diff --git a/packages/plugins/users-permissions/server/strategies/users-permissions.js b/packages/plugins/users-permissions/server/strategies/users-permissions.js
index 409b84ae21..88b556fce9 100644
--- a/packages/plugins/users-permissions/server/strategies/users-permissions.js
+++ b/packages/plugins/users-permissions/server/strategies/users-permissions.js
@@ -84,7 +84,8 @@ const verify = async (auth, config) => {
       where: { role: user ? user.role.id : { type: 'public' } },
     });
 
-    allowedActions = auth.allowedActions = map('action', permissions);
+    allowedActions = map('action', permissions);
+    auth.allowedActions = allowedActions;
   }
 
   const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));