diff --git a/core/modules/jsonapi/jsonapi.module b/core/modules/jsonapi/jsonapi.module
index 804e78fd643749229202121bca760e8fba21fc3c..fa21b18d960e45e3e6e25d35bda833af7644c6f9 100644
--- a/core/modules/jsonapi/jsonapi.module
+++ b/core/modules/jsonapi/jsonapi.module
@@ -183,6 +183,7 @@ function jsonapi_jsonapi_block_content_filter_access(EntityTypeInterface $entity
   // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for
   // (isReusable()), so this does not have to.
   return ([
+    JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'access block library'),
     JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed(),
   ]);
 }
diff --git a/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php b/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php
index a0d689169c12e3d880429c97d4370209b8bffede..2e5308890e10aec4a773f08f19b764ea7bd12042 100644
--- a/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php
+++ b/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php
@@ -68,6 +68,11 @@ class BlockContentTest extends ResourceTestBase {
   protected function setUpAuthorization($method) {
     switch ($method) {
       case 'GET':
+        $this->grantPermissionsToTestedRole([
+          'access block library',
+        ]);
+        break;
+
       case 'PATCH':
         $this->grantPermissionsToTestedRole([
           'access block library',
@@ -86,6 +91,14 @@ protected function setUpAuthorization($method) {
     }
   }
 
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUpRevisionAuthorization($method) {
+    parent::setUpRevisionAuthorization($method);
+    $this->grantPermissionsToTestedRole(['view any basic block content history']);
+  }
+
   /**
    * {@inheritdoc}
    */