diff --git a/nova/policies/migrations.py b/nova/policies/migrations.py
index be7a1861f4cc..bb77d1f0bb63 100644
--- a/nova/policies/migrations.py
+++ b/nova/policies/migrations.py
@@ -24,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-migrations:%s'
 migrations_policies = [
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'index',
-        check_str=base.RULE_ADMIN_API,
+        check_str=base.SYSTEM_READER,
         description="List migrations",
         operations=[
             {
diff --git a/nova/tests/unit/fake_policy.py b/nova/tests/unit/fake_policy.py
index 6e8f93615407..2524c305070f 100644
--- a/nova/tests/unit/fake_policy.py
+++ b/nova/tests/unit/fake_policy.py
@@ -71,6 +71,7 @@ policy_data = """
     "os_compute_api:os-lock-server:unlock": "",
     "os_compute_api:os-migrate-server:migrate": "",
     "os_compute_api:os-migrate-server:migrate_live": "",
+    "os_compute_api:os-migrations:index": "",
     "os_compute_api:os-multinic": "",
     "os_compute_api:os-networks:view": "",
     "os_compute_api:os-tenant-networks": "",
diff --git a/nova/tests/unit/policies/test_migrations.py b/nova/tests/unit/policies/test_migrations.py
index cfa893242e77..3738d107e2c3 100644
--- a/nova/tests/unit/policies/test_migrations.py
+++ b/nova/tests/unit/policies/test_migrations.py
@@ -33,13 +33,13 @@ class MigrationsPolicyTest(base.BasePolicyTest):
         self.req = fakes.HTTPRequest.blank('')
 
         # Check that admin is able to list migrations.
-        self.admin_authorized_contexts = [
+        self.reader_authorized_contexts = [
             self.legacy_admin_context, self.system_admin_context,
-            self.project_admin_context
+            self.project_admin_context, self.system_member_context,
+            self.system_reader_context
         ]
         # Check that non-admin is not able to list migrations.
-        self.admin_unauthorized_contexts = [
-            self.system_member_context, self.system_reader_context,
+        self.reader_unauthorized_contexts = [
             self.system_foo_context, self.project_member_context,
             self.project_reader_context, self.project_foo_context,
             self.other_project_member_context
@@ -48,8 +48,8 @@ class MigrationsPolicyTest(base.BasePolicyTest):
     @mock.patch('nova.compute.api.API.get_migrations')
     def test_list_migrations_policy(self, mock_migration):
         rule_name = migrations_policies.POLICY_ROOT % 'index'
-        self.common_policy_check(self.admin_authorized_contexts,
-                                 self.admin_unauthorized_contexts,
+        self.common_policy_check(self.reader_authorized_contexts,
+                                 self.reader_unauthorized_contexts,
                                  rule_name, self.controller.index,
                                  self.req)
 
@@ -69,13 +69,13 @@ class MigrationsScopeTypePolicyTest(MigrationsPolicyTest):
         super(MigrationsScopeTypePolicyTest, self).setUp()
         self.flags(enforce_scope=True, group="oslo_policy")
 
-        # Check that system admin is able to list migrations.
-        self.admin_authorized_contexts = [
-            self.system_admin_context]
-        # Check that non system admin is not able to list migrations.
-        self.admin_unauthorized_contexts = [
+        # Check that system reader is able to list migrations.
+        self.reader_authorized_contexts = [
+            self.system_admin_context, self.system_member_context,
+            self.system_reader_context]
+        # Check that non system reader is not able to list migrations.
+        self.reader_unauthorized_contexts = [
             self.legacy_admin_context, self.project_admin_context,
-            self.system_member_context, self.system_reader_context,
             self.system_foo_context, self.project_member_context,
             self.project_reader_context, self.project_foo_context,
             self.other_project_member_context
diff --git a/nova/tests/unit/test_policy.py b/nova/tests/unit/test_policy.py
index a4f65e82430a..8ac81a744a7a 100644
--- a/nova/tests/unit/test_policy.py
+++ b/nova/tests/unit/test_policy.py
@@ -356,7 +356,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 "os_compute_api:os-simple-tenant-usage:list",
 "os_compute_api:os-availability-zone:detail",
 "os_compute_api:os-used-limits",
-"os_compute_api:os-migrations:index",
 "os_compute_api:os-assisted-volume-snapshots:create",
 "os_compute_api:os-assisted-volume-snapshots:delete",
 "os_compute_api:os-console-auth-tokens",
@@ -456,6 +455,7 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 )
 
         self.system_reader_rules = (
+"os_compute_api:os-migrations:index",
 "os_compute_api:os-services:list",
 "os_compute_api:os-instance-actions:events:details",
 "os_compute_api:os-instance-usage-audit-log:list",