diff --git a/netbox/users/migrations/0008_objectpermission.py b/netbox/users/migrations/0008_objectpermission.py
index 63e173ef8..2df065898 100644
--- a/netbox/users/migrations/0008_objectpermission.py
+++ b/netbox/users/migrations/0008_objectpermission.py
@@ -22,12 +22,12 @@ class Migration(migrations.Migration):
                 ('enabled', models.BooleanField(default=True)),
                 ('constraints', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True)),
                 ('actions', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=30), size=None)),
-                ('object_types', models.ManyToManyField(limit_choices_to={'app_label__in': ['circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization']}, related_name='object_permissions', to='contenttypes.ContentType')),
+                ('object_types', models.ManyToManyField(limit_choices_to=models.Q(models.Q(models.Q(_negated=True, app_label__in=['admin', 'auth', 'contenttypes', 'sessions', 'taggit', 'users']), models.Q(('app_label', 'auth'), ('model__in', ['group', 'user'])), models.Q(('app_label', 'users'), ('model__in', ['objectpermission', 'token'])), _connector='OR')), related_name='object_permissions', to='contenttypes.ContentType')),
                 ('groups', models.ManyToManyField(blank=True, related_name='object_permissions', to='auth.Group')),
                 ('users', models.ManyToManyField(blank=True, related_name='object_permissions', to=settings.AUTH_USER_MODEL)),
             ],
             options={
-                'verbose_name': 'Permission',
+                'verbose_name': 'permission',
             },
         ),
     ]
diff --git a/netbox/users/models.py b/netbox/users/models.py
index 9e890cfdf..b8c799d65 100644
--- a/netbox/users/models.py
+++ b/netbox/users/models.py
@@ -6,6 +6,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.contrib.postgres.fields import ArrayField
 from django.core.validators import MinLengthValidator
 from django.db import models
+from django.db.models import Q
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.utils import timezone
@@ -244,11 +245,11 @@ class ObjectPermission(models.Model):
     )
     object_types = models.ManyToManyField(
         to=ContentType,
-        limit_choices_to={
-            'app_label__in': [
-                'circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization',
-            ],
-        },
+        limit_choices_to=Q(
+            ~Q(app_label__in=['admin', 'auth', 'contenttypes', 'sessions', 'taggit', 'users']) |
+            Q(app_label='auth', model__in=['group', 'user']) |
+            Q(app_label='users', model__in=['objectpermission', 'token'])
+        ),
         related_name='object_permissions'
     )
     groups = models.ManyToManyField(
@@ -274,7 +275,7 @@ class ObjectPermission(models.Model):
     objects = RestrictedQuerySet.as_manager()
 
     class Meta:
-        verbose_name = "Permission"
+        verbose_name = "permission"
 
     def __str__(self):
         if self.name: