diff --git a/superset/security/manager.py b/superset/security/manager.py
index 46ccbb1dc89ce..43461f10fcfea 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -109,7 +109,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
     SecurityManager
 ):
     userstatschartview = None
-    READ_ONLY_MODEL_VIEWS = {"DatabaseAsync", "DatabaseView", "DruidClusterModelView"}
+    READ_ONLY_MODEL_VIEWS = {"Database", "DruidClusterModelView", "DynamicPlugin"}
 
     USER_MODEL_VIEWS = {
         "UserDBModelView",
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 5f3b2a60f3d78..388770e9fbd9a 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -685,6 +685,7 @@ def assert_can_alpha(self, perm_set):
         self.assert_can_all("CssTemplate", perm_set)
         self.assert_can_all("Dataset", perm_set)
         self.assert_can_read("Query", perm_set)
+        self.assert_can_read("Database", perm_set)
         self.assertIn(("can_import_dashboards", "Superset"), perm_set)
         self.assertIn(("can_this_form_post", "CsvToDatabaseView"), perm_set)
         self.assertIn(("can_this_form_get", "CsvToDatabaseView"), perm_set)
@@ -701,6 +702,7 @@ def assert_cannot_alpha(self, perm_set):
         self.assert_cannot_write("Queries", perm_set)
         self.assert_cannot_write("RoleModelView", perm_set)
         self.assert_cannot_write("UserDBModelView", perm_set)
+        self.assert_cannot_write("Database", perm_set)
 
     def assert_can_admin(self, perm_set):
         self.assert_can_all("Database", perm_set)