diff --git a/enginetest/enginetests.go b/enginetest/enginetests.go
index 1c96ff668d..7c2b3ae48c 100644
--- a/enginetest/enginetests.go
+++ b/enginetest/enginetests.go
@@ -1809,6 +1809,10 @@ func TestUserPrivileges(t *testing.T, harness ClientHarness) {
 					}
 				}
 
+				if assertion.Skip {
+					t.Skipf("Skipping query %s", assertion.Query)
+				}
+
 				user := assertion.User
 				host := assertion.Host
 				if user == "" {
diff --git a/enginetest/queries/priv_auth_queries.go b/enginetest/queries/priv_auth_queries.go
index 7a031265a8..02ce12c45b 100644
--- a/enginetest/queries/priv_auth_queries.go
+++ b/enginetest/queries/priv_auth_queries.go
@@ -43,6 +43,7 @@ type UserPrivilegeTestAssertion struct {
 	Expected       []sql.Row
 	ExpectedErr    *errors.Kind
 	ExpectedErrStr string
+	Skip           bool
 }
 
 // QuickPrivilegeTest specifically tests privileges on a predefined user (tester@localhost) using predefined tables and
@@ -418,6 +419,12 @@ var UserPrivTests = []UserPrivilegeTest{
 				Query:       "SELECT * FROM mydb.test;/*1*/",
 				ExpectedErr: sql.ErrDatabaseAccessDeniedForUser,
 			},
+			{
+				User:        "tester",
+				Host:        "localhost",
+				Query:       "WITH cte AS (SELECT * FROM mydb.test) SELECT * FROM cte;/*1*/",
+				ExpectedErr: sql.ErrDatabaseAccessDeniedForUser,
+			},
 			{
 				User:        "tester",
 				Host:        "localhost",
@@ -508,6 +515,13 @@ var UserPrivTests = []UserPrivilegeTest{
 				Query:    "SELECT * FROM mydb.test;/*6*/",
 				Expected: []sql.Row{{1}},
 			},
+			{
+				Skip:     true, // CTEs are seen as different tables than underlying table(s).
+				User:     "tester",
+				Host:     "localhost",
+				Query:    "WITH cte AS (SELECT * FROM mydb.test) SELECT * FROM cte;/*6*/",
+				Expected: []sql.Row{{1}},
+			},
 			{
 				User:        "tester",
 				Host:        "localhost",