diff --git a/CHANGES.md b/CHANGES.md
index 51dfee16..097fb59f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,8 @@
+# 2023-12-20 (5.21.0)
+
+* Added an extra helper method to user-scopes to determine
+  if one of the fields has a scope that is blocking access.
+
 # 2023-12-15 (5.20.1)
 
 * Some old definitions (gebieden.stadsdelen) are using temporal relations
diff --git a/setup.cfg b/setup.cfg
index 5d31f8b5..ffdbeb89 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = amsterdam-schema-tools
-version = 5.20.1
+version = 5.21.0
 url = https://github.com/amsterdam/schema-tools
 license = Mozilla Public 2.0
 author = Team Data Diensten, van het Dataplatform onder de Directie Digitale Voorzieningen (Gemeente Amsterdam)
diff --git a/src/schematools/permissions/auth.py b/src/schematools/permissions/auth.py
index d34a1bc6..d37aabdc 100644
--- a/src/schematools/permissions/auth.py
+++ b/src/schematools/permissions/auth.py
@@ -104,6 +104,10 @@ def has_table_access(self, table: DatasetTableSchema) -> Permission:
         # which includes mandatory filtersets.
         return self._has_table_auth_access(table) or self._has_table_profile_access(table)
 
+    def has_table_fields_access(self, table: DatasetTableSchema) -> bool:
+        """Tell whether all fields of a table can be accessed."""
+        return all(self.has_field_access(field) for field in table.fields)
+
     def has_field_access(self, field: DatasetFieldSchema) -> Permission:
         """Tell whether a field may be read."""
         # Again, when a field "auth" scope is satisfied, no further checks are done.
diff --git a/tests/conftest.py b/tests/conftest.py
index 99e855de..832743ad 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -311,6 +311,11 @@ def gebieden_schema(schema_loader) -> DatasetSchema:
     return schema_loader.get_dataset_from_file("gebieden.json")
 
 
+@pytest.fixture
+def id_auth_schema(schema_loader) -> DatasetSchema:
+    return schema_loader.get_dataset_from_file("id_auth.json")
+
+
 @pytest.fixture
 def nap_schema(schema_loader) -> DatasetSchema:
     return schema_loader.get_dataset_from_file("nap.json")
diff --git a/tests/test_permissions_auth.py b/tests/test_permissions_auth.py
index 9833c7d4..b072b7a5 100644
--- a/tests/test_permissions_auth.py
+++ b/tests/test_permissions_auth.py
@@ -154,3 +154,13 @@ def test_profile_field_inheritance_from_dataset(
         assert user_scopes.has_field_access(table.get_field_by_id("volgnummer")) == expect
         assert user_scopes.has_field_access(table.get_field_by_id("identificatie")) == expect
         assert user_scopes.has_field_access(table.get_field_by_id("registratiedatum")) == expect
+
+    def test_has_table_fields_access(self, id_auth_schema):
+        """Prove that a table with one protected field cannot be accessed with OPENBAAR scope."""
+
+        user_scopes = UserScopes(
+            {},
+            request_scopes=["OPENBAAR"],
+        )
+        table = id_auth_schema.get_table_by_id("base")
+        assert not user_scopes.has_table_fields_access(table)