diff --git a/app/server/appsmith-interfaces/pom.xml b/app/server/appsmith-interfaces/pom.xml
index 7c0dc9d2d3..895faefd3a 100644
--- a/app/server/appsmith-interfaces/pom.xml
+++ b/app/server/appsmith-interfaces/pom.xml
@@ -80,6 +80,7 @@
             <groupId>com.querydsl</groupId>
             <artifactId>querydsl-apt</artifactId>
             <version>4.2.2</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>com.querydsl</groupId>
diff --git a/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/BaseDomain.java b/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/BaseDomain.java
index f3e787bbbf..9d269b93d4 100644
--- a/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/BaseDomain.java
+++ b/app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/BaseDomain.java
@@ -26,7 +26,6 @@ import java.util.Set;
 @Getter 
 @Setter
 @ToString
-@QueryEntity
 public abstract class BaseDomain implements Persistable<String> {
 
     private static final long serialVersionUID = 7459916000501322517L;
@@ -55,6 +54,7 @@ public abstract class BaseDomain implements Persistable<String> {
     @Version
     protected Long documentVersion;
 
+    @JsonIgnore
     protected Set<Policy> policies;
 
     @JsonIgnore
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
index 30b29d661f..2a47fd2559 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
@@ -4,17 +4,13 @@ package com.appsmith.server.configurations;
 import com.appsmith.server.authentication.handlers.CustomServerOAuth2AuthorizationRequestResolver;
 import com.appsmith.server.authentication.handlers.LogoutSuccessHandler;
 import com.appsmith.server.constants.Url;
+import com.appsmith.server.domains.User;
 import com.appsmith.server.services.UserService;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.access.expression.SecurityExpressionHandler;
-import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
-import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -32,6 +28,7 @@ import org.springframework.web.reactive.function.server.RouterFunctions;
 import org.springframework.web.reactive.function.server.ServerResponse;
 
 import java.util.Arrays;
+import java.util.HashSet;
 
 import static com.appsmith.server.constants.Url.USER_URL;
 
@@ -103,7 +100,8 @@ public class SecurityConfig {
                 // This picks up the configurationSource from the bean corsConfigurationSource()
                 .cors().and()
                 .csrf().disable()
-                .anonymous().and()
+                .anonymous().principal(createAnonymousUser())
+                .and()
                 // This returns 401 unauthorized for all requests that are not authenticated but authentication is required
                 // The client will redirect to the login page if we return 401 as Http status response
                 .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
@@ -138,4 +136,13 @@ public class SecurityConfig {
                 .logoutSuccessHandler(new LogoutSuccessHandler(objectMapper))
                 .and().build();
     }
+
+    private User createAnonymousUser() {
+        User user = new User();
+        user.setName("anonymousUser");
+        user.setEmail("anonymousUser");
+        user.setCurrentOrganizationId("");
+        user.setOrganizationIds(new HashSet<>());
+        return user;
+    }
 }
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/User.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/User.java
index 11b5875d0c..93f64fea99 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/User.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/User.java
@@ -64,9 +64,7 @@ public class User extends BaseDomain implements UserDetails {
 
     @Override
     public Collection<GrantedAuthority> getAuthorities() {
-        return permissions.stream().map(permission -> new SimpleGrantedAuthority(permission))
-                .collect(Collectors.toSet());
-//        return Set.of(new SimpleGrantedAuthority("ROLE_USER"));
+        return null;
     }
 
     @Override
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/BaseRepositoryImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/BaseRepositoryImpl.java
index 334e638b40..437e5f6088 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/BaseRepositoryImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/BaseRepositoryImpl.java
@@ -2,7 +2,6 @@ package com.appsmith.server.repositories;
 
 import com.appsmith.external.models.BaseDomain;
 import com.appsmith.external.models.QBaseDomain;
-import com.appsmith.external.models.QPolicy;
 import com.appsmith.server.constants.FieldName;
 import com.appsmith.server.domains.User;
 import lombok.NonNull;
@@ -11,7 +10,6 @@ import org.springframework.data.domain.Example;
 import org.springframework.data.domain.Sort;
 import org.springframework.data.mongodb.core.ReactiveMongoOperations;
 import org.springframework.data.mongodb.core.query.Criteria;
-import org.springframework.data.mongodb.core.query.CriteriaDefinition;
 import org.springframework.data.mongodb.core.query.Query;
 import org.springframework.data.mongodb.core.query.Update;
 import org.springframework.data.mongodb.repository.query.MongoEntityInformation;
@@ -64,15 +62,22 @@ public class BaseRepositoryImpl<T extends BaseDomain, ID extends Serializable> e
 
     protected Criteria userAcl(User user, String permission) {
         log.debug("Going to add userAcl");
-        Criteria userCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
-                .elemMatch(Criteria.where(fieldName(QPolicy.policy.users)).all(user.getUsername())
-                    .and(fieldName(QPolicy.policy.permissions)).all(permission)
+//        Criteria userCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
+//                .elemMatch(Criteria.where(fieldName(QPolicy.policy.users)).all(user.getUsername())
+//                    .and(fieldName(QPolicy.policy.permissions)).all(permission)
+//                );
+        Criteria userCriteria = Criteria.where("policies")
+                .elemMatch(Criteria.where("users").all(user.getUsername())
+                        .and("permissions").all(permission)
                 );
         log.debug("Got the userCriteria: {}", userCriteria);
 
-        Criteria groupCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
-                .elemMatch(Criteria.where(fieldName(QPolicy.policy.groups)).all(user.getGroupIds())
-                .and(fieldName(QPolicy.policy.permissions)).all(permission));
+//        Criteria groupCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
+//                .elemMatch(Criteria.where(fieldName(QPolicy.policy.groups)).all(user.getGroupIds())
+//                .and(fieldName(QPolicy.policy.permissions)).all(permission));
+        Criteria groupCriteria = Criteria.where("policies")
+                .elemMatch(Criteria.where("groups").all(user.getGroupIds())
+                .and("permissions").all(permission));
 
         log.debug("Got the groupCriteria: {}", groupCriteria);
         return new Criteria().orOperator(userCriteria, groupCriteria);
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/SessionUserServiceImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/SessionUserServiceImpl.java
index da15eb57fb..71fe75b354 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/SessionUserServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/SessionUserServiceImpl.java
@@ -20,7 +20,6 @@ public class SessionUserServiceImpl implements SessionUserService {
         this.repository = userRepository;
     }
 
-
     @Override
     public Mono<User> getCurrentUser() {
         return ReactiveSecurityContextHolder.getContext()
@@ -29,8 +28,7 @@ public class SessionUserServiceImpl implements SessionUserService {
                 .flatMap(principal -> {
                     String email = "";
                     if (principal instanceof User) {
-                        //Assumption that the user has inputted an email as username during user creation and not english passport name
-                        email = ((User) principal).getUsername();
+                        return Mono.just((User) principal);
                     } else if (principal instanceof DefaultOAuth2User) {
                         DefaultOAuth2User defaultOAuth2User = (DefaultOAuth2User) principal;
                         email = defaultOAuth2User.getName();