diff --git a/etc/policy.json b/etc/policy.json
index 4bbc8b46..f49bc084 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -25,10 +25,10 @@
 
     "manage_image_cache": "role:admin",
 
-    "get_task": "",
-    "get_tasks": "",
-    "add_task": "",
-    "modify_task": "",
+    "get_task": "role:admin",
+    "get_tasks": "role:admin",
+    "add_task": "role:admin",
+    "modify_task": "role:admin",
 
     "deactivate": "",
     "reactivate": "",
diff --git a/glance/api/v2/tasks.py b/glance/api/v2/tasks.py
index afff3d97..ba5050a3 100644
--- a/glance/api/v2/tasks.py
+++ b/glance/api/v2/tasks.py
@@ -16,6 +16,7 @@
 
 import copy
 
+import debtcollector
 import glance_store
 from oslo_config import cfg
 from oslo_log import log as logging
@@ -42,6 +43,14 @@ LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
 CONF.import_opt('task_time_to_live', 'glance.common.config', group='task')
 
+_DEPRECATION_MESSAGE = ("The task API is being deprecated and "
+                        "it will be superseded by the new image import "
+                        "API. Please refer to this link for more "
+                        "information about the aforementioned process: "
+                        "https://specs.openstack.org/openstack/glance-specs/"
+                        "specs/mitaka/approved/image-import/"
+                        "image-import-refactor.html")
+
 
 class TasksController(object):
     """Manages operations on tasks."""
@@ -55,6 +64,7 @@ class TasksController(object):
         self.gateway = glance.gateway.Gateway(self.db_api, self.store_api,
                                               self.notifier, self.policy)
 
+    @debtcollector.removals.remove(message=_DEPRECATION_MESSAGE)
     def create(self, req, task):
         task_factory = self.gateway.get_task_factory(req.context)
         executor_factory = self.gateway.get_task_executor_factory(req.context)
@@ -74,6 +84,7 @@ class TasksController(object):
             raise webob.exc.HTTPForbidden(explanation=e.msg)
         return new_task
 
+    @debtcollector.removals.remove(message=_DEPRECATION_MESSAGE)
     def index(self, req, marker=None, limit=None, sort_key='created_at',
               sort_dir='desc', filters=None):
         result = {}
@@ -101,6 +112,7 @@ class TasksController(object):
         result['tasks'] = tasks
         return result
 
+    @debtcollector.removals.remove(message=_DEPRECATION_MESSAGE)
     def get(self, req, task_id):
         try:
             task_repo = self.gateway.get_task_repo(req.context)
@@ -120,6 +132,7 @@ class TasksController(object):
             raise webob.exc.HTTPForbidden(explanation=e.msg)
         return task
 
+    @debtcollector.removals.remove(message=_DEPRECATION_MESSAGE)
     def delete(self, req, task_id):
         msg = (_("This operation is currently not permitted on Glance Tasks. "
                  "They are auto deleted after reaching the time based on "
diff --git a/glance/tests/etc/policy.json b/glance/tests/etc/policy.json
index 8dd0d1dc..41665e98 100644
--- a/glance/tests/etc/policy.json
+++ b/glance/tests/etc/policy.json
@@ -26,10 +26,10 @@
 
     "manage_image_cache": "",
 
-    "get_task": "",
-    "get_tasks": "",
-    "add_task": "",
-    "modify_task": "",
+    "get_task": "role:admin",
+    "get_tasks": "role:admin",
+    "add_task": "role:admin",
+    "modify_task": "role:admin",
 
     "get_metadef_namespace": "",
     "get_metadef_namespaces":"",
diff --git a/glance/tests/functional/v2/test_tasks.py b/glance/tests/functional/v2/test_tasks.py
index 619fa803..5522ba27 100644
--- a/glance/tests/functional/v2/test_tasks.py
+++ b/glance/tests/functional/v2/test_tasks.py
@@ -44,11 +44,19 @@ class TestTasks(functional.FunctionalTest):
             'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96',
             'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e',
             'X-Tenant-Id': TENANT1,
-            'X-Roles': 'member',
+            'X-Roles': 'admin',
         }
         base_headers.update(custom_headers or {})
         return base_headers
 
+    def test_task_not_allowed_non_admin(self):
+        self.start_servers(**self.__dict__.copy())
+        roles = {'X-Roles': 'member'}
+        # Task list should be empty
+        path = self._url('/v2/tasks')
+        response = requests.get(path, headers=self._headers(roles))
+        self.assertEqual(403, response.status_code)
+
     def test_task_lifecycle(self):
         self.start_servers(**self.__dict__.copy())
         # Task list should be empty
diff --git a/releasenotes/notes/make-task-api-admin-only-by-default-7def996262e18f7a.yaml b/releasenotes/notes/make-task-api-admin-only-by-default-7def996262e18f7a.yaml
new file mode 100644
index 00000000..b1958e27
--- /dev/null
+++ b/releasenotes/notes/make-task-api-admin-only-by-default-7def996262e18f7a.yaml
@@ -0,0 +1,13 @@
+---
+deprecations:
+  - The task API was added to allow users for uploading images asynchronously
+    and for deployers to have more control in the upload process. Unfortunately,
+    this API has not worked the way it was expected to. Therefore, the task API
+    has entered a deprecation period and it is meant to be replaced by the new
+    import API. This change makes the task API admin only by default so that it
+    is not accidentally deployed as a public API.
+upgrade:
+  - The task API is being deprecated and it has been made admin only. If deployers
+    of Glance would like to have this API as a public one, it is necessary to
+    change the `policy.json` file and remove `role:admin` from every `task`
+    related field.
\ No newline at end of file