diff --git a/etc/kayobe/kolla/config/ironic/policy.yaml b/etc/kayobe/kolla/config/ironic/policy.yaml
new file mode 100644
index 000000000..3461786cc
--- /dev/null
+++ b/etc/kayobe/kolla/config/ironic/policy.yaml
@@ -0,0 +1,6 @@
+# Retrieve multiple Node records
+# GET  /nodes
+# GET  /nodes/detail
+# Intended scope(s): system, project
+# Overridden: added role:admin
+"baremetal:node:list_all": "role:admin or (role:reader and system_scope:all) or (role:service and system_scope:all) or rule:service_role"
diff --git a/releasenotes/notes/allow-admins-to-list-bms-ff0bc40d605d4ca2.yaml b/releasenotes/notes/allow-admins-to-list-bms-ff0bc40d605d4ca2.yaml
new file mode 100644
index 000000000..b830aac0d
--- /dev/null
+++ b/releasenotes/notes/allow-admins-to-list-bms-ff0bc40d605d4ca2.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Added a custom policy to Ironic that allows users with the `admin` role to
+    list all baremetal nodes. This is required at sites where baremetal
+    provisioning targets a specific node, as we need to look up the node's uuid
+    to pass as the hypervisor hostname.