diff --git a/mysql-test/suite/sql_sequence/grant.result b/mysql-test/suite/sql_sequence/grant.result
index fc3421efcb6..d631772c740 100644
--- a/mysql-test/suite/sql_sequence/grant.result
+++ b/mysql-test/suite/sql_sequence/grant.result
@@ -97,6 +97,19 @@ ERROR 42000: SELECT, INSERT command denied to user 'u'@'localhost' for table `my
 disconnect con1;
 connection default;
 drop user u;
+create user u_alter;
+create table t1 (id int);
+grant alter on t1 to u_alter;
+connect con_alter,localhost,u_alter,,mysqltest_1;
+alter table t1 modify id int default nextval(s1);
+ERROR 42000: SELECT, INSERT command denied to user 'u_alter'@'localhost' for table `mysqltest_1`.`s1`
+connection default;
+grant insert, select on s1 to u_alter;
+connection con_alter;
+alter table t1 modify id int default nextval(s1);
+disconnect con_alter;
+connection default;
+drop user u_alter;
 drop database mysqltest_1;
 #
 # End of 10.11 tests
diff --git a/mysql-test/suite/sql_sequence/grant.test b/mysql-test/suite/sql_sequence/grant.test
index c205bd34223..8c56de16525 100644
--- a/mysql-test/suite/sql_sequence/grant.test
+++ b/mysql-test/suite/sql_sequence/grant.test
@@ -106,6 +106,22 @@ create table t1 (a int not null default(nextval(s1)),
 --connection default
 drop user u;
 
+# ALTER for table with DEFAULT NEXTVAL(seq) column needs INSERT/SELECT on seq
+# just like CREATE does in the example above
+create user u_alter;
+create table t1 (id int);
+grant alter on t1 to u_alter;
+--connect(con_alter,localhost,u_alter,,mysqltest_1)
+--error ER_TABLEACCESS_DENIED_ERROR
+alter table t1 modify id int default nextval(s1);
+--connection default
+grant insert, select on s1 to u_alter;
+--connection con_alter
+alter table t1 modify id int default nextval(s1);
+--disconnect con_alter
+--connection default
+drop user u_alter;
+
 #
 # Cleanup
 #
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index b61f18c41cc..422ea6b008b 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8347,9 +8347,17 @@ bool check_grant(THD *thd, privilege_t want_access, TABLE_LIST *tables,
       Direct SELECT of a sequence table doesn't set t_ref->sequence, so
       privileges will be checked normally, as for any table.
     */
-    if (t_ref->sequence &&
-        !(want_access & ~(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL)))
-      continue;
+    if (t_ref->sequence)
+    {
+      if (!(want_access & ~(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL)))
+        continue;
+      /*
+        If it is ALTER..SET DEFAULT= nextval(sequence), also defer checks
+        until ::fix_fields().
+      */
+      if (tl != tables && want_access == ALTER_ACL)
+        continue;
+    }
 
     const ACL_internal_table_access *access=
       get_cached_table_access(&t_ref->grant.m_internal,