diff --git a/src/app/Http/Controllers/API/V4/DomainsController.php b/src/app/Http/Controllers/API/V4/DomainsController.php
--- a/src/app/Http/Controllers/API/V4/DomainsController.php
+++ b/src/app/Http/Controllers/API/V4/DomainsController.php
@@ -69,9 +69,9 @@
      */
     public function destroy($id)
     {
-        $domain = Domain::withEnvTenantContext()->find($id);
+        $domain = Domain::find($id);
 
-        if (empty($domain)) {
+        if (!$this->checkTenant($domain)) {
             return $this->errorResponse(404);
         }
 
@@ -135,7 +135,9 @@
             }
         }
 
-        if (empty($request->package) || !($package = \App\Package::withEnvTenantContext()->find($request->package))) {
+        if (empty($request->package)
+            || !($package = \App\Package::withObjectTenantContext($owner)->find($request->package))
+        ) {
             $errors = ['package' => self::trans('validation.packagerequired')];
             return response()->json(['status' => 'error', 'errors' => $errors], 422);
         }
diff --git a/src/app/Http/Controllers/API/V4/UsersController.php b/src/app/Http/Controllers/API/V4/UsersController.php
--- a/src/app/Http/Controllers/API/V4/UsersController.php
+++ b/src/app/Http/Controllers/API/V4/UsersController.php
@@ -230,7 +230,9 @@
             return $error_response;
         }
 
-        if (empty($request->package) || !($package = \App\Package::withEnvTenantContext()->find($request->package))) {
+        if (empty($request->package)
+            || !($package = \App\Package::withObjectTenantContext($owner)->find($request->package))
+        ) {
             $errors = ['package' => self::trans('validation.packagerequired')];
             return response()->json(['status' => 'error', 'errors' => $errors], 422);
         }
@@ -284,7 +286,11 @@
      */
     public function update(Request $request, $id)
     {
-        $user = User::withEnvTenantContext()->find($id);
+        $user = User::find($id);
+
+        if (!$this->checkTenant($user)) {
+            return $this->errorResponse(404);
+        }
 
         if (empty($user)) {
             return $this->errorResponse(404);