diff --git a/nova/api/openstack/compute/security_groups.py b/nova/api/openstack/compute/security_groups.py
index 99294fd2da..b10308393f 100644
--- a/nova/api/openstack/compute/security_groups.py
+++ b/nova/api/openstack/compute/security_groups.py
@@ -150,7 +150,8 @@ class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     def show(self, req, id):
         """Return data about the given security group."""
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'show')
+        context.can(sg_policies.POLICY_NAME % 'show',
+                    target={'project_id': context.project_id})
 
         try:
             id = security_group_api.validate_id(id)
@@ -169,7 +170,8 @@ class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     def delete(self, req, id):
         """Delete a security group."""
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'delete')
+        context.can(sg_policies.POLICY_NAME % 'delete',
+                    target={'project_id': context.project_id})
 
         try:
             id = security_group_api.validate_id(id)
@@ -186,7 +188,8 @@ class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     def index(self, req):
         """Returns a list of security groups."""
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'get')
+        context.can(sg_policies.POLICY_NAME % 'get',
+                    target={'project_id': context.project_id})
 
         search_opts = {}
         search_opts.update(req.GET)
@@ -208,7 +211,8 @@ class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     def create(self, req, body):
         """Creates a new security group."""
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'create')
+        context.can(sg_policies.POLICY_NAME % 'create',
+                    target={'project_id': context.project_id})
 
         security_group = self._from_body(body, 'security_group')
 
@@ -234,7 +238,8 @@ class SecurityGroupController(SecurityGroupControllerBase, wsgi.Controller):
     def update(self, req, id, body):
         """Update a security group."""
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'update')
+        context.can(sg_policies.POLICY_NAME % 'update',
+                    target={'project_id': context.project_id})
 
         try:
             id = security_group_api.validate_id(id)
@@ -270,7 +275,8 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
     @wsgi.expected_errors((400, 403, 404))
     def create(self, req, body):
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'rule:create')
+        context.can(sg_policies.POLICY_NAME % 'rule:create',
+                    target={'project_id': context.project_id})
         sg_rule = self._from_body(body, 'security_group_rule')
         group_id = sg_rule.get('group_id')
         source_group = {}
@@ -345,7 +351,8 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
     @wsgi.response(202)
     def delete(self, req, id):
         context = req.environ['nova.context']
-        context.can(sg_policies.POLICY_NAME % 'rule:delete')
+        context.can(sg_policies.POLICY_NAME % 'rule:delete',
+                    target={'project_id': context.project_id})
 
         try:
             id = security_group_api.validate_id(id)