diff --git a/nova/policies/server_shares.py b/nova/policies/server_shares.py
index 0b6249ee84..e711926661 100644
--- a/nova/policies/server_shares.py
+++ b/nova/policies/server_shares.py
@@ -21,7 +21,7 @@ POLICY_ROOT = 'os_compute_api:os-server-shares:%s'
 server_shares_policies = [
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'index',
-        check_str=base.PROJECT_READER,
+        check_str=base.PROJECT_READER_OR_ADMIN,
         description="List all shares for given server",
         operations=[
             {
@@ -32,7 +32,7 @@ server_shares_policies = [
         scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'create',
-        check_str=base.PROJECT_MEMBER,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Attach a share to the specified server",
         operations=[
             {
@@ -43,7 +43,7 @@ server_shares_policies = [
         scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'show',
-        check_str=base.PROJECT_READER,
+        check_str=base.PROJECT_READER_OR_ADMIN,
         description="Show a share configured for the specified server",
         operations=[
             {
@@ -54,7 +54,7 @@ server_shares_policies = [
         scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'delete',
-        check_str=base.PROJECT_MEMBER,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Detach a share to the specified server",
         operations=[
             {
diff --git a/releasenotes/notes/fix_server_shares_policies-3eb7b22330f886fc.yaml b/releasenotes/notes/fix_server_shares_policies-3eb7b22330f886fc.yaml
new file mode 100644
index 0000000000..53bee415fa
--- /dev/null
+++ b/releasenotes/notes/fix_server_shares_policies-3eb7b22330f886fc.yaml
@@ -0,0 +1,13 @@
+---
+upgrade:
+  - |
+    The server-shares API policies have been updated to allow admin users
+    (those with the role admin) to access them. There are no changes to the
+    permissions for project users with the role reader/member. The following
+    API policies have been updated from PROJECT_READER/PROJECT_MEMBER to
+    PROJECT_READER_OR_ADMIN/PROJECT_MEMBER_OR_ADMIN to facilitate this change.
+
+    * ``os_compute_api:os-server-shares:index`` → ``PROJECT_READER_OR_ADMIN``
+    * ``os_compute_api:os-server-shares:create`` → ``PROJECT_MEMBER_OR_ADMIN``
+    * ``os_compute_api:os-server-shares:show`` → ``PROJECT_READER_OR_ADMIN``
+    * ``os_compute_api:os-server-shares:delete`` → ``PROJECT_MEMBER_OR_ADMIN``