diff --git a/pkg/sql/catalog/catprivilege/default_privilege.go b/pkg/sql/catalog/catprivilege/default_privilege.go
index a75ce64c7b0f..cec03ad71a5d 100644
--- a/pkg/sql/catalog/catprivilege/default_privilege.go
+++ b/pkg/sql/catalog/catprivilege/default_privilege.go
@@ -148,7 +148,7 @@ func (d *immutable) CreatePrivilegesFromDefaultPrivileges(
 	// If default privileges are not defined for the creator role, we handle
 	// it as the default case where the user has all privileges.
 	role := descpb.DefaultPrivilegesRole{Role: user}
-	if _, found := d.GetDefaultPrivilegesForRole(role); !found {
+	if defaultPrivilegesForRole, found := d.GetDefaultPrivilegesForRole(role); !found {
 		defaultPrivilegesForCreatorRole := descpb.InitDefaultPrivilegesForRole(role)
 		for _, user := range GetUserPrivilegesForObject(defaultPrivilegesForCreatorRole, targetObject) {
 			newPrivs.Grant(
@@ -156,20 +156,27 @@ func (d *immutable) CreatePrivilegesFromDefaultPrivileges(
 				privilege.ListFromBitField(user.Privileges, targetObject.ToPrivilegeObjectType()),
 			)
 		}
+	} else {
+		for _, user := range GetUserPrivilegesForObject(*defaultPrivilegesForRole, targetObject) {
+			newPrivs.Grant(
+				user.UserProto.Decode(),
+				privilege.ListFromBitField(user.Privileges, targetObject.ToPrivilegeObjectType()),
+			)
+		}
 	}
 
 	// The privileges for the object are the union of the default privileges
 	// defined for the object for the object creator and the default privileges
 	// defined for all roles.
-	_ = d.ForEachDefaultPrivilegeForRole(func(defaultPrivilegesForRole descpb.DefaultPrivilegesForRole) error {
-		for _, user := range GetUserPrivilegesForObject(defaultPrivilegesForRole, targetObject) {
+	defaultPrivilegesForAllRoles, found := d.GetDefaultPrivilegesForRole(descpb.DefaultPrivilegesRole{ForAllRoles: true})
+	if found {
+		for _, user := range GetUserPrivilegesForObject(*defaultPrivilegesForAllRoles, targetObject) {
 			newPrivs.Grant(
 				user.UserProto.Decode(),
 				privilege.ListFromBitField(user.Privileges, targetObject.ToPrivilegeObjectType()),
 			)
 		}
-		return nil
-	})
+	}
 	newPrivs.SetOwner(user)
 	newPrivs.Version = descpb.Version21_2
 
diff --git a/pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_schema b/pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_schema
index 79224be816af..c6bd6ad5ac2d 100644
--- a/pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_schema
+++ b/pkg/sql/logictest/testdata/logic_test/alter_default_privileges_for_schema
@@ -137,3 +137,20 @@ database_name  schema_name  grantee   privilege_type
 d              s5           admin     ALL
 d              s5           root      ALL
 d              s5           testuser  CREATE
+
+statement ok
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO testuser, testuser2
+
+user root
+
+statement ok
+CREATE SCHEMA s_72322
+
+# When root creates the table, testuser and testuser2 should not get privileges.
+query TTTT colnames
+SHOW GRANTS ON SCHEMA s_72322
+----
+database_name  schema_name  grantee   privilege_type
+d              s_72322      admin     ALL
+d              s_72322      root      ALL
+d              s_72322      testuser  CREATE