diff --git a/sa/_db-next/migrations/20191108171706_RemoveOldAuthzTables.sql b/sa/_db-next/migrations/20191108171706_RemoveOldAuthzTables.sql
new file mode 100644
index 000000000..42ba165ab
--- /dev/null
+++ b/sa/_db-next/migrations/20191108171706_RemoveOldAuthzTables.sql
@@ -0,0 +1,43 @@
+
+-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+DROP TABLE `authz`;
+DROP TABLE `pendingAuthorizations`;
+DROP TABLE `orderToAuthz`;
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+CREATE TABLE `authz` (
+  `id` varchar(255) NOT NULL,
+  `identifier` varchar(255) NOT NULL,
+  `registrationID` bigint(20) NOT NULL,
+  `status` varchar(255) NOT NULL,
+  `expires` datetime DEFAULT NULL,
+  `combinations` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `registrationID_identifier_status_expires_authz_idx` (`registrationID`,`identifier`,`status`,`expires`),
+  CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `pendingAuthorizations` (
+  `id` varchar(255) NOT NULL,
+  `identifier` varchar(255) NOT NULL,
+  `registrationID` bigint(20) NOT NULL,
+  `status` varchar(255) NOT NULL,
+  `expires` datetime DEFAULT NULL,
+  `combinations` varchar(255) NOT NULL,
+  `LockCol` bigint(20) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `identifier_registrationID_status_expires_idx` (`identifier`,`registrationID`,`status`,`expires`),
+  KEY `registrationID_status_expires_idx` (`registrationID`,`status`,`expires`),
+  CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `orderToAuthz` (
+  `orderID` bigint(20) NOT NULL,
+  `authzID` varchar(255) NOT NULL,
+  PRIMARY KEY (`orderID`,`authzID`),
+  KEY `authzID` (`authzID`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/sa/database_test.go b/sa/database_test.go
index d267506bd..b7e466d3a 100644
--- a/sa/database_test.go
+++ b/sa/database_test.go
@@ -65,9 +65,9 @@ func TestStrictness(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = dbMap.Exec(`insert into authz set
-		id="hi", identifier="foo", status="pending", combinations="combos",
-		registrationID=999999999999999999999999999;`)
+	_, err = dbMap.Exec(`insert into orderToAuthz2 set
+		orderID=999999999999999999999999999,
+		authzID=999999999999999999999999999;`)
 	if err == nil {
 		t.Fatal("Expected error when providing out of range value, got none.")
 	}
diff --git a/test/sa_db_users.sql b/test/sa_db_users.sql
index fd643b427..81aaf781e 100644
--- a/test/sa_db_users.sql
+++ b/test/sa_db_users.sql
@@ -15,9 +15,6 @@ CREATE USER IF NOT EXISTS 'purger'@'localhost';
 CREATE USER IF NOT EXISTS 'janitor'@'localhost';
 
 -- Storage Authority
-GRANT SELECT,INSERT,UPDATE ON authz TO 'sa'@'localhost';
-GRANT SELECT,INSERT,UPDATE,DELETE ON pendingAuthorizations TO 'sa'@'localhost';
-GRANT SELECT(id,Lockcol) ON pendingAuthorizations TO 'sa'@'localhost';
 GRANT SELECT,INSERT ON certificates TO 'sa'@'localhost';
 GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'localhost';
 GRANT SELECT,INSERT ON issuedNames TO 'sa'@'localhost';
@@ -26,7 +23,6 @@ GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'localhost';
 GRANT SELECT,INSERT,UPDATE,DELETE ON challenges TO 'sa'@'localhost';
 GRANT SELECT,INSERT on fqdnSets TO 'sa'@'localhost';
 GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'localhost';
-GRANT SELECT,INSERT ON orderToAuthz TO 'sa'@'localhost';
 GRANT SELECT,INSERT ON requestedNames TO 'sa'@'localhost';
 GRANT SELECT,INSERT,DELETE ON orderFqdnSets TO 'sa'@'localhost';
 GRANT SELECT,INSERT,UPDATE ON authz2 TO 'sa'@'localhost';
@@ -56,8 +52,6 @@ GRANT SELECT ON fqdnSets TO 'mailer'@'localhost';
 GRANT SELECT ON certificates TO 'cert_checker'@'localhost';
 
 -- Expired authorization purger
-GRANT SELECT,DELETE ON pendingAuthorizations TO 'purger'@'localhost';
-GRANT SELECT,DELETE ON authz TO 'purger'@'localhost';
 GRANT SELECT,DELETE ON challenges TO 'purger'@'localhost';
 GRANT SELECT,DELETE ON authz2 TO 'purger'@'localhost';