diff --git a/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php b/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
index 43f5a7d6a4ea792c54c43dba9328c350ab9fadd4..576578e566653984a81c6459dba88bf5d8a2a594 100644
--- a/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
+++ b/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
@@ -771,6 +771,11 @@ abstract class AbstractTreeView {
 		$idH = array();
 		// Traverse the records:
 		while ($crazyRecursionLimiter > 0 && ($row = $this->getDataNext($res, $subCSSclass))) {
+			if (!$GLOBALS['BE_USER']->isInWebMount($row['uid'])) {
+				// Current record is not within web mount => skip it
+				continue;
+			}
+
 			$a++;
 			$crazyRecursionLimiter--;
 			$newID = $row['uid'];
diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index e2feab199ae9d8d8b2ff4b53ab6f374ea63b5ad9..640765f233aedc77f50e059d1a53b91a5f566548 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -542,6 +542,10 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
 		if ($this->isAdmin()) {
 			return 31;
 		}
+		// Return 0 if page is not within the allowed web mount
+		if (!$this->isInWebMount($row['uid'])) {
+			return 0;
+		}
 		$out = 0;
 		if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList)) {
 			if ($this->user['uid'] == $row['perms_userid']) {