diff --git a/taiga/users/api.py b/taiga/users/api.py
index e342a34c..89fd9429 100644
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@@ -54,8 +54,7 @@ class MembersFilterBackend(BaseFilterBackend):
                 return queryset.filter(Q(memberships__project=project) | Q(id=project.owner.id)).distinct()
             else:
                 raise exc.PermissionDenied(_("You don't have permisions to see this project users."))
-        else:
-            return queryset
+        return []
 
 
 class UsersViewSet(ModelCrudViewSet):
diff --git a/taiga/users/permissions.py b/taiga/users/permissions.py
index 2c3c8c9c..c067fa19 100644
--- a/taiga/users/permissions.py
+++ b/taiga/users/permissions.py
@@ -27,7 +27,7 @@ class IsTheSameUser(PermissionComponent):
 class UserPermission(TaigaResourcePermission):
     enought_perms = IsSuperUser()
     global_perms = None
-    retrieve_perms = AllowAny()
+    retrieve_perms = IsTheSameUser()
     update_perms = IsTheSameUser()
     destroy_perms = IsTheSameUser()
     list_perms = AllowAny()