diff --git a/nova/policies/server_diagnostics.py b/nova/policies/server_diagnostics.py
index b18a66e74819..c788b3eb429d 100644
--- a/nova/policies/server_diagnostics.py
+++ b/nova/policies/server_diagnostics.py
@@ -24,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-diagnostics'
 server_diagnostics_policies = [
     policy.DocumentedRuleDefault(
         name=BASE_POLICY_NAME,
-        check_str=base.RULE_ADMIN_API,
+        check_str=base.SYSTEM_ADMIN,
         description="Show the usage data for a server",
         operations=[
             {
diff --git a/nova/tests/unit/policies/test_server_diagnostics.py b/nova/tests/unit/policies/test_server_diagnostics.py
index 63ce40002d97..5758ff24d413 100644
--- a/nova/tests/unit/policies/test_server_diagnostics.py
+++ b/nova/tests/unit/policies/test_server_diagnostics.py
@@ -80,3 +80,26 @@ class ServerDiagnosticsScopeTypePolicyTest(ServerDiagnosticsPolicyTest):
     def setUp(self):
         super(ServerDiagnosticsScopeTypePolicyTest, self).setUp()
         self.flags(enforce_scope=True, group="oslo_policy")
+
+
+class ServerDiagnosticsNoLegacyPolicyTest(
+    ServerDiagnosticsScopeTypePolicyTest):
+    """Test Server Diagnostics APIs policies with system scope enabled,
+    and no more deprecated rules.
+    """
+    without_deprecated_rules = True
+
+    def setUp(self):
+        super(ServerDiagnosticsNoLegacyPolicyTest, self).setUp()
+        # Check that system admin is able to get server diagnostics.
+        self.admin_authorized_contexts = [
+            self.system_admin_context
+        ]
+        # Check that non system admin is not able to get server diagnostics.
+        self.admin_unauthorized_contexts = [
+            self.legacy_admin_context, self.project_admin_context,
+            self.system_member_context, self.system_reader_context,
+            self.system_foo_context, self.project_member_context,
+            self.project_reader_context, self.project_foo_context,
+            self.other_project_member_context
+        ]