diff --git a/backend/src/object/models/dynamic-model.factory.ts b/backend/src/object/models/dynamic-model.factory.ts
index 575f5e8..ff22f14 100644
--- a/backend/src/object/models/dynamic-model.factory.ts
+++ b/backend/src/object/models/dynamic-model.factory.ts
@@ -28,6 +28,14 @@ export interface ObjectMetadata {
 }
 
 export class DynamicModelFactory {
+  /**
+   * Get relation name from lookup field API name
+   * Converts "ownerId" -> "owner", "customFieldId" -> "customfield"
+   */
+  static getRelationName(lookupFieldApiName: string): string {
+    return lookupFieldApiName.replace(/Id$/, '').toLowerCase();
+  }
+
   /**
    * Create a dynamic model class from object metadata
    * @param meta Object metadata
@@ -69,7 +77,7 @@ export class DynamicModelFactory {
     // Store lookup fields metadata for later use
     const lookupFieldsInfo = lookupFields.map(f => ({
       apiName: f.apiName,
-      relationName: f.apiName.replace(/Id$/, '').toLowerCase(),
+      relationName: DynamicModelFactory.getRelationName(f.apiName),
       referenceObject: f.referenceObject,
       targetTable: this.getTableName(f.referenceObject),
     }));
diff --git a/backend/src/rbac/authorization.service.ts b/backend/src/rbac/authorization.service.ts
index 1a7bdf3..31a53a8 100644
--- a/backend/src/rbac/authorization.service.ts
+++ b/backend/src/rbac/authorization.service.ts
@@ -5,6 +5,7 @@ import { ObjectDefinition } from '../models/object-definition.model';
 import { FieldDefinition } from '../models/field-definition.model';
 import { RecordShare } from '../models/record-share.model';
 import { AbilityFactory, AppAbility, Action } from './ability.factory';
+import { DynamicModelFactory } from '../object/models/dynamic-model.factory';
 import { subject } from '@casl/ability';
 
 @Injectable()
@@ -171,6 +172,14 @@ export class AuthorizationService {
         if (data[field.apiName] !== undefined) {
           filtered[field.apiName] = data[field.apiName];
         }
+        
+        // For lookup fields, also include the related object (e.g., ownerId -> owner)
+        if (field.type === 'LOOKUP') {
+          const relationName = DynamicModelFactory.getRelationName(field.apiName);
+          if (data[relationName] !== undefined) {
+            filtered[relationName] = data[relationName];
+          }
+        }
       }
     }