diff --git a/neutron/conf/policies/base.py b/neutron/conf/policies/base.py
index 661b6042f94..836a1b5ba65 100644
--- a/neutron/conf/policies/base.py
+++ b/neutron/conf/policies/base.py
@@ -81,6 +81,7 @@ SYSTEM_OR_PROJECT_READER = (
 # Additional rules needed in Neutron
 RULE_NET_OWNER = 'rule:network_owner'
 RULE_PARENT_OWNER = 'rule:ext_parent_owner'
+RULE_SG_OWNER = 'rule:sg_owner'
 
 rules = [
     policy.RuleDefault(
@@ -141,6 +142,10 @@ rules = [
         'ext_parent_owner',
         'tenant_id:%(ext_parent:tenant_id)s',
         description='Rule for common parent owner check'),
+    policy.RuleDefault(
+        name='sg_owner',
+        check_str='tenant_id:%(security_group:tenant_id)s',
+        description='Rule for security group owner access'),
 ]
 
 
diff --git a/neutron/conf/policies/security_group.py b/neutron/conf/policies/security_group.py
index 2f78c13ec26..f3a9d3d1e6c 100644
--- a/neutron/conf/policies/security_group.py
+++ b/neutron/conf/policies/security_group.py
@@ -140,7 +140,7 @@ rules = [
         name='get_security_group_rule',
         check_str=base.policy_or(
             base.SYSTEM_OR_PROJECT_READER,
-            RULE_ADMIN_OWNER_OR_SG_OWNER),
+            base.RULE_SG_OWNER),
         scope_types=['system', 'project'],
         description='Get a security group rule',
         operations=[