diff --git a/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php b/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
index 3154e5af4e65dc1f964fa9eb33ce60cfa20d6a5e..65648ba40b04ec0a316e3b6ce16c305bd7aa0bf2 100644
--- a/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
+++ b/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
@@ -47,14 +47,14 @@ class CategoryPermissionsAspect
     }
 
     /**
-     * The slot for the signal in DatabaseTreeDataProvider.
+     * The slot for the signal in DatabaseTreeDataProvider, which only affects the TYPO3 Backend
      *
      * @param DatabaseTreeDataProvider $dataProvider
      * @param TreeNode $treeData
      */
     public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData)
     {
-        if (!$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
+        if ((TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE) && !$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
 
             // Get User permissions related to category
             $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints();
diff --git a/typo3/sysext/backend/ext_localconf.php b/typo3/sysext/backend/ext_localconf.php
index 106bc7889acfe0bd2d71fb4e32c47b5d508d9c33..65af364af005d31e38cfb9bc9e1512a1cfac723a 100644
--- a/typo3/sysext/backend/ext_localconf.php
+++ b/typo3/sysext/backend/ext_localconf.php
@@ -1,14 +1,15 @@
 <?php
 defined('TYPO3_MODE') or die();
 
-if (TYPO3_MODE === 'BE') {
-    \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class)->connect(
-        \TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider::class,
-        \TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider::SIGNAL_PostProcessTreeData,
-        \TYPO3\CMS\Backend\Security\CategoryPermissionsAspect::class,
-        'addUserPermissionsToCategoryTreeData'
-    );
+// sys_category tree check, which only affects Backend Users
+\TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class)->connect(
+    \TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider::class,
+    \TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider::SIGNAL_PostProcessTreeData,
+    \TYPO3\CMS\Backend\Security\CategoryPermissionsAspect::class,
+    'addUserPermissionsToCategoryTreeData'
+);
 
+if (TYPO3_MODE === 'BE') {
     $GLOBALS['TYPO3_CONF_VARS']['BE']['toolbarItems'][1435433106] = \TYPO3\CMS\Backend\Backend\ToolbarItems\ClearCacheToolbarItem::class;
     $GLOBALS['TYPO3_CONF_VARS']['BE']['toolbarItems'][1435433107] = \TYPO3\CMS\Backend\Backend\ToolbarItems\HelpToolbarItem::class;
     $GLOBALS['TYPO3_CONF_VARS']['BE']['toolbarItems'][1435433108] = \TYPO3\CMS\Backend\Backend\ToolbarItems\LiveSearchToolbarItem::class;
diff --git a/typo3/sysext/core/Classes/Resource/Security/StoragePermissionsAspect.php b/typo3/sysext/core/Classes/Resource/Security/StoragePermissionsAspect.php
index d67db114a393ec35e488338d916c7d61557fc558..8d7a5d78ee02714b2c1c41026ea791199c99f6c6 100644
--- a/typo3/sysext/core/Classes/Resource/Security/StoragePermissionsAspect.php
+++ b/typo3/sysext/core/Classes/Resource/Security/StoragePermissionsAspect.php
@@ -60,7 +60,7 @@ class StoragePermissionsAspect
      */
     public function addUserPermissionsToStorage(ResourceFactory $resourceFactory, ResourceStorage $storage)
     {
-        if (!$this->backendUserAuthentication->isAdmin()) {
+        if ((TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE) && !$this->backendUserAuthentication->isAdmin()) {
             $storage->setEvaluatePermissions(true);
             if ($storage->getUid() > 0) {
                 $storage->setUserPermissions($this->backendUserAuthentication->getFilePermissionsForStorage($storage));
diff --git a/typo3/sysext/core/ext_localconf.php b/typo3/sysext/core/ext_localconf.php
index 5643778bef09121822734dae24969f3af2c0c6c5..bd929ad9201419119392c4c05e8379b2422af0df 100644
--- a/typo3/sysext/core/ext_localconf.php
+++ b/typo3/sysext/core/ext_localconf.php
@@ -5,14 +5,15 @@ defined('TYPO3_MODE') or die();
 /** @var \TYPO3\CMS\Extbase\SignalSlot\Dispatcher $signalSlotDispatcher */
 $signalSlotDispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
 
+// FAL security checks for backend users
+$signalSlotDispatcher->connect(
+    \TYPO3\CMS\Core\Resource\ResourceFactory::class,
+    \TYPO3\CMS\Core\Resource\ResourceFactoryInterface::SIGNAL_PostProcessStorage,
+    \TYPO3\CMS\Core\Resource\Security\StoragePermissionsAspect::class,
+    'addUserPermissionsToStorage'
+);
+
 if (TYPO3_MODE === 'BE' && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL)) {
-    // FAL SECURITY CHECKS
-    $signalSlotDispatcher->connect(
-        \TYPO3\CMS\Core\Resource\ResourceFactory::class,
-        \TYPO3\CMS\Core\Resource\ResourceFactoryInterface::SIGNAL_PostProcessStorage,
-        \TYPO3\CMS\Core\Resource\Security\StoragePermissionsAspect::class,
-        'addUserPermissionsToStorage'
-    );
     $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = \TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::class;
     $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = \TYPO3\CMS\Core\Hooks\BackendUserGroupIntegrityCheck::class;
     $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'][] = \TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::class . '->isAllowedToShowEditForm';