement will be replicated as a statement, even when using
     row-based replication.  The binlog state will be cleared here to
@@ -1945,6 +1944,7 @@ bool change_password(THD *thd, LEX_USER *lex_user, const char *new_password,
     return ret != 1;
 
   { /* Critical section */
+    Acl_cache_lock_guard acl_cache_lock(thd, Acl_cache_lock_mode::WRITE_MODE);
 
     if (!acl_cache_lock.lock()) {
       commit_and_close_mysql_tables(thd);