diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml
index 9d52b56471..7aaa1b8268 100644
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -161,6 +161,8 @@ nova_cell_rpc_port: "{{ om_rpc_port }}"
 nova_cell_rpc_group_name: "{{ om_rpc_group }}"
 nova_cell_rpc_transport: "{{ om_rpc_transport }}"
 nova_cell_rpc_vhost: "{{ 'nova_' ~ nova_cell_name if nova_cell_name else om_rpc_vhost }}"
+nova_cell_rpc_tags:
+  - "administrator"
 
 nova_cell_notify_user: "{{ nova_cell_rpc_user }}"
 nova_cell_notify_password: "{{ nova_cell_rpc_password }}"
@@ -168,6 +170,7 @@ nova_cell_notify_port: "{{ nova_cell_rpc_port }}"
 nova_cell_notify_group_name: "{{ nova_cell_rpc_group_name }}"
 nova_cell_notify_transport: "{{ nova_cell_rpc_transport }}"
 nova_cell_notify_vhost: "{{ nova_cell_rpc_vhost }}"
+nova_cell_notify_tags: "{{ nova_cell_rpc_tags }}"
 
 # External Rabbit users should override these
 nova_cell_rpc_transport_url: "{{ nova_cell_rpc_transport }}://{% for host in groups[nova_cell_rpc_group_name] %}{{ nova_cell_rpc_user }}:{{ nova_cell_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ nova_cell_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_cell_rpc_vhost }}"
@@ -178,10 +181,12 @@ nova_cell_rpc_rabbitmq_users:
   - user: "{{ nova_cell_rpc_user }}"
     password: "{{ nova_cell_rpc_password }}"
     vhost: "{{ nova_cell_rpc_vhost }}"
+    tags: "{{ nova_cell_rpc_tags }}"
 nova_cell_notify_rabbitmq_users:
   - user: "{{ nova_cell_notify_user }}"
     password: "{{ nova_cell_notify_password }}"
     vhost: "{{ nova_cell_notify_vhost }}"
+    tags: "{{ nova_cell_notify_tags }}"
 
 ####################
 # Docker
diff --git a/ansible/roles/service-rabbitmq/defaults/main.yml b/ansible/roles/service-rabbitmq/defaults/main.yml
index df99fac879..291430c866 100644
--- a/ansible/roles/service-rabbitmq/defaults/main.yml
+++ b/ansible/roles/service-rabbitmq/defaults/main.yml
@@ -21,5 +21,6 @@ service_rabbitmq_delay: 10
 # 'user'
 # 'password'
 # 'vhost'
+# 'tags'
 # Virtual hosts in this list will also be created.
 service_rabbitmq_users: []
diff --git a/ansible/roles/service-rabbitmq/tasks/main.yml b/ansible/roles/service-rabbitmq/tasks/main.yml
index 45f8f021e5..ae8f87a741 100644
--- a/ansible/roles/service-rabbitmq/tasks/main.yml
+++ b/ansible/roles/service-rabbitmq/tasks/main.yml
@@ -22,6 +22,7 @@
           vhost: "{{ item.vhost }}"
           configure_priv: ".*"
           read_priv: ".*"
+          tags: "{{ item.tags | default([]) | join(',') }}"
           write_priv: ".*"
         user: rabbitmq
       loop: "{{ service_rabbitmq_users }}"
diff --git a/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
new file mode 100644
index 0000000000..ec6c1a8488
--- /dev/null
+++ b/releasenotes/notes/fix-rabbitmq-user-tags-8c9d626b28ff5d51.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue with RabbitMQ where tags would be removed from the
+    ``openstack`` user after deploying Nova. This prevents the user from
+    accessing the RabbitMQ management UI. `LP#1875786
+    <https://launchpad.net/bugs/1875786>`__