diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js
index 83f7aa45b0..0acf3ac043 100644
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -1628,4 +1628,40 @@ describe('schemas', () => {
       done();
     });
   });
+
+  it('regression test for #2246', done => {
+    let profile = new Parse.Object('UserProfile');
+    let user = new Parse.User();
+    function initialize() {
+      return user.save({
+        username: 'user',
+        password: 'password'
+      }).then(() => {
+        return profile.save({user}).then(() => {
+        return user.save({
+            userProfile: profile
+          }, {useMasterKey: true});
+        });
+      });
+    }
+
+    initialize().then(() => {
+      return setPermissionsOnClass('UserProfile', {
+        'readUserFields': ['user'],
+        'writeUserFields': ['user']
+      }, true);
+    }).then(() => {
+      return Parse.User.logIn('user', 'password')
+    }).then(() => {
+      let query = new Parse.Query('_User');
+      query.include('userProfile');
+      return query.get(user.id);
+    }).then((user) => {
+      expect(user.get('userProfile')).not.toBeUndefined();
+      done();
+    }, (err) => {
+      jfail(err);
+      done();
+    });
+  });
 });
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index 4cfe679105..618d304795 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -859,6 +859,7 @@ DatabaseController.prototype.addPointerPermissions = function(schema, className,
   // the ACL should have exactly 1 user
   if (perms && perms[field] && perms[field].length > 0) {
     // No user set return undefined
+    // If the length is > 1, that means we didn't dedup users correctly
     if (userACL.length != 1) {
       return;
     }
diff --git a/src/RestQuery.js b/src/RestQuery.js
index 0dc95ff341..0c28014d6a 100644
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -149,8 +149,9 @@ RestQuery.prototype.getUserAndRoleACL = function() {
     return Promise.resolve();
   }
   return this.auth.getUserRoles().then((roles) => {
-    roles.push(this.auth.user.id);
-    this.findOptions.acl = roles;
+    // Concat with the roles to prevent duplications on multiple calls
+    const aclSet = new Set([].concat(this.findOptions.acl, roles));
+    this.findOptions.acl = Array.from(aclSet);
     return Promise.resolve();
   });
 };