diff --git a/src/query/interpreter.cpp b/src/query/interpreter.cpp
index 66d572f49..4135aa1a9 100644
--- a/src/query/interpreter.cpp
+++ b/src/query/interpreter.cpp
@@ -1023,7 +1023,14 @@ PullPlan::PullPlan(const std::shared_ptr<CachedPlan> plan, const Parameters &par
   ctx_.evaluation_context.labels = NamesToLabels(plan->ast_storage().labels_, dba);
 #ifdef MG_ENTERPRISE
   if (license::global_license_checker.IsEnterpriseValidFast() && username.has_value() && dba) {
-    ctx_.auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username, dba);
+    auto auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username, dba);
+
+    // if the user has global privileges to read, edit and write anything, we don't need to perform authorization
+    // otherwise, we do assign the auth checker to check for label access control
+    if (!auth_checker->HasGlobalPrivilegeOnVertices(AuthQuery::FineGrainedPrivilege::CREATE_DELETE) ||
+        !auth_checker->HasGlobalPrivilegeOnEdges(AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+      ctx_.auth_checker = std::move(auth_checker);
+    }
   }
 #endif
   if (interpreter_context->config.execution_timeout_sec > 0) {