diff --git a/pkg/permission/ruleset.go b/pkg/permission/ruleset.go
index 63a0f1b843d7e87fc7b4f66dd4983c126de56e2e..2cf1eef016652e7efee2f122deb8be55fd3408c7 100644
--- a/pkg/permission/ruleset.go
+++ b/pkg/permission/ruleset.go
@@ -127,10 +127,10 @@ func (r Rule) GetPermission(action Action) *Permission {
 			case ActionRead:
 				p.Filter = r.ReadFilter
 				p.UnallowedFields = append(p.UnallowedFields, r.HiddenFields...)
-				p.UnallowedFields = append(p.UnallowedFields, r.DenyWriteFields...)
+				p.UnallowedFields = append(p.UnallowedFields, r.DenyReadFields...)
 			case ActionCreate, ActionUpdate, ActionDelete:
 				p.Filter = r.WriteFilter
-				p.UnallowedFields = append(p.UnallowedFields, r.DenyReadFields...)
+				p.UnallowedFields = append(p.UnallowedFields, r.DenyWriteFields...)
 			}
 
 			p.UnallowedFields = data.SetFromSlice(p.UnallowedFields)
diff --git a/pkg/permission/ruleset_test.go b/pkg/permission/ruleset_test.go
index a38644b0118fe7cdfe0f90b2078dbc5a7d044c5a..47cb622f1e6efb7f82a9ab7a1f1ed20d57073cfa 100644
--- a/pkg/permission/ruleset_test.go
+++ b/pkg/permission/ruleset_test.go
@@ -61,25 +61,25 @@ func TestRule_GetPermission(t *testing.T) {
 		{
 			name:            "ActionRead",
 			action:          ActionRead,
-			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f3"}},
+			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f3"}},
 			unallowedFields: []string{"f2", "f3"},
 		},
 		{
 			name:            "ActionRead readonly&writeonly",
 			action:          ActionRead,
-			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f1"}},
+			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f1"}},
 			unallowedFields: []string{"f1", "f2"},
 		},
 		{
 			name:            "ActionUpdate",
 			action:          ActionUpdate,
-			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f3"}},
+			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f3"}},
 			unallowedFields: []string{"f1"},
 		},
 		{
 			name:            "ActionUpdate readonly&writeonly",
 			action:          ActionUpdate,
-			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f1"}},
+			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f1"}},
 			unallowedFields: []string{"f1"},
 		},
 	}