I know it’s been awhile and you’ve probably found a workaround but just wanted to add my thoughts since I ran into this as well.
The “grant *** on all” statements give you privileges to existing objects so if you have them, you need to run them.
The “grant *** on future” statements give you privileges on all future objects so that also needs to be run. The order shouldn’t matter.
What does matter though, is that when running the future grants, you need to use the role securityadmin. This is because only securityadmin and accountadmin have that privilege.
Read more here: