diff --git a/etc/policy.json b/etc/policy.json
index 8151ef8e6..d0e022204 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -5,6 +5,7 @@
     "admin_only": "rule:context_is_admin",
     "regular_user": "",
     "shared": "field:networks:shared=True",
+    "shared_firewalls": "field:firewalls:shared=True",
     "external": "field:networks:router:external=True",
     "default": "rule:admin_or_owner",
 
@@ -71,13 +72,13 @@
     "delete_firewall": "rule:admin_or_owner",
 
     "create_firewall_policy": "",
-    "get_firewall_policy": "rule:admin_or_owner",
+    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
     "create_firewall_policy:shared": "rule:admin_or_owner",
     "update_firewall_policy": "rule:admin_or_owner",
     "delete_firewall_policy": "rule:admin_or_owner",
 
     "create_firewall_rule": "",
-    "get_firewall_rule": "rule:admin_or_owner",
+    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
     "create_firewall_rule:shared": "rule:admin_or_owner",
     "get_firewall_rule:shared": "rule:admin_or_owner",
     "update_firewall_rule": "rule:admin_or_owner",
diff --git a/neutron/tests/unit/test_policy.py b/neutron/tests/unit/test_policy.py
index d602cd93c..22a7ccad6 100644
--- a/neutron/tests/unit/test_policy.py
+++ b/neutron/tests/unit/test_policy.py
@@ -250,7 +250,12 @@ class NeutronPolicyTestCase(base.BaseTestCase):
             "create_something": "rule:admin_or_owner",
             "create_something:attr": "rule:admin_or_owner",
             "create_something:attr:sub_attr_1": "rule:admin_or_owner",
-            "create_something:attr:sub_attr_2": "rule:admin_only"
+            "create_something:attr:sub_attr_2": "rule:admin_only",
+
+            "get_firewall_policy": "rule:admin_or_owner or "
+                            "rule:shared",
+            "get_firewall_rule": "rule:admin_or_owner or "
+                            "rule:shared"
         }.items())
 
         def fakepolicyinit():
@@ -390,6 +395,18 @@ class NeutronPolicyTestCase(base.BaseTestCase):
         result = policy.enforce(self.context, action, target)
         self.assertTrue(result)
 
+    def test_enforce_firewall_policy_shared(self):
+        action = "get_firewall_policy"
+        target = {'shared': True, 'tenant_id': 'somebody_else'}
+        result = policy.enforce(self.context, action, target)
+        self.assertTrue(result)
+
+    def test_enforce_firewall_rule_shared(self):
+        action = "get_firewall_rule"
+        target = {'shared': True, 'tenant_id': 'somebody_else'}
+        result = policy.enforce(self.context, action, target)
+        self.assertTrue(result)
+
     def test_enforce_tenant_id_check(self):
         # Trigger a policy with rule admin_or_owner
         action = "create_network"