diff --git a/composer.json b/composer.json
index b00cba01..68030980 100644
--- a/composer.json
+++ b/composer.json
@@ -46,7 +46,7 @@
         "pixelfear/composer-dist-plugin": "^0.1.5",
         "spatie/error-solutions": "^1.0 || ^2.0",
         "spatie/invade": "^2.1",
-        "statamic/cms": "^6.17",
+        "statamic/cms": "^6.20",
         "stillat/proteus": "^4.2.1"
     },
     "require-dev": {
diff --git a/src/Fieldtypes/BaseFieldtype.php b/src/Fieldtypes/BaseFieldtype.php
index 4ec0b3da..a3571ed9 100644
--- a/src/Fieldtypes/BaseFieldtype.php
+++ b/src/Fieldtypes/BaseFieldtype.php
@@ -13,6 +13,7 @@
 use Statamic\Facades\Blink;
 use Statamic\Facades\Scope;
 use Statamic\Facades\Search;
+use Statamic\Facades\User;
 use Statamic\Fieldtypes\Relationship;
 use Statamic\Http\Requests\FilteredRequest;
 use Statamic\Query\OrderBy;
@@ -187,6 +188,10 @@ public function process($data)
 
     public function getIndexItems($request)
     {
+        if (! User::current()?->can('view', $this->resource())) {
+            return collect();
+        }
+
         $query = $this->getIndexQuery($request);
 
         $this->applyOrderingToIndexQuery($query, $request);
@@ -383,6 +388,11 @@ protected function getColumns()
             ->values();
     }
 
+    protected function authorizeItemData($id): bool
+    {
+        return (bool) User::current()?->can('view', $this->resource());
+    }
+
     protected function toItemArray($id)
     {
         $resource = Runway::findResource($this->config('resource'));
diff --git a/tests/Fieldtypes/BelongsToFieldtypeTest.php b/tests/Fieldtypes/BelongsToFieldtypeTest.php
index 982f4a34..1900463a 100644
--- a/tests/Fieldtypes/BelongsToFieldtypeTest.php
+++ b/tests/Fieldtypes/BelongsToFieldtypeTest.php
@@ -8,6 +8,7 @@
 use Illuminate\Support\Facades\Config;
 use PHPUnit\Framework\Attributes\Test;
 use Statamic\Facades\Blink;
+use Statamic\Facades\User;
 use Statamic\Fields\Field;
 use Statamic\Http\Requests\FilteredRequest;
 use StatamicRadPack\Runway\Fieldtypes\BelongsToFieldtype;
@@ -26,6 +27,8 @@ protected function setUp(): void
     {
         parent::setUp();
 
+        $this->actingAs(User::make()->makeSuper()->save());
+
         $this->fieldtype = tap(new BelongsToFieldtype)
             ->setField(new Field('author', [
                 'max_items' => 1,
diff --git a/tests/Fieldtypes/HasManyFieldtypeTest.php b/tests/Fieldtypes/HasManyFieldtypeTest.php
index 3e0ccf70..fb0cd876 100644
--- a/tests/Fieldtypes/HasManyFieldtypeTest.php
+++ b/tests/Fieldtypes/HasManyFieldtypeTest.php
@@ -10,6 +10,7 @@
 use PHPUnit\Framework\Attributes\Test;
 use Statamic\Facades\Blink;
 use Statamic\Facades\Entry;
+use Statamic\Facades\User;
 use Statamic\Fields\Field;
 use Statamic\Http\Requests\FilteredRequest;
 use Statamic\Testing\Concerns\PreventsSavingStacheItemsToDisk;
@@ -29,6 +30,8 @@ protected function setUp(): void
     {
         parent::setUp();
 
+        $this->actingAs(User::make()->makeSuper()->save());
+
         $this->fieldtype = tap(new HasManyFieldtype)
             ->setField(new Field('posts', [
                 'mode' => 'stack',