diff --git a/pkg/api/types.go b/pkg/api/types.go
index 2b9fbcf52ff1b..6e9241a9c3264 100644
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@@ -144,8 +144,8 @@ type ObjectMeta struct {
 }
 
 const (
-	// TenantAdmin
-	TenantAdmin string = "admin"
+	// UserAdmin the username of the administrator
+	UserAdmin string = "admin"
 	// TenantDefault
 	TenantDefault string = "default"
 	// TenantAll is the default argument to specify on a context when you want to list or filter resources across all tenants
diff --git a/pkg/apiserver/resthandler.go b/pkg/apiserver/resthandler.go
index 933471cf0f9e5..f55455d139f70 100644
--- a/pkg/apiserver/resthandler.go
+++ b/pkg/apiserver/resthandler.go
@@ -281,7 +281,8 @@ func ListResource(r rest.Lister, rw rest.Watcher, scope RequestScope, forceWatch
 		}
 		//
 		url := req.Request.URL.String()
-		if strings.Index(url, "https://") == 0 {
+		userinfo, _ := api.UserFrom(ctx)
+		if strings.Index(url, "https://") == 0 && userinfo.GetName() != api.UserAdmin {
 			tenant := api.TenantValue(ctx)
 			if err := filterListInTenant(result, tenant, scope.Kind, scope.Namer); err != nil {
 				errorJSON(err, scope.Codec, w)
@@ -833,9 +834,6 @@ func filterListInTenant(obj runtime.Object, tenant string, kind string, namer Sc
 	if !runtime.IsListType(obj) {
 		return nil
 	}
-	if tenant == api.TenantAdmin {
-		return nil
-	}
 
 	// Set self-link of objects in the list.
 	items, err := runtime.ExtractList(obj)
diff --git a/pkg/auth/authorizer/keystone/keystone.go b/pkg/auth/authorizer/keystone/keystone.go
index 4edaf7eb24e4e..b80351be4e7f9 100644
--- a/pkg/auth/authorizer/keystone/keystone.go
+++ b/pkg/auth/authorizer/keystone/keystone.go
@@ -143,6 +143,7 @@ func (ka *keystoneAuthorizer) Authorize(a authorizer.Attributes) (string, error)
 
 func isWhiteListedUser(username string) bool {
 	whiteList := map[string]bool{
+		api.UserAdmin:               true,
 		"kubelet":                   true,
 		"kube_proxy":                true,
 		"system:scheduler":          true,