diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index acfd0e1f46a1..292f1ab6c316 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -2685,4 +2685,10 @@ public void preGetRSGroupInfoOfServer(ObserverContext<MasterCoprocessorEnvironme
         null, Permission.Action.ADMIN);
   }
 
+  @Override
+  public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, String oldName,
+      String newName) throws IOException {
+    accessChecker.requirePermission(getActiveUser(ctx), "renameRSGroup",
+      null, Permission.Action.ADMIN);
+  }
 }
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index fb0fde56023e..e5cd3a1622be 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -331,6 +331,8 @@ public static class CPMasterObserver implements MasterCoprocessor, MasterObserve
     boolean postListTablesInRSGroupCalled = false;
     boolean preGetConfiguredNamespacesAndTablesInRSGroupCalled = false;
     boolean postGetConfiguredNamespacesAndTablesInRSGroupCalled = false;
+    boolean preRenameRSGroup = false;
+    boolean postRenameRSGroup = false;
 
     public void resetFlags() {
       preBalanceRSGroupCalled = false;
@@ -361,6 +363,8 @@ public void resetFlags() {
       postListTablesInRSGroupCalled = false;
       preGetConfiguredNamespacesAndTablesInRSGroupCalled = false;
       postGetConfiguredNamespacesAndTablesInRSGroupCalled = false;
+      preRenameRSGroup = false;
+      postRenameRSGroup = false;
     }
 
     @Override
@@ -523,5 +527,17 @@ public void postGetConfiguredNamespacesAndTablesInRSGroup(
       ObserverContext<MasterCoprocessorEnvironment> ctx, String groupName) throws IOException {
       postGetConfiguredNamespacesAndTablesInRSGroupCalled = true;
     }
+
+    @Override
+    public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, String oldName,
+      String newName) throws IOException {
+      preRenameRSGroup = true;
+    }
+
+    @Override
+    public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, String oldName,
+      String newName) throws IOException {
+      postRenameRSGroup = true;
+    }
   }
 }
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index 3378145498d1..8962dc6b4a6e 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -319,6 +319,16 @@ public void testRemoveServers() throws Exception {
     validateAdminPermissions(action);
   }
 
+  @Test
+  public void testRenameRSGroup() throws Exception {
+    AccessTestAction action = () -> {
+      checkPermission("renameRSGroup");
+      return null;
+    };
+
+    validateAdminPermissions(action);
+  }
+
   private void validateAdminPermissions(AccessTestAction action) throws Exception {
     verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
     verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,