diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js
index 5180b36ca5..e8dcc41e4d 100644
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -1779,6 +1779,34 @@ describe('schemas', () => {
     });
   });
 
+  describe('Nested documents', () => {
+    beforeAll(async () => {
+      const testSchema = new Parse.Schema('test_7371');
+      testSchema.setCLP({
+        create: { ['*']: true },
+        update: { ['*']: true },
+        addField: {},
+      });
+      testSchema.addObject('a');
+      await testSchema.save();
+    });
+
+    it('addField permission not required for adding a nested property', async () => {
+      const obj = new Parse.Object('test_7371');
+      obj.set('a', {});
+      await obj.save();
+      obj.set('a.b', 2);
+      await obj.save();
+    });
+    it('addField permission not required for modifying a nested property', async () => {
+      const obj = new Parse.Object('test_7371');
+      obj.set('a', { b: 1 });
+      await obj.save();
+      obj.set('a.b', 2);
+      await obj.save();
+    });
+  });
+
   it('should aceept class-level permission with userid of any length', async done => {
     await global.reconfigureServer({
       customIdSize: 11,
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index 158308ded3..42273b6990 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -894,7 +894,7 @@ class DatabaseController {
       if (object[field] && object[field].__op && object[field].__op === 'Delete') {
         return false;
       }
-      return schemaFields.indexOf(field) < 0;
+      return schemaFields.indexOf(getRootFieldName(field)) < 0;
     });
     if (newKeys.length > 0) {
       // adds a marker that new field is being adding during update