diff --git a/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php b/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
index d0fbb8c8a5195a7a4fe442cc77c4ff30226b1e88..44ea1e04b42c17ae95221df615d405bd8bd3fd25 100644
--- a/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
+++ b/core/modules/menu/lib/Drupal/menu/Tests/MenuTest.php
@@ -660,6 +660,24 @@ function enableMenuLink($item) {
     $this->assertMenuLink($mlid, array('hidden' => 0));
   }
 
+  /**
+   * Test administrative users other than user 1 can access the menu parents AJAX callback.
+   */
+  public function testMenuParentsJsAccess() {
+
+    $admin = $this->drupalCreateUser(array('administer menu'));
+    $this->drupalLogin($admin);
+    // Just check access to the callback overall, the POST data is irrelevant.
+    $this->drupalGetAJAX('admin/structure/menu/parents');
+    $this->assertResponse(200);
+
+    // Do standard user tests.
+    // Login the user.
+    $this->drupalLogin($this->std_user);
+    $this->drupalGetAJAX('admin/structure/menu/parents');
+    $this->assertResponse(403);
+  }
+
   /**
    * Get standard menu link.
    */
diff --git a/core/modules/menu/menu.module b/core/modules/menu/menu.module
index 850feed4f83a3ad41aa7236b362de36920502a4b..af081e500e3d150a7f8925db26a0edd882635ea1 100644
--- a/core/modules/menu/menu.module
+++ b/core/modules/menu/menu.module
@@ -77,7 +77,7 @@ function menu_menu() {
     'title' => 'Parent menu items',
     'page callback' => 'menu_parent_options_js',
     'type' => MENU_CALLBACK,
-    'access arguments' => array(TRUE),
+    'access arguments' => array('administer menu'),
   );
   $items['admin/structure/menu/list'] = array(
     'title' => 'List menus',