diff --git a/nova/policies/services.py b/nova/policies/services.py
index fcec2483f40a..8c4f406f62a2 100644
--- a/nova/policies/services.py
+++ b/nova/policies/services.py
@@ -59,7 +59,8 @@ services_policies = [
                 'method': 'DELETE',
                 'path': '/os-services/{service_id}'
             }
-        ]),
+        ],
+        scope_types=['system']),
 ]
 
 
diff --git a/nova/tests/unit/policies/test_services.py b/nova/tests/unit/policies/test_services.py
index 058c7d26a409..2619062aeb4e 100644
--- a/nova/tests/unit/policies/test_services.py
+++ b/nova/tests/unit/policies/test_services.py
@@ -97,3 +97,15 @@ class ServicesScopeTypePolicyTest(ServicesPolicyTest):
     def setUp(self):
         super(ServicesScopeTypePolicyTest, self).setUp()
         self.flags(enforce_scope=True, group="oslo_policy")
+
+        # Check that system admin is able to change the service
+        self.admin_authorized_contexts = [
+            self.system_admin_context]
+        # Check that non-system or non-admin is not able to change the service
+        self.admin_unauthorized_contexts = [
+            self.legacy_admin_context, self.system_member_context,
+            self.system_reader_context, self.system_foo_context,
+            self.project_admin_context, self.project_member_context,
+            self.other_project_member_context,
+            self.project_foo_context, self.project_reader_context
+        ]