diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
index 455797597..552965523 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
@@ -9,10 +9,9 @@ If an attacker successfully "injects" DCL type SQL commands into a database, he
 * GRANT -  give a user access privileges on database objects
 * REVOKE - withdraw user privileges that were previously given using GRANT
 * Example:
-** GRANT CREATE TABLE +
-   TO operator;
+** GRANT CREATE TABLE TO operator;
 ** This statement gives all users of the operator-role the privilege to create new tables in the database.
 
 
-Try to grant the user group "UnauthorizedUser" the right to alter tables:
+Try to grant rights to the table `grant_rights` to user `unauthorized_user`: