Permission for API `customfields` policy has no effect

[mskrip]

Please confirm you have done the following before posting your bug report:

• I have enabled debug mode
• I have read checked the Common Issues page

Describe the bug

Admin user has permission to GET access /api/v1/fieldsets but doesn't have permission for /api/v1/fieldsets/{id}, /api/v1/fields, or /api/v1/fields/{id}

To Reproduce
Steps to reproduce the behavior:

1. Make a GET request to /api/v1/fieldsets/1 with admin user's API key.
2. Get a 403 response

Expected behavior
The endpoint should be accessible to admin users.

Server (please complete the following information):

• v4.7.5
• OS: Arch
• PHP Version: 7.3.7

Desktop (please complete the following information):

• OS: Arch
• Browser chrome
• Version 75.0.3770.100

This also happens on clean install. I've also tried manually adding permissions to the user for customfields policy but it didn't help.

This issue appears to be API specific. In GUI admin user can both view and edit custom fields.