diff --git a/src/Access/RelationshipFieldAccess.php b/src/Access/RelationshipFieldAccess.php
index 650a1d3..51a85b5 100644
--- a/src/Access/RelationshipFieldAccess.php
+++ b/src/Access/RelationshipFieldAccess.php
@@ -14,7 +14,6 @@ use Symfony\Component\Routing\Route;
 /**
  * Defines a class to check access to related and relationship routes.
  *
- * @package Drupal\jsonapi\Access
  * @internal
  */
 class RelationshipFieldAccess implements AccessInterface {
@@ -49,12 +48,12 @@ class RelationshipFieldAccess implements AccessInterface {
         $entity_access = $entity->access($entity_operation, $account, TRUE);
         $field_access = $entity->get($relationship_field_name)->access($field_operation, $account, TRUE);
         $access_result = $entity_access->andIf($field_access);
-        if ($access_result instanceof AccessResultReasonInterface) {
+        if (!$access_result->isAllowed()) {
           $reason = "The current user is not allowed to {$field_operation} this relationship.";
-          if ($access_reason = $access_result->getReason()) {
-            $reason .= " {$access_reason}";
-          };
-          $access_result->setReason($reason);
+          $access_reason = $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL;
+          return empty($access_reason)
+            ? $access_result->isForbidden() ? AccessResult::forbidden($reason) : AccessResult::neutral($reason)
+            : $access_result->setReason($reason . " {$access_reason}");
         }
         return $access_result;
       }
diff --git a/src/Controller/EntityResource.php b/src/Controller/EntityResource.php
index 7c61f9c..78ef277 100644
--- a/src/Controller/EntityResource.php
+++ b/src/Controller/EntityResource.php
@@ -501,11 +501,6 @@ class EntityResource {
       throw new ConflictHttpException(sprintf('You can only POST to to-many relationships. %s is a to-one relationship.', $related_field));
     }
 
-    $field_access = $field_list->access('edit', NULL, TRUE);
-    if (!$field_access->isAllowed()) {
-      $field_name = $field_list->getName();
-      throw new EntityAccessDeniedHttpException($entity, $field_access, '/data/relationships/' . $field_name, sprintf('The current user is not allowed to PATCH the selected field (%s).', $field_name));
-    }
     $original_field_list = clone $field_list;
     // Time to save the relationship.
     foreach ($parsed_field_list as $field_item) {
@@ -655,8 +650,6 @@ class EntityResource {
    * @return \Drupal\jsonapi\ResourceResponse
    *   The response.
    *
-   * @throws \Drupal\jsonapi\Exception\EntityAccessDeniedHttpException
-   *   Thrown when the current user is nto allowed to PATCH the selected field.
    * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
    *   Thrown when not body was provided for the DELETE operation.
    * @throws \Symfony\Component\HttpKernel\Exception\ConflictHttpException
@@ -672,12 +665,6 @@ class EntityResource {
       // This usually means that there was not body provided.
       throw new BadRequestHttpException(sprintf('You need to provide a body for DELETE operations on a relationship (%s).', $related_field));
     }
-    /* @var \Drupal\Core\Field\EntityReferenceFieldItemListInterface $parsed_field_list */
-    $field_name = $parsed_field_list->getName();
-    $field_access = $parsed_field_list->access('edit', NULL, TRUE);
-    if (!$field_access->isAllowed()) {
-      throw new EntityAccessDeniedHttpException($entity, $field_access, '/data/relationships/' . $field_name, sprintf('The current user is not allowed to PATCH the selected field (%s).', $field_name));
-    }
     /* @var \Drupal\Core\Field\EntityReferenceFieldItemListInterface $field_list */
     $field_list = $entity->{$related_field};
     $is_multiple = $field_list->getFieldDefinition()
@@ -815,35 +802,6 @@ class EntityResource {
     return $response;
   }
 
-  /**
-   * Check the access to update the entity and the presence of a relationship.
-   *
-   * @param \Drupal\Core\Entity\EntityInterface $entity
-   *   The entity.
-   * @param string $operation
-   *   The operation to test.
-   * @param string $related_field
-   *   The name of the field to check.
-   *
-   * @throws \Drupal\jsonapi\Exception\EntityAccessDeniedHttpException
-   *   Thrown when the current user is not allowed the operation on the
-   *   relationship.
-   * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
-   *   Thrown when the relationship is not present in the resource.
-   *
-   * @see \Drupal\Core\Access\AccessibleInterface
-   */
-  protected function relationshipAccess(EntityInterface $entity, $operation, $related_field) {
-    /* @var \Drupal\Core\Field\EntityReferenceFieldItemListInterface $parsed_field_list */
-    $field_access = $entity->{$related_field}->access($operation, NULL, TRUE);
-    $entity_access = $entity->access($operation, NULL, TRUE);
-    $combined_access = $entity_access->andIf($field_access);
-    if (!$combined_access->isAllowed()) {
-      // @todo Is this really the right path?
-      throw new EntityAccessDeniedHttpException($entity, $combined_access, $related_field, "The current user is not allowed to $operation this relationship.");
-    }
-  }
-
   /**
    * Takes a field from the origin entity and puts it to the destination entity.
    *