diff --git a/pount/apps/api/tests/api/test_item.py b/pount/apps/api/tests/api/test_item.py
index 2b2247f4e537d5950ef0cb38f337372f36991665..14b493fb0eb0ce292f13683cf43cf8a159dfbf7c 100644
--- a/pount/apps/api/tests/api/test_item.py
+++ b/pount/apps/api/tests/api/test_item.py
@@ -290,7 +290,7 @@ class ViewItemTest(SetUpMixin, APITestCase):
         user = User.objects.create_user("user")
         self.client.force_login(user)
         response = self.client.get(reverse("item-detail", kwargs={"pk": self.private_item.pk}))
-        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_set_must_be_public_to_view_public_item(self):
         self.public_item.set = self.set
diff --git a/pount/apps/api/tests/api/test_item_export.py b/pount/apps/api/tests/api/test_item_export.py
index eb9aa0098c2f82e2bc5c1c87db27487445d5922b..633e9d2d14d0ab6acdb19740e5b2cc9da3b9d567 100644
--- a/pount/apps/api/tests/api/test_item_export.py
+++ b/pount/apps/api/tests/api/test_item_export.py
@@ -108,7 +108,7 @@ class XmlExportTest(SetUpMixin, APITestCase):
     def test_other_project_member_can_not_export_xml(self):
         self.client.force_login(self.project2_member)
         response = self._get_response()
-        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_view_returns_exported_datacite_xml(self):
         self.client.force_login(self.creator)
diff --git a/pount/apps/api/views/item.py b/pount/apps/api/views/item.py
index c17f41747489692808be71530169b5bd20f290e0..dbd622e0282df59fef6884149a71bea3d2539df0 100644
--- a/pount/apps/api/views/item.py
+++ b/pount/apps/api/views/item.py
@@ -49,7 +49,8 @@ class ItemViewSet(ThumbnailMixin, viewsets.ModelViewSet):
 
     def get_queryset(self):
         queryset = super().get_queryset()
-        queryset = queryset.is_public_or_user_is_project_member(self.request.user)
+        # There is no need to filter. If the user has access to the set, they can access the items
+        # queryset = queryset.is_public_or_user_is_project_member(self.request.user)
         if self.action == "retrieve":
             # we need the parent objects to determine if it can be shared
             queryset = queryset.select_related("set", "set__project")