diff --git a/executor/simple.go b/executor/simple.go
index b3d9fc2f5b62e..d77d54c1f568e 100644
--- a/executor/simple.go
+++ b/executor/simple.go
@@ -251,7 +251,12 @@ func (e *SimpleExec) setDefaultRoleAll(s *ast.SetDefaultRoleStmt) error {
 			return ErrCannotUser.GenWithStackByArgs("SET DEFAULT ROLE", user.String())
 		}
 	}
-	sqlExecutor := e.ctx.(sqlexec.SQLExecutor)
+	restrictedCtx, err := e.getSysSession()
+	if err != nil {
+		return err
+	}
+	defer e.releaseSysSession(restrictedCtx)
+	sqlExecutor := restrictedCtx.(sqlexec.SQLExecutor)
 	if _, err := sqlExecutor.Execute(context.Background(), "begin"); err != nil {
 		return err
 	}
diff --git a/executor/simple_test.go b/executor/simple_test.go
index 81150aa317d46..b80c4f44a68b2 100644
--- a/executor/simple_test.go
+++ b/executor/simple_test.go
@@ -302,7 +302,24 @@ func (s *testSuite3) TestDefaultRole(c *C) {
 	tk.MustExec(dropRoleSQL)
 }
 
+<<<<<<< HEAD
 func (s *testSuite3) TestUser(c *C) {
+=======
+func (s *testSuite7) TestSetDefaultRoleAll(c *C) {
+	tk := testkit.NewTestKit(c, s.store)
+	tk.MustExec("create user test_all;")
+	se, err := session.CreateSession4Test(s.store)
+	c.Check(err, IsNil)
+	defer se.Close()
+	c.Assert(se.Auth(&auth.UserIdentity{Username: "test_all", Hostname: "localhost"}, nil, nil), IsTrue)
+
+	ctx := context.Background()
+	_, err = se.Execute(ctx, "set default role all to test_all;")
+	c.Assert(err, IsNil)
+}
+
+func (s *testSuite7) TestUser(c *C) {
+>>>>>>> 20b555c... privilege: use internal session to run `SET DEFAULT ROL ALL` (#15525)
 	tk := testkit.NewTestKit(c, s.store)
 	// Make sure user test not in mysql.User.
 	result := tk.MustQuery(`SELECT Password FROM mysql.User WHERE User="test" and Host="localhost"`)