diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java
index 2815f2a30b1c75..aa5c69c29accac 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java
@@ -18,10 +18,12 @@
 package org.apache.doris.analysis;
 
 import org.apache.doris.catalog.Env;
+import org.apache.doris.cluster.ClusterNamespace;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
 import org.apache.doris.common.UserException;
+import org.apache.doris.mysql.privilege.Auth;
 import org.apache.doris.mysql.privilege.PasswordPolicy.FailedLoginPolicy;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.qe.ConnectContext;
@@ -133,6 +135,12 @@ public void analyze(Analyzer analyzer) throws UserException {
             throw new AnalysisException("Only support doing one type of operation at one time");
         }
 
+        if (userDesc.getUserIdent().getQualifiedUser().equals(Auth.ROOT_USER)
+                && !ClusterNamespace.getNameFromFullName(ConnectContext.get().getQualifiedUser())
+                .equals(Auth.ROOT_USER)) {
+            throw new AnalysisException("Only root user can modify root user");
+        }
+
         if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
             ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "GRANT");
         }
diff --git a/regression-test/suites/account_p0/test_root_user.groovy b/regression-test/suites/account_p0/test_root_user.groovy
new file mode 100644
index 00000000000000..7296120a8b8734
--- /dev/null
+++ b/regression-test/suites/account_p0/test_root_user.groovy
@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import org.junit.Assert;
+
+suite("test_root_user", "account") {
+    String suiteName = "test_root_user"
+    String user = "${suiteName}_user"
+    String pwd = 'C123_567p'
+
+    try_sql("DROP USER ${user}")
+     sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
+    sql """GRANT ADMIN_PRIV ON *.*.* TO ${user}"""
+    connect(user, "${pwd}", context.config.jdbcUrl) {
+         test {
+              sql """
+                  alter user root identified by '123456';
+              """
+              exception "root"
+        }
+
+        test {
+              sql """
+                  set password for 'root' = password('123456');
+              """
+              exception "root"
+            }
+    }
+
+}
+