diff --git a/packages/strapi-plugin-content-manager/controllers/ContentManager.js b/packages/strapi-plugin-content-manager/controllers/ContentManager.js
index e070f9791e..d28e7becbf 100644
--- a/packages/strapi-plugin-content-manager/controllers/ContentManager.js
+++ b/packages/strapi-plugin-content-manager/controllers/ContentManager.js
@@ -84,7 +84,19 @@ module.exports = {
     const method = _.has(request.query, '_q') ? 'search' : 'fetchAll';
     const query = pm.queryFrom(request.query);
 
-    const results = await contentManagerService[method](model, query);
+    const { kind } = strapi.getModel(model);
+
+    let results;
+
+    if (kind === 'singleType') {
+      // fetchAll for a singleType only return on entity
+      const results = await contentManagerService.fetchAll(model, query);
+      if (results && pm.ability.cannot(pm.action, pm.toSubject(results))) {
+        return ctx.forbidden();
+      }
+    }
+
+    results = await contentManagerService[method](model, query);
 
     if (!results) {
       return ctx.notFound();
diff --git a/packages/strapi-plugin-content-manager/services/ContentManager.js b/packages/strapi-plugin-content-manager/services/ContentManager.js
index c8a4b89d57..32e5c02714 100644
--- a/packages/strapi-plugin-content-manager/services/ContentManager.js
+++ b/packages/strapi-plugin-content-manager/services/ContentManager.js
@@ -51,7 +51,7 @@ module.exports = {
 
   delete(model, id, query) {
     return strapi.entityService.delete(
-      { params: { ...query, _where: _.concat({ id }, query._where) } },
+      { params: { ...query, _where: _.concat({ id }, query._where || {}) } },
       { model }
     );
   },
@@ -64,7 +64,7 @@ module.exports = {
         params: {
           _limit: 100,
           ...query,
-          _where: _.concat({ [`${primaryKey}_in`]: ids }, query._where),
+          _where: _.concat({ [`${primaryKey}_in`]: ids }, query._where || {}),
         },
       },
       { model }