diff --git a/openstack_dashboard/conf/nova_policy.json b/openstack_dashboard/conf/nova_policy.json
index 487e46c118..8f81561056 100644
--- a/openstack_dashboard/conf/nova_policy.json
+++ b/openstack_dashboard/conf/nova_policy.json
@@ -11,7 +11,7 @@
     "compute:create:forced_host": "is_admin:True",
     "compute:delete": "rule:default",
     "compute:get_all": "",
-    "compute:get_all_tenants": "",
+    "compute:get_all_tenants": "is_admin:True",
     "compute:reboot": "rule:default",
     "compute:rebuild": "rule:default",
     "compute:snapshot": "rule:default",
diff --git a/openstack_dashboard/usage/quotas.py b/openstack_dashboard/usage/quotas.py
index 7cfce73e79..7a2245d08a 100644
--- a/openstack_dashboard/usage/quotas.py
+++ b/openstack_dashboard/usage/quotas.py
@@ -24,6 +24,7 @@ from openstack_dashboard.api import cinder
 from openstack_dashboard.api import network
 from openstack_dashboard.api import neutron
 from openstack_dashboard.api import nova
+from openstack_dashboard import policy
 
 
 LOG = logging.getLogger(__name__)
@@ -254,8 +255,14 @@ def get_disabled_quotas(request):
 
 def _get_tenant_compute_usages(request, usages, disabled_quotas, tenant_id):
     if tenant_id:
+        # determine if the user has permission to view across projects
+        # there are cases where an administrator wants to check the quotas
+        # on a project they are not scoped to
+        all_tenants = policy.check((("compute", "compute:get_all_tenants"),),
+                                   request)
         instances, has_more = nova.server_list(
-            request, search_opts={'tenant_id': tenant_id}, all_tenants=True)
+            request, search_opts={'tenant_id': tenant_id},
+            all_tenants=all_tenants)
     else:
         instances, has_more = nova.server_list(request)