diff --git a/program/views.py b/program/views.py
index 4107c011cbba0778d3adc7f68cf22c10384c3468..a0f963a1c223bd847adafdd15e32ce2aab9dfb52 100644
--- a/program/views.py
+++ b/program/views.py
@@ -265,12 +265,15 @@ class APIUserViewSet(
     search_fields = ["username", "first_name", "last_name", "email"]
 
     def get_queryset(self):
-        """The queryset contains all the users if the method is safe or requesting user is a
-        superuser, otherwise it only contains the requesting user."""
+        """The queryset is empty if the user is not authenticated, contains all the users if the
+        method is safe or the requesting user is a superuser, otherwise it only contains the
+        requesting user."""
 
         user = self.request.user
 
-        if self.request.method in permissions.SAFE_METHODS or user.is_superuser:
+        if not user.is_authenticated:
+            return User.objects.none()
+        elif self.request.method in permissions.SAFE_METHODS or user.is_superuser:
             return User.objects.all()
         else:
             return User.objects.filter(pk=user.id)