diff --git a/pkg/services/folder/folderimpl/folder.go b/pkg/services/folder/folderimpl/folder.go
index 8db17f447ca..7fb2488675d 100644
--- a/pkg/services/folder/folderimpl/folder.go
+++ b/pkg/services/folder/folderimpl/folder.go
@@ -131,6 +131,9 @@ func (s *Service) GetFolders(ctx context.Context, q folder.GetFoldersQuery) ([]*
 	permissions := q.SignedInUser.GetPermissions()
 	folderPermissions := permissions[dashboards.ActionFoldersRead]
 	qry.ancestorUIDs = make([]string, 0, len(folderPermissions))
+	if len(folderPermissions) == 0 && !q.SignedInUser.GetIsGrafanaAdmin() {
+		return nil, nil
+	}
 	for _, p := range folderPermissions {
 		if p == dashboards.ScopeFoldersAll {
 			// no need to query for folders with permissions
diff --git a/pkg/services/folder/folderimpl/folder_test.go b/pkg/services/folder/folderimpl/folder_test.go
index 8798658ff9e..c35cc457500 100644
--- a/pkg/services/folder/folderimpl/folder_test.go
+++ b/pkg/services/folder/folderimpl/folder_test.go
@@ -1309,6 +1309,7 @@ func TestIntegrationNestedFolderSharedWithMe(t *testing.T) {
 		orgID: {
 			dashboards.ActionFoldersCreate: {},
 			dashboards.ActionFoldersWrite:  {dashboards.ScopeFoldersAll},
+			dashboards.ActionFoldersRead:   {dashboards.ScopeFoldersAll},
 		},
 	}}
 
@@ -1587,6 +1588,16 @@ func TestIntegrationNestedFolderSharedWithMe(t *testing.T) {
 					},
 				},
 			},
+			{
+				name: "Should not get any folders if user has no permissions",
+				cmd: folder.GetFoldersQuery{
+					OrgID: orgID,
+					SignedInUser: &user.SignedInUser{UserID: 999, OrgID: orgID, Permissions: map[int64]map[string][]string{
+						orgID: {},
+					}},
+				},
+				expected: nil,
+			},
 		}
 
 		for _, tc := range testCases {