diff --git a/go/vt/vttablet/tabletserver/planbuilder/permission.go b/go/vt/vttablet/tabletserver/planbuilder/permission.go
index 79b2f9eb430..dbc6cfccdad 100644
--- a/go/vt/vttablet/tabletserver/planbuilder/permission.go
+++ b/go/vt/vttablet/tabletserver/planbuilder/permission.go
@@ -36,7 +36,13 @@ func BuildPermissions(stmt sqlparser.Statement) []Permission {
 	var permissions []Permission
 	// All Statement types myst be covered here.
 	switch node := stmt.(type) {
-	case *sqlparser.Union, *sqlparser.Select:
+	case *sqlparser.Select:
+		role := tableacl.READER
+		if _, ok := node.SelectExprs[0].(*sqlparser.Nextval); ok {
+			role = tableacl.WRITER
+		}
+		permissions = buildSubqueryPermissions(node, role, permissions)
+	case *sqlparser.Union:
 		permissions = buildSubqueryPermissions(node, tableacl.READER, permissions)
 	case *sqlparser.Insert:
 		permissions = buildTableExprPermissions(node.Table, tableacl.WRITER, permissions)
diff --git a/go/vt/vttablet/tabletserver/planbuilder/permission_test.go b/go/vt/vttablet/tabletserver/planbuilder/permission_test.go
index 6d42118cb0b..0ece6ed19b2 100644
--- a/go/vt/vttablet/tabletserver/planbuilder/permission_test.go
+++ b/go/vt/vttablet/tabletserver/planbuilder/permission_test.go
@@ -174,6 +174,12 @@ func TestBuildPermissions(t *testing.T) {
 		}, {
 			TableName: "t1", // derived table in update or delete needs reader permission as they cannot be modified.
 		}},
+	}, {
+		input: "select next 10 values from seq",
+		output: []Permission{{
+			TableName: "seq",
+			Role:      tableacl.WRITER,
+		}},
 	}}
 
 	for _, tcase := range tcases {
diff --git a/go/vt/vttablet/tabletserver/planbuilder/testdata/exec_cases.txt b/go/vt/vttablet/tabletserver/planbuilder/testdata/exec_cases.txt
index 977b3822050..cafbe43231d 100644
--- a/go/vt/vttablet/tabletserver/planbuilder/testdata/exec_cases.txt
+++ b/go/vt/vttablet/tabletserver/planbuilder/testdata/exec_cases.txt
@@ -140,7 +140,7 @@
   "Permissions": [
     {
       "TableName": "seq",
-      "Role": 0
+      "Role": 1
     }
   ],
   "NextCount": "1"
@@ -154,7 +154,7 @@
   "Permissions": [
     {
       "TableName": "seq",
-      "Role": 0
+      "Role": 1
     }
   ],
   "NextCount": "10"
@@ -169,7 +169,7 @@
   "Permissions": [
     {
       "TableName": "seq",
-      "Role": 0
+      "Role": 1
     }
   ],
   "NextCount": ":a"
@@ -183,7 +183,7 @@
   "Permissions": [
     {
       "TableName": "seq",
-      "Role": 0
+      "Role": 1
     }
   ],
   "NextCount": "12345667852342342342323423423"