diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index c53e47d86980..51c9bc1445ba 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -10,7 +10,7 @@
     "compute:create:attach_volume": "",
     "compute:create:forced_host": "is_admin:True",
     "compute:get_all": "",
-    "compute:get_all_tenants": "",
+    "compute:get_all_tenants": "is_admin:True",
     "compute:start": "rule:admin_or_owner",
     "compute:stop": "rule:admin_or_owner",
     "compute:unlock_override": "rule:admin_api",
@@ -185,6 +185,8 @@
     "network:delete_dns_domain": "",
     "network:attach_external_network": "rule:admin_api",
 
+    "os_compute_api:servers:detail:get_all_tenants": "is_admin:True",
+    "os_compute_api:servers:index:get_all_tenants": "is_admin:True",
     "os_compute_api:servers:create_image:allow_volume_backed": "",
     "os_compute_api:servers:start": "rule:admin_or_owner",
     "os_compute_api:servers:stop": "rule:admin_or_owner",
diff --git a/nova/api/openstack/compute/plugins/v3/servers.py b/nova/api/openstack/compute/plugins/v3/servers.py
index f263a8094fa4..60384d743147 100644
--- a/nova/api/openstack/compute/plugins/v3/servers.py
+++ b/nova/api/openstack/compute/plugins/v3/servers.py
@@ -354,12 +354,14 @@ class ServersController(wsgi.Controller):
             except ValueError as err:
                 raise exception.InvalidInput(six.text_type(err))
 
+        elevated = None
         if 'all_tenants' in search_opts:
             if is_detail:
                 authorize(context, action="detail:get_all_tenants")
             else:
                 authorize(context, action="index:get_all_tenants")
             del search_opts['all_tenants']
+            elevated = context.elevated()
         else:
             if context.project_id:
                 search_opts['project_id'] = context.project_id
@@ -369,7 +371,7 @@ class ServersController(wsgi.Controller):
         limit, marker = common.get_limit_and_marker(req)
         sort_keys, sort_dirs = common.get_sort_params(req.params)
         try:
-            instance_list = self.compute_api.get_all(context,
+            instance_list = self.compute_api.get_all(elevated or context,
                     search_opts=search_opts, limit=limit, marker=marker,
                     want_objects=True, expected_attrs=['pci_devices'],
                     sort_keys=sort_keys, sort_dirs=sort_dirs)
diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
index e0e1de6d1e90..6ad4f8bb67ec 100644
--- a/nova/api/openstack/compute/servers.py
+++ b/nova/api/openstack/compute/servers.py
@@ -203,11 +203,13 @@ class Controller(wsgi.Controller):
             except ValueError as err:
                 raise exception.InvalidInput(six.text_type(err))
 
+        elevated = None
         if 'all_tenants' in search_opts:
             policy.enforce(context, 'compute:get_all_tenants',
                            {'project_id': context.project_id,
                             'user_id': context.user_id})
             del search_opts['all_tenants']
+            elevated = context.elevated()
         else:
             if context.project_id:
                 search_opts['project_id'] = context.project_id
@@ -220,7 +222,7 @@ class Controller(wsgi.Controller):
         if self.ext_mgr.is_loaded('os-server-sort-keys'):
             sort_keys, sort_dirs = common.get_sort_params(req.params)
         try:
-            instance_list = self.compute_api.get_all(context,
+            instance_list = self.compute_api.get_all(elevated or context,
                                                      search_opts=search_opts,
                                                      limit=limit,
                                                      marker=marker,
diff --git a/nova/tests/unit/api/openstack/compute/plugins/v3/test_servers.py b/nova/tests/unit/api/openstack/compute/plugins/v3/test_servers.py
index c28f6c3dec20..1e42f569e8d1 100644
--- a/nova/tests/unit/api/openstack/compute/plugins/v3/test_servers.py
+++ b/nova/tests/unit/api/openstack/compute/plugins/v3/test_servers.py
@@ -845,6 +845,7 @@ class ServersControllerTest(ControllerTest):
                          expected_attrs=None, sort_keys=None, sort_dirs=None):
             self.assertIsNotNone(filters)
             self.assertNotIn('project_id', filters)
+            self.assertTrue(context.is_admin)
             return [fakes.stub_instance(100)]
 
         self.stubs.Set(db, 'instance_get_all_by_filters_sort',
diff --git a/nova/tests/unit/api/openstack/compute/test_servers.py b/nova/tests/unit/api/openstack/compute/test_servers.py
index 60082f3b35d0..871d7f88f74b 100644
--- a/nova/tests/unit/api/openstack/compute/test_servers.py
+++ b/nova/tests/unit/api/openstack/compute/test_servers.py
@@ -822,6 +822,7 @@ class ServersControllerTest(ControllerTest):
                          columns_to_join=None, use_slave=False):
             self.assertIsNotNone(filters)
             self.assertNotIn('project_id', filters)
+            self.assertTrue(context.is_admin)
             return [fakes.stub_instance(100)]
 
         self.stubs.Set(db, 'instance_get_all_by_filters',