diff --git a/corehq/apps/users/models.py b/corehq/apps/users/models.py
index eae12b8e4075..54ef06ce2516 100644
--- a/corehq/apps/users/models.py
+++ b/corehq/apps/users/models.py
@@ -652,6 +652,9 @@ def has_permission(self, domain, permission, data=None, restrict_global_admin=Fa
 
         dm = self.get_domain_membership(domain)
         if dm:
+            # an admin has access to all features by default, restrict that if needed
+            if dm.is_admin and restrict_global_admin:
+                return False
             return dm.has_permission(permission, data)
         else:
             return False