diff --git a/netbox/netbox/authentication.py b/netbox/netbox/authentication.py
index 61dfe2fdb..b5f5746fa 100644
--- a/netbox/netbox/authentication.py
+++ b/netbox/netbox/authentication.py
@@ -94,6 +94,7 @@ class ObjectPermissionMixin:
 
     def has_perm(self, user_obj, perm, obj=None):
         app_label, action, model_name = resolve_permission(perm)
+        # breakpoint()
 
         # Superusers implicitly have all permissions
         if user_obj.is_active and user_obj.is_superuser:
diff --git a/netbox/users/views.py b/netbox/users/views.py
index 72989e369..1dc6eb0e7 100644
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -375,6 +375,15 @@ class NetBoxUserView(generic.ObjectView):
             'active_tab': 'user',
         }
 
+    def dispatch(self, request, *args, **kwargs):
+        return super().dispatch(request, *args, **kwargs)
+
+    def get(self, request, *args, **kwargs):
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        return super().post(request, *args, **kwargs)
+
 
 @register_model_view(NetBoxUser, 'edit')
 class NetBoxUserEditView(generic.ObjectEditView):
diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py
index ca3d26564..cfe44ba4d 100644
--- a/netbox/utilities/testing/views.py
+++ b/netbox/utilities/testing/views.py
@@ -1,5 +1,6 @@
 import csv
 
+from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ObjectDoesNotExist
 from django.db.models import ForeignKey
@@ -64,8 +65,15 @@ class ViewTestCases:
         def test_get_object_anonymous(self):
             # Make the request as an unauthenticated user
             self.client.logout()
-            response = self.client.get(self._get_queryset().first().get_absolute_url())
-            self.assertHttpStatus(response, 200)
+            ct = ContentType.objects.get_for_model(self.model)
+            if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS:
+                # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users
+                with disable_warnings('django.request'):
+                    response = self.client.get(self._get_queryset().first().get_absolute_url())
+                    self.assertHttpStatus(response, 302)
+            else:
+                response = self.client.get(self._get_queryset().first().get_absolute_url())
+                self.assertHttpStatus(response, 200)
 
         @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
         def test_get_object_without_permission(self):
@@ -407,8 +415,15 @@ class ViewTestCases:
         def test_list_objects_anonymous(self):
             # Make the request as an unauthenticated user
             self.client.logout()
-            response = self.client.get(self._get_url('list'))
-            self.assertHttpStatus(response, 200)
+            ct = ContentType.objects.get_for_model(self.model)
+            if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS:
+                # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users
+                with disable_warnings('django.request'):
+                    response = self.client.get(self._get_url('list'))
+                    self.assertHttpStatus(response, 302)
+            else:
+                response = self.client.get(self._get_url('list'))
+                self.assertHttpStatus(response, 200)
 
         @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
         def test_list_objects_without_permission(self):