diff --git a/pkg/api/api.go b/pkg/api/api.go
index ef976fd10eb..75524df2003 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -117,10 +117,10 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/live/pipeline", reqGrafanaAdmin, hs.Index)
 	r.Get("/live/cloud", reqGrafanaAdmin, hs.Index)
 
-	r.Get("/plugins", reqSignedIn, hs.Index)
-	r.Get("/plugins/:id/", reqSignedIn, hs.Index)
-	r.Get("/plugins/:id/edit", reqSignedIn, hs.Index) // deprecated
-	r.Get("/plugins/:id/page/:page", reqSignedIn, hs.Index)
+	r.Get("/plugins", middleware.CanAdminPlugins(hs.Cfg), hs.Index)
+	r.Get("/plugins/:id/", middleware.CanAdminPlugins(hs.Cfg), hs.Index)
+	r.Get("/plugins/:id/edit", middleware.CanAdminPlugins(hs.Cfg), hs.Index) // deprecated
+	r.Get("/plugins/:id/page/:page", middleware.CanAdminPlugins(hs.Cfg), hs.Index)
 	// App Root Page
 	appPluginIDScope := plugins.ScopeProvider.GetResourceScope(ac.Parameter(":id"))
 	r.Get("/a/:id/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, appPluginIDScope)), hs.Index)
diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go
index b7e00465586..9b0484eb51a 100644
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -10,6 +10,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/middleware/cookies"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/plugins"
 	"github.com/grafana/grafana/pkg/services/auth"
 	"github.com/grafana/grafana/pkg/services/dashboards"
 	"github.com/grafana/grafana/pkg/services/org"
@@ -86,6 +87,15 @@ func EnsureEditorOrViewerCanEdit(c *models.ReqContext) {
 	}
 }
 
+func CanAdminPlugins(cfg *setting.Cfg) func(c *models.ReqContext) {
+	return func(c *models.ReqContext) {
+		if !plugins.ReqCanAdminPlugins(cfg)(c) {
+			accessForbidden(c)
+			return
+		}
+	}
+}
+
 func RoleAuth(roles ...org.RoleType) web.Handler {
 	return func(c *models.ReqContext) {
 		ok := false
diff --git a/public/app/features/plugins/admin/routes.tsx b/public/app/features/plugins/admin/routes.tsx
index 9e092654f1b..9f7154749ad 100644
--- a/public/app/features/plugins/admin/routes.tsx
+++ b/public/app/features/plugins/admin/routes.tsx
@@ -10,18 +10,21 @@ const DEFAULT_ROUTES = [
   {
     path: '/plugins',
     navId: 'plugins',
+    roles: () => ['Admin', 'ServerAdmin'],
     routeName: PluginAdminRoutes.Home,
     component: SafeDynamicImport(() => import(/* webpackChunkName: "PluginListPage" */ './pages/Browse')),
   },
   {
     path: '/plugins/browse',
     navId: 'plugins',
+    roles: () => ['Admin', 'ServerAdmin'],
     routeName: PluginAdminRoutes.Browse,
     component: SafeDynamicImport(() => import(/* webpackChunkName: "PluginListPage" */ './pages/Browse')),
   },
   {
     path: '/plugins/:pluginId/',
     navId: 'plugins',
+    roles: () => ['Admin', 'ServerAdmin'],
     routeName: PluginAdminRoutes.Details,
     component: SafeDynamicImport(() => import(/* webpackChunkName: "PluginPage" */ './pages/PluginDetails')),
   },