diff --git a/packages/strapi-plugin-content-manager/config/routes.json b/packages/strapi-plugin-content-manager/config/routes.json
index ca2987c2c4..12bc8e47f6 100644
--- a/packages/strapi-plugin-content-manager/config/routes.json
+++ b/packages/strapi-plugin-content-manager/config/routes.json
@@ -107,8 +107,7 @@
       "config": {
         "policies": [
           "routing",
-          "admin::isAuthenticatedAdmin",
-          ["plugins::content-manager.hasPermissions", ["plugins::content-manager.explorer.read"]]
+          "admin::isAuthenticatedAdmin"
         ]
       }
     },
diff --git a/packages/strapi-plugin-content-manager/controllers/ContentManager.js b/packages/strapi-plugin-content-manager/controllers/ContentManager.js
index 94f80fcba3..93494f21b2 100644
--- a/packages/strapi-plugin-content-manager/controllers/ContentManager.js
+++ b/packages/strapi-plugin-content-manager/controllers/ContentManager.js
@@ -278,13 +278,13 @@ module.exports = {
 
   async findRelationList(ctx) {
     const { model, targetField } = ctx.params;
-    const { query } = ctx.request;
+    const { _component, ...query } = ctx.request.query;
 
     if (!targetField) {
       return ctx.badRequest();
     }
 
-    const modelDef = strapi.db.getModel(model);
+    const modelDef = _component ? strapi.db.getModel(_component) : strapi.db.getModel(model);
 
     if (!modelDef) {
       return ctx.notFound('model.notFound');