diff --git a/etc/policy.json b/etc/policy.json
index d0e0222047..cd65e6b965 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -35,6 +35,7 @@
     "create_network:provider:segmentation_id": "rule:admin_only",
     "update_network": "rule:admin_or_owner",
     "update_network:segments": "rule:admin_only",
+    "update_network:shared": "rule:admin_only",
     "update_network:provider:network_type": "rule:admin_only",
     "update_network:provider:physical_network": "rule:admin_only",
     "update_network:provider:segmentation_id": "rule:admin_only",
diff --git a/neutron/tests/unit/test_db_plugin.py b/neutron/tests/unit/test_db_plugin.py
index 2e12ec491b..88e158ba2e 100644
--- a/neutron/tests/unit/test_db_plugin.py
+++ b/neutron/tests/unit/test_db_plugin.py
@@ -1730,6 +1730,17 @@ class TestNetworksV2(NeutronDbPluginV2TestCase):
             res = self.deserialize(self.fmt, req.get_response(self.api))
             self.assertTrue(res['network']['shared'])
 
+    def test_update_network_set_shared_owner_returns_404(self):
+        with self.network(shared=False) as network:
+            net_owner = network['network']['tenant_id']
+            data = {'network': {'shared': True}}
+            req = self.new_update_request('networks',
+                                          data,
+                                          network['network']['id'])
+            req.environ['neutron.context'] = context.Context('u', net_owner)
+            res = req.get_response(self.api)
+            self.assertEqual(res.status_int, webob.exc.HTTPNotFound.code)
+
     def test_update_network_with_subnet_set_shared(self):
         with self.network(shared=False) as network:
             with self.subnet(network=network) as subnet: