diff --git a/executor/builder.go b/executor/builder.go
index 8009b5384ed29..0bb542a1a5129 100644
--- a/executor/builder.go
+++ b/executor/builder.go
@@ -650,6 +650,8 @@ func (b *executorBuilder) buildShow(v *plannercore.PhysicalShow) Executor {
 		// The former determine privileges with roles, while the later doesn't.
 		vars := e.ctx.GetSessionVars()
 		e.User = vars.User
+		e.User.Hostname = vars.User.AuthHostname
+		e.User.Username = vars.User.AuthUsername
 		e.Roles = vars.ActiveRoles
 	}
 	if e.Tp == ast.ShowMasterStatus {
diff --git a/executor/show_test.go b/executor/show_test.go
index 0de40adbd88c3..e47989b420659 100644
--- a/executor/show_test.go
+++ b/executor/show_test.go
@@ -150,6 +150,13 @@ func (s *testSuite5) TestShowGrantsPrivilege(c *C) {
 	tk1.Se = se
 	err = tk1.QueryToErr("show grants for root")
 	c.Assert(err.Error(), Equals, executor.ErrDBaccessDenied.GenWithStackByArgs("show_grants", "%", mysql.SystemDB).Error())
+	// Test show grants for user with auth host name `%`.
+	tk2 := testkit.NewTestKit(c, s.store)
+	se2, err := session.CreateSession4Test(s.store)
+	c.Assert(err, IsNil)
+	c.Assert(se2.Auth(&auth.UserIdentity{Username: "show_grants", Hostname: "127.0.0.1", AuthUsername: "show_grants", AuthHostname: "%"}, nil, nil), IsTrue)
+	tk2.Se = se2
+	tk2.MustQuery("show grants")
 }
 
 func (s *testSuite5) TestIssue3641(c *C) {