diff --git a/fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudReplica.java b/fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudReplica.java
index ff786236cbdfc8..5bf73e448b6bce 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudReplica.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudReplica.java
@@ -214,7 +214,7 @@ private String getCurrentClusterId() throws ComputeGroupException {
                     ((CloudEnv) Env.getCurrentEnv()).checkCloudClusterPriv(cluster);
                 } catch (Exception e) {
                     LOG.warn("get compute group by session context exception");
-                    throw new ComputeGroupException(String.format("default compute group %s check auth failed",
+                    throw new ComputeGroupException(String.format("session context compute group %s check auth failed",
                             cluster),
                         ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP);
                 }
diff --git a/fe/fe-core/src/main/java/org/apache/doris/cloud/qe/ComputeGroupException.java b/fe/fe-core/src/main/java/org/apache/doris/cloud/qe/ComputeGroupException.java
index 3260619c16978a..cdc7a1307f7b99 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/cloud/qe/ComputeGroupException.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/cloud/qe/ComputeGroupException.java
@@ -34,6 +34,7 @@ public enum FailedTypeEnum {
         CONNECT_CONTEXT_NOT_SET_COMPUTE_GROUP,
         CURRENT_USER_NO_AUTH_TO_USE_ANY_COMPUTE_GROUP,
         CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP,
+        CURRENT_USER_NO_AUTH_TO_USE_COMPUTE_GROUP,
         CURRENT_COMPUTE_GROUP_NO_BE,
         COMPUTE_GROUPS_NO_ALIVE_BE,
         CURRENT_COMPUTE_GROUP_NOT_EXIST,
@@ -59,6 +60,8 @@ public enum FailedTypeEnum {
         helpInfos.put(FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_ANY_COMPUTE_GROUP, " contact the system administrator "
                 + "and request that they grant you the appropriate compute group permissions, "
                 + "use SQL `GRANT USAGE_PRIV ON COMPUTE GROUP {compute_group_name} TO {user}`");
+        helpInfos.put(FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_COMPUTE_GROUP,
+                "use SQL `GRANT USAGE_PRIV ON COMPUTE GROUP {compute_group_name} TO {user}`");
         helpInfos.put(FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP,
                 " contact the system administrator "
                 + "and request that they grant you the default compute group permissions, "
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java
index 176e0f25801043..aa952cddb9d6e5 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java
@@ -17,8 +17,11 @@
 
 package org.apache.doris.mysql.privilege;
 
+import org.apache.doris.analysis.ResourceTypeEnum;
 import org.apache.doris.analysis.SetUserPropertyVar;
+import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.Env;
+import org.apache.doris.cloud.qe.ComputeGroupException;
 import org.apache.doris.cluster.ClusterNamespace;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.Config;
@@ -257,23 +260,9 @@ public void update(List<Pair<String, String>> properties, boolean isReplay) thro
 
                 newDefaultLoadCluster = value;
             }  else if (keyArr[0].equalsIgnoreCase(DEFAULT_CLOUD_CLUSTER)) {
-                // set property "DEFAULT_CLOUD_CLUSTER" = "cluster1"
-                if (keyArr.length != 1) {
-                    throw new DdlException(DEFAULT_CLOUD_CLUSTER + " format error");
-                }
-                if (value == null) {
-                    value = "";
-                }
-                newDefaultCloudCluster = value;
+                newDefaultCloudCluster = checkCloudDefaultCluster(keyArr, value, DEFAULT_CLOUD_CLUSTER);
             } else if (keyArr[0].equalsIgnoreCase(DEFAULT_COMPUTE_GROUP)) {
-                // set property "DEFAULT_CLOUD_CLUSTER" = "cluster1"
-                if (keyArr.length != 1) {
-                    throw new DdlException(DEFAULT_COMPUTE_GROUP + " format error");
-                }
-                if (value == null) {
-                    value = "";
-                }
-                newDefaultCloudCluster = value;
+                newDefaultCloudCluster = checkCloudDefaultCluster(keyArr, value, DEFAULT_COMPUTE_GROUP);
             } else if (keyArr[0].equalsIgnoreCase(PROP_MAX_QUERY_INSTANCES)) {
                 // set property "max_query_instances" = "1000"
                 if (keyArr.length != 1) {
@@ -401,6 +390,25 @@ public void update(List<Pair<String, String>> properties, boolean isReplay) thro
         defaultCloudCluster = newDefaultCloudCluster;
     }
 
+    private String checkCloudDefaultCluster(String[] keyArr, String value, String defaultComputeGroup)
+            throws ComputeGroupException, DdlException {
+        // check cluster auth
+        if (!Env.getCurrentEnv().getAuth().checkCloudPriv(UserIdentity.fromString(qualifiedUser),
+                value, PrivPredicate.USAGE, ResourceTypeEnum.CLUSTER)) {
+            throw new ComputeGroupException(String.format("set default compute group failed, "
+                + "user {} must first have auth to use this compute group ", value),
+                ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_COMPUTE_GROUP);
+        }
+        // set property "DEFAULT_CLOUD_CLUSTER" = "cluster1"
+        if (keyArr.length != 1) {
+            throw new DdlException(defaultComputeGroup + " format error");
+        }
+        if (value == null) {
+            value = "";
+        }
+        return value;
+    }
+
     private long getLongProperty(String key, String value, String[] keyArr, String propName) throws DdlException {
         // eg: set property "load_mem_limit" = "2147483648";
         if (keyArr.length != 1) {
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectContext.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectContext.java
index 2493b8e6203476..248f06bf1a61eb 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectContext.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectContext.java
@@ -1272,11 +1272,6 @@ public String getCloudCluster(boolean updateErr) throws ComputeGroupException {
         if (!Strings.isNullOrEmpty(defaultCluster)) {
             cluster = defaultCluster;
             choseWay = "default compute group";
-            if (!Env.getCurrentEnv().getAuth().checkCloudPriv(getCurrentUserIdentity(),
-                    cluster, PrivPredicate.USAGE, ResourceTypeEnum.CLUSTER)) {
-                throw new ComputeGroupException(String.format("default compute group %s check auth failed", cluster),
-                    ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP);
-            }
         } else {
             CloudClusterResult cloudClusterTypeAndName = getCloudClusterByPolicy();
             if (cloudClusterTypeAndName != null && !Strings.isNullOrEmpty(cloudClusterTypeAndName.clusterName)) {