diff --git a/nova/network/neutron.py b/nova/network/neutron.py
index 26ca07dc6e43..d091405ca0b1 100644
--- a/nova/network/neutron.py
+++ b/nova/network/neutron.py
@@ -3855,7 +3855,7 @@ class API:
             either Segment extension isn't enabled in Neutron or if the network
             isn't configured for routing.
         """
-        client = get_client(context)
+        client = get_client(context, admin=True)
 
         if not self.has_segment_extension(client=client):
             return []
@@ -3886,7 +3886,7 @@ class API:
             extension isn't enabled in Neutron or the provided subnet doesn't
             have segments (if the related network isn't configured for routing)
         """
-        client = get_client(context)
+        client = get_client(context, admin=True)
 
         if not self.has_segment_extension(client=client):
             return None
diff --git a/nova/tests/unit/network/test_neutron.py b/nova/tests/unit/network/test_neutron.py
index dbcfa80c2738..8d6e0638998a 100644
--- a/nova/tests/unit/network/test_neutron.py
+++ b/nova/tests/unit/network/test_neutron.py
@@ -7026,13 +7026,17 @@ class TestAPI(TestAPIBase):
             req_lvl_params.same_subtree,
         )
 
-    def test_get_segment_ids_for_network_no_segment_ext(self):
+    @mock.patch.object(neutronapi, 'get_client')
+    def test_get_segment_ids_for_network_no_segment_ext(self, mock_client):
+        mocked_client = mock.create_autospec(client.Client)
+        mock_client.return_value = mocked_client
         with mock.patch.object(
             self.api, 'has_segment_extension', return_value=False,
         ):
             self.assertEqual(
                 [], self.api.get_segment_ids_for_network(self.context,
                                                          uuids.network_id))
+            mock_client.assert_called_once_with(self.context, admin=True)
 
     @mock.patch.object(neutronapi, 'get_client')
     def test_get_segment_ids_for_network_passes(self, mock_client):
@@ -7046,6 +7050,7 @@ class TestAPI(TestAPIBase):
             res = self.api.get_segment_ids_for_network(
                 self.context, uuids.network_id)
         self.assertEqual([uuids.segment_id], res)
+        mock_client.assert_called_once_with(self.context, admin=True)
         mocked_client.list_subnets.assert_called_once_with(
             network_id=uuids.network_id, fields='segment_id')
 
@@ -7061,6 +7066,7 @@ class TestAPI(TestAPIBase):
             res = self.api.get_segment_ids_for_network(
                 self.context, uuids.network_id)
         self.assertEqual([], res)
+        mock_client.assert_called_once_with(self.context, admin=True)
         mocked_client.list_subnets.assert_called_once_with(
             network_id=uuids.network_id, fields='segment_id')
 
@@ -7076,14 +7082,19 @@ class TestAPI(TestAPIBase):
             self.assertRaises(exception.InvalidRoutedNetworkConfiguration,
                               self.api.get_segment_ids_for_network,
                               self.context, uuids.network_id)
+            mock_client.assert_called_once_with(self.context, admin=True)
 
-    def test_get_segment_id_for_subnet_no_segment_ext(self):
+    @mock.patch.object(neutronapi, 'get_client')
+    def test_get_segment_id_for_subnet_no_segment_ext(self, mock_client):
+        mocked_client = mock.create_autospec(client.Client)
+        mock_client.return_value = mocked_client
         with mock.patch.object(
             self.api, 'has_segment_extension', return_value=False,
         ):
             self.assertIsNone(
                 self.api.get_segment_id_for_subnet(self.context,
                                                    uuids.subnet_id))
+            mock_client.assert_called_once_with(self.context, admin=True)
 
     @mock.patch.object(neutronapi, 'get_client')
     def test_get_segment_id_for_subnet_passes(self, mock_client):
@@ -7097,6 +7108,7 @@ class TestAPI(TestAPIBase):
             res = self.api.get_segment_id_for_subnet(
                 self.context, uuids.subnet_id)
         self.assertEqual(uuids.segment_id, res)
+        mock_client.assert_called_once_with(self.context, admin=True)
         mocked_client.show_subnet.assert_called_once_with(uuids.subnet_id)
 
     @mock.patch.object(neutronapi, 'get_client')
@@ -7111,6 +7123,7 @@ class TestAPI(TestAPIBase):
             self.assertIsNone(
                 self.api.get_segment_id_for_subnet(self.context,
                                                    uuids.subnet_id))
+            mock_client.assert_called_once_with(self.context, admin=True)
 
     @mock.patch.object(neutronapi, 'get_client')
     def test_get_segment_id_for_subnet_fails(self, mock_client):
@@ -7124,6 +7137,7 @@ class TestAPI(TestAPIBase):
             self.assertRaises(exception.InvalidRoutedNetworkConfiguration,
                               self.api.get_segment_id_for_subnet,
                               self.context, uuids.subnet_id)
+            mock_client.assert_called_once_with(self.context, admin=True)
 
     @mock.patch.object(neutronapi.LOG, 'debug')
     def test_get_port_pci_dev(self, mock_debug):
diff --git a/releasenotes/notes/bug-1970383-segment-scheduling-permissions-92ba907b10a9eb1c.yaml b/releasenotes/notes/bug-1970383-segment-scheduling-permissions-92ba907b10a9eb1c.yaml
new file mode 100644
index 000000000000..88495079e756
--- /dev/null
+++ b/releasenotes/notes/bug-1970383-segment-scheduling-permissions-92ba907b10a9eb1c.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    `Bug #1970383 <https://bugs.launchpad.net/nova/+bug/1970383>`_: Fixes a
+    permissions error when using the
+    'query_placement_for_routed_network_aggregates' scheduler variable, which
+    caused a traceback on instance creation for non-admin users.