diff --git a/weed/admin/dash/group_management.go b/weed/admin/dash/group_management.go
index a06973faa..c95fe16f1 100644
--- a/weed/admin/dash/group_management.go
+++ b/weed/admin/dash/group_management.go
@@ -207,7 +207,7 @@ func (s *AdminServer) DetachGroupPolicy(ctx context.Context, groupName, policyNa
 		}
 	}
 	if !found {
-		return fmt.Errorf("policy %s is not attached to group %s", policyName, groupName)
+		return fmt.Errorf("policy %s is not attached to group %s: %w", policyName, groupName, credential.ErrPolicyNotAttached)
 	}
 	g.PolicyNames = newPolicies
 	if err := s.credentialManager.UpdateGroup(ctx, g); err != nil {
diff --git a/weed/admin/handlers/group_handlers.go b/weed/admin/handlers/group_handlers.go
index 0539352d2..d6dccd613 100644
--- a/weed/admin/handlers/group_handlers.go
+++ b/weed/admin/handlers/group_handlers.go
@@ -24,6 +24,9 @@ func groupErrorToHTTPStatus(err error) int {
 	if errors.Is(err, credential.ErrUserNotInGroup) {
 		return http.StatusBadRequest
 	}
+	if errors.Is(err, credential.ErrPolicyNotAttached) {
+		return http.StatusBadRequest
+	}
 	return http.StatusInternalServerError
 }