diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/rules/analysis/UserAuthentication.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/rules/analysis/UserAuthentication.java
index 360131f2c4..df94a051af 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/nereids/rules/analysis/UserAuthentication.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/rules/analysis/UserAuthentication.java
@@ -17,13 +17,19 @@
 
 package org.apache.doris.nereids.rules.analysis;
 
+import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.DatabaseIf;
 import org.apache.doris.catalog.TableIf;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.UserException;
 import org.apache.doris.datasource.CatalogIf;
+import org.apache.doris.mysql.privilege.AccessControllerManager;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.qe.ConnectContext;
 
+import org.apache.commons.collections.CollectionUtils;
+
 import java.util.Set;
 
 /**
@@ -52,7 +58,15 @@ public class UserAuthentication {
             return;
         }
         String ctlName = catalog.getName();
-        connectContext.getEnv().getAccessManager().checkColumnsPriv(
-                connectContext.getCurrentUserIdentity(), ctlName, dbName, tableName, columns, PrivPredicate.SELECT);
+        AccessControllerManager accessManager = connectContext.getEnv().getAccessManager();
+        UserIdentity userIdentity = connectContext.getCurrentUserIdentity();
+        if (CollectionUtils.isEmpty(columns)) {
+            if (!accessManager.checkTblPriv(userIdentity, ctlName, dbName, tableName, PrivPredicate.SELECT)) {
+                ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
+                        PrivPredicate.SELECT.getPrivs().toString(), tableName);
+            }
+        } else {
+            accessManager.checkColumnsPriv(userIdentity, ctlName, dbName, tableName, columns, PrivPredicate.SELECT);
+        }
     }
 }
diff --git a/regression-test/suites/account_p0/test_nereids_authentication.groovy b/regression-test/suites/account_p0/test_nereids_authentication.groovy
index a3f99ae02f..d26c36c648 100644
--- a/regression-test/suites/account_p0/test_nereids_authentication.groovy
+++ b/regression-test/suites/account_p0/test_nereids_authentication.groovy
@@ -59,6 +59,13 @@ suite("test_nereids_authentication", "query") {
         }
     }
 
+    connect(user=user, password='Doris_123456', url=url) {
+        test {
+            sql "SELECT count(*) FROM ${tableName2}"
+            exception "denied"
+        }
+    }
+
     connect(user=user, password='Doris_123456', url=url) {
         test {
             sql "SELECT * FROM ${tableName1}, ${tableName2} WHERE ${tableName1}.`key` = ${tableName2}.`key`"
@@ -71,6 +78,9 @@ suite("test_nereids_authentication", "query") {
         sql "SELECT * FROM ${tableName2}"
     }
     assertEquals(result.size(), 0)
+    connect(user=user, password='Doris_123456', url=url) {
+        sql "SELECT count(*) FROM ${tableName2}"
+    }
     connect(user=user, password='Doris_123456', url=url) {
         sql "SELECT * FROM ${tableName1}, ${tableName2} WHERE ${tableName1}.`key` = ${tableName2}.`key`"
     }