diff --git a/cmd/admin-policy-attach.go b/cmd/admin-policy-attach.go
index e37b3a0328..78de2694b4 100644
--- a/cmd/admin-policy-attach.go
+++ b/cmd/admin-policy-attach.go
@@ -23,6 +23,10 @@ import (
 	"github.com/minio/mc/pkg/probe"
 )
 
+const (
+	errCodeChangeAlreadyApplied = "XMinioAdminPolicyChangeAlreadyApplied"
+)
+
 var adminAttachPolicyFlags = []cli.Flag{
 	cli.StringFlag{
 		Name:  "user, u",
@@ -97,7 +101,10 @@ func userAttachOrDetachPolicy(ctx *cli.Context, attach bool) error {
 	} else {
 		res, e = client.DetachPolicy(globalContext, req)
 	}
-	fatalIf(probe.NewError(e), "Unable to make user/group policy association")
+
+	if e != nil && madmin.ToErrorResponse(e).Code != errCodeChangeAlreadyApplied {
+		fatalIf(probe.NewError(e), "Unable to make user/group policy association")
+	}
 
 	var emptyResp madmin.PolicyAssociationResp
 	if res.UpdatedAt == emptyResp.UpdatedAt {
diff --git a/functional-tests.sh b/functional-tests.sh
index 88444e24cb..926eaf7bd1 100755
--- a/functional-tests.sh
+++ b/functional-tests.sh
@@ -967,6 +967,9 @@ function test_admin_users() {
 	# check that the user can write objects with readwrite policy
 	assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd admin policy attach "$SERVER_ALIAS" readwrite --user="${username}"
 
+	# verify that re-attaching an already attached policy to a user does not result in a failure.
+	assert_success "$start_time" "${FUNCNAME[0]}" mc_cmd admin policy attach "$SERVER_ALIAS" readwrite --user="${username}"
+
 	# Validate that the correct policy has been added to the user
 	"${MC_CMD[@]}" --json admin user list "${SERVER_ALIAS}" | jq -r '.policyName' | grep --quiet "^readwrite$"
 	rv=$?