diff --git a/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql b/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql
new file mode 100644
index 000000000..ca5dc1cd1
--- /dev/null
+++ b/src/backend/columnar/sql/columnar--10.0-1--10.0-2.sql
@@ -0,0 +1,5 @@
+/* columnar--10.0-1--10.0-2.sql */
+
+-- grant read access for columnar metadata tables to unprivileged user
+GRANT USAGE ON SCHEMA columnar TO PUBLIC;
+GRANT SELECT ON ALL tables IN SCHEMA columnar TO PUBLIC ;
diff --git a/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql b/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql
new file mode 100644
index 000000000..e82d21f79
--- /dev/null
+++ b/src/backend/columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql
@@ -0,0 +1,5 @@
+/* columnar--10.0-2--10.0-1.sql */
+
+-- revoke read access for columnar metadata tables from unprivileged user
+REVOKE USAGE ON SCHEMA columnar FROM PUBLIC;
+REVOKE SELECT ON ALL tables IN SCHEMA columnar FROM PUBLIC;
diff --git a/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
index de58cdebc..813591cd3 100644
--- a/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
+++ b/src/backend/distributed/sql/citus--10.0-1--10.0-2.sql
@@ -1 +1,3 @@
 -- citus--10.0-1--10.0-2
+
+#include "../../columnar/sql/columnar--10.0-1--10.0-2.sql"
diff --git a/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
index 711c46691..c418000fd 100644
--- a/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
+++ b/src/backend/distributed/sql/downgrades/citus--10.0-2--10.0-1.sql
@@ -1 +1,2 @@
 /* citus--10.0-2--10.0-1.sql */
+#include "../../../columnar/sql/downgrades/columnar--10.0-2--10.0-1.sql"
diff --git a/src/test/regress/expected/multi_multiuser.out b/src/test/regress/expected/multi_multiuser.out
index a0480d8a0..32c14b06f 100644
--- a/src/test/regress/expected/multi_multiuser.out
+++ b/src/test/regress/expected/multi_multiuser.out
@@ -256,6 +256,37 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ERROR:  permission denied for table test
 ABORT;
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+ storage_id | stripe_num | file_offset | data_length | column_count | chunk_row_count | row_count | chunk_group_count
+---------------------------------------------------------------------
+(0 rows)
+
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+ERROR:  permission denied for table stripe
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
+ERROR:  must be owner of table chunk
 -- check no permission
 SET ROLE no_access;
 EXECUTE prepare_insert(1);
diff --git a/src/test/regress/sql/multi_multiuser.sql b/src/test/regress/sql/multi_multiuser.sql
index b88fadb03..576728e91 100644
--- a/src/test/regress/sql/multi_multiuser.sql
+++ b/src/test/regress/sql/multi_multiuser.sql
@@ -155,6 +155,34 @@ SELECT lock_relation_if_exists('test', 'ACCESS SHARE');
 SELECT lock_relation_if_exists('test', 'EXCLUSIVE');
 ABORT;
 
+-- test creating columnar tables and accessing to columnar metadata tables via unprivileged user
+
+-- all below 5 commands should throw no permission errors
+-- read columnar metadata table
+SELECT * FROM columnar.stripe;
+-- alter a columnar setting
+SET columnar.chunk_group_row_limit = 1050;
+
+DO $proc$
+BEGIN
+IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
+  EXECUTE $$
+    -- create columnar table
+    CREATE TABLE columnar_table (a int) USING columnar;
+    -- alter a columnar table that is created by that unprivileged user
+    SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 100);
+    -- and drop it
+    DROP TABLE columnar_table;
+  $$;
+END IF;
+END$proc$;
+
+-- cannot modify columnar metadata table as unprivileged user
+INSERT INTO columnar.stripe VALUES(99);
+-- Cannot drop columnar metadata table as unprivileged user.
+-- Privileged user also cannot drop but with a different error message.
+-- (since citus extension has a dependency to it)
+DROP TABLE columnar.chunk;
 
 -- check no permission
 SET ROLE no_access;