diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 523258841..a968e1f4b 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -532,7 +532,6 @@ def floating_ip_count_by_project(context, project_id):
 def floating_ip_fixed_ip_associate(context, floating_address, fixed_address):
     session = get_session()
     with session.begin():
-        # TODO(devcamcar): How to ensure floating_id belongs to user?
         floating_ip_ref = floating_ip_get_by_address(context,
                                                      floating_address,
                                                      session=session)
@@ -547,7 +546,6 @@ def floating_ip_fixed_ip_associate(context, floating_address, fixed_address):
 def floating_ip_deallocate(context, address):
     session = get_session()
     with session.begin():
-        # TODO(devcamcar): How to ensure floating id belongs to user?
         floating_ip_ref = floating_ip_get_by_address(context,
                                                      address,
                                                      session=session)
@@ -561,7 +559,6 @@ def floating_ip_deallocate(context, address):
 def floating_ip_destroy(context, address):
     session = get_session()
     with session.begin():
-        # TODO(devcamcar): Ensure address belongs to user.
         floating_ip_ref = floating_ip_get_by_address(context,
                                                      address,
                                                      session=session)
@@ -572,8 +569,6 @@ def floating_ip_destroy(context, address):
 def floating_ip_disassociate(context, address):
     session = get_session()
     with session.begin():
-        # TODO(devcamcar): Ensure address belongs to user.
-        #                  Does get_floating_ip_by_address handle this?
         floating_ip_ref = floating_ip_get_by_address(context,
                                                      address,
                                                      session=session)
@@ -641,15 +636,20 @@ def floating_ip_get_all_by_project(context, project_id):
 
 @require_context
 def floating_ip_get_by_address(context, address, session=None):
-    # TODO(devcamcar): Ensure the address belongs to user.
     if not session:
         session = get_session()
 
-    result = session.query(models.FloatingIp).\
+    query = session.query(models.FloatingIp).\
                      options(joinedload_all('fixed_ip.network')).\
-                     filter_by(address=address).\
-                     filter_by(deleted=can_read_deleted(context)).\
-                     first()
+                     filter_by(address=address)
+
+    if is_admin_context(context):
+        query = query.filter_by(deleted=can_read_deleted(context)))
+    elif is_user_context(context):
+        query = query.filter_by(project_id=context.project_id).\
+                      filter_by(deleted=False)
+
+    result = query.first()
     if not result:
         raise exception.FloatingIpNotFoundForAddress(address=address)
     return result