diff --git a/ironic/api/hooks.py b/ironic/api/hooks.py
index 758e56e299..a6b6c42341 100644
--- a/ironic/api/hooks.py
+++ b/ironic/api/hooks.py
@@ -100,9 +100,6 @@ class ContextHook(hooks.PecanHook):
         if cfg.CONF.auth_strategy != 'keystone':
             ctx.auth_token = None
 
-        creds = ctx.to_policy_values()
-        is_admin = policy.check('is_admin', creds, creds)
-        ctx.is_admin = is_admin
         policy_deprecation_check()
 
         state.request.context = ctx
diff --git a/ironic/common/context.py b/ironic/common/context.py
index 68b1d318ae..8c0dd0085c 100644
--- a/ironic/common/context.py
+++ b/ironic/common/context.py
@@ -52,11 +52,7 @@ class RequestContext(context.RequestContext):
 def get_admin_context():
     """Create an administrator context."""
 
-    # TODO(TheJulia): Revise in Xena, is_admin should
-    # no longer be a default, much less passed as it is
-    # deprecated.
     context = RequestContext(auth_token=None,
                              project_id=None,
-                             is_admin=True,
                              overwrite=False)
     return context
diff --git a/ironic/common/glance_service/service_utils.py b/ironic/common/glance_service/service_utils.py
index 70cd6e0300..20cc21ffa5 100644
--- a/ironic/common/glance_service/service_utils.py
+++ b/ironic/common/glance_service/service_utils.py
@@ -114,12 +114,7 @@ def is_image_available(context, image):
         # be able to be used.
         return True
 
-    # TODO(TheJulia): This is potentially a bug below. Admin context doesn't
-    # necessarilly mean the object is *actually* accessible. We should likely
-    # just ask glance... Although everything should also have an auth_token
-    # as noted above. Ultimately we need to tease the is_admin logic apart
-    # and treat things appropriately by checking them as needed.
-    if getattr(image, 'visibility', None) == 'public' or context.is_admin:
+    if getattr(image, 'visibility', None) == 'public':
         return True
 
     return (context.project_id
diff --git a/ironic/tests/unit/api/controllers/v1/test_node.py b/ironic/tests/unit/api/controllers/v1/test_node.py
index 085623796a..bf7931df2c 100644
--- a/ironic/tests/unit/api/controllers/v1/test_node.py
+++ b/ironic/tests/unit/api/controllers/v1/test_node.py
@@ -167,7 +167,6 @@ class TestListNodes(test_api_base.BaseApiTest):
             mock.call('baremetal:node:get:filter_threshold',
                       mock.ANY, mock.ANY)])
         mock_check.assert_has_calls([
-            mock.call('is_admin', mock.ANY, mock.ANY),
             mock.call('show_password', mock.ANY, mock.ANY),
             mock.call('show_instance_secrets', mock.ANY, mock.ANY),
             # Last error is populated above and should trigger a check.
diff --git a/ironic/tests/unit/api/test_hooks.py b/ironic/tests/unit/api/test_hooks.py
index 45058bbe47..b18a78975a 100644
--- a/ironic/tests/unit/api/test_hooks.py
+++ b/ironic/tests/unit/api/test_hooks.py
@@ -220,13 +220,11 @@ class TestContextHook(base.BaseApiTest):
         mock_ctx.from_environ.return_value = ctx
         policy_dict = {'user_id': 'foo'}  # Lots of other values here
         ctx.to_policy_values.return_value = policy_dict
-        mock_policy.return_value = is_admin
+        mock_policy.return_value = False
         context_hook.before(reqstate)
         creds_dict = {'is_public_api': is_public_api}
         mock_ctx.from_environ.assert_called_once_with(environ, **creds_dict)
-        mock_policy.assert_called_once_with('is_admin', policy_dict,
-                                            policy_dict)
-        self.assertIs(is_admin, ctx.is_admin)
+        mock_policy.assert_not_called()
         if auth_strategy == 'noauth':
             self.assertIsNone(ctx.auth_token)
         return context_hook, reqstate
@@ -234,18 +232,14 @@ class TestContextHook(base.BaseApiTest):
     def test_context_hook_not_admin(self):
         self._test_context_hook()
 
-    def test_context_hook_admin(self):
-        self._test_context_hook(is_admin=True)
-
     def test_context_hook_public_api(self):
-        self._test_context_hook(is_admin=True, is_public_api=True)
+        self._test_context_hook(is_public_api=True)
 
     def test_context_hook_noauth_token_removed(self):
         self._test_context_hook(auth_strategy='noauth')
 
     def test_context_hook_after_add_request_id(self):
-        context_hook, reqstate = self._test_context_hook(is_admin=True,
-                                                         request_id='fake-id')
+        context_hook, reqstate = self._test_context_hook(request_id='fake-id')
         context_hook.after(reqstate)
         self.assertEqual('fake-id',
                          reqstate.response.headers['Openstack-Request-Id'])
diff --git a/ironic/tests/unit/common/test_context.py b/ironic/tests/unit/common/test_context.py
index 4b03f73572..124aeba2ba 100644
--- a/ironic/tests/unit/common/test_context.py
+++ b/ironic/tests/unit/common/test_context.py
@@ -26,7 +26,6 @@ class RequestContextTestCase(tests_base.TestCase):
             "user_id": "user1",
             "project_id": "project1",
             "project_name": "somename",
-            'is_admin': True,
             'read_only': True,
             'show_deleted': True,
             'request_id': 'id1',
@@ -51,10 +50,6 @@ class RequestContextTestCase(tests_base.TestCase):
         self.assertEqual('somename', ctx_dict['project_name'])
         self.assertTrue(ctx_dict['is_public_api'])
 
-    def test_get_admin_context(self):
-        admin_context = context.get_admin_context()
-        self.assertTrue(admin_context.is_admin)
-
     @mock.patch.object(oslo_context, 'get_current', autospec=True)
     def test_thread_without_context(self, context_get_mock):
         self.context.update_store = mock.Mock()