diff --git a/changelog/unreleased/list-all-spaces.md b/changelog/unreleased/list-all-spaces.md
new file mode 100644
index 0000000000..4928c6459a
--- /dev/null
+++ b/changelog/unreleased/list-all-spaces.md
@@ -0,0 +1,5 @@
+Enhancement: Add API to list all spaces
+
+Added a graph endpoint to enable users with the `list-all-spaces` permission to list all spaces.
+
+https://github.com/owncloud/ocis/pull/2692
diff --git a/go.mod b/go.mod
index 8446801f50..cdf7d6b3ae 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.2.1
 	github.com/coreos/go-oidc/v3 v3.1.0
 	github.com/cs3org/go-cs3apis v0.0.0-20211018122138-391b29bd7803
-	github.com/cs3org/reva v1.15.0
+	github.com/cs3org/reva v1.15.1-0.20211027114107-4879bf6be97a
 	github.com/disintegration/imaging v1.6.2
 	github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
 	github.com/go-chi/chi/v5 v5.0.4
diff --git a/go.sum b/go.sum
index 98cb9c894f..c78ee0ffa2 100644
--- a/go.sum
+++ b/go.sum
@@ -315,8 +315,8 @@ github.com/crewjam/saml v0.4.5/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
 github.com/cs3org/go-cs3apis v0.0.0-20211018122138-391b29bd7803 h1:R/6llgTNKxQQ7GaSTgFn6Fp8N50wIlagmdR7WY5LntM=
 github.com/cs3org/go-cs3apis v0.0.0-20211018122138-391b29bd7803/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva v1.15.0 h1:06Nso0/2ySmt/bXbXip/QQ1bUPwBUuqYm2zJXrYiR2A=
-github.com/cs3org/reva v1.15.0/go.mod h1:Pwo2bbUCXDfGPIxh1392/a7393H7S+roP7ccip67wTI=
+github.com/cs3org/reva v1.15.1-0.20211027114107-4879bf6be97a h1:rg00QAtWaC4vQMWJzp6m5UQfO1WgBg9g9tXz8jvjGtA=
+github.com/cs3org/reva v1.15.1-0.20211027114107-4879bf6be97a/go.mod h1:Pwo2bbUCXDfGPIxh1392/a7393H7S+roP7ccip67wTI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
diff --git a/graph/pkg/service/v0/drives.go b/graph/pkg/service/v0/drives.go
index c14792c34c..c7f7745339 100644
--- a/graph/pkg/service/v0/drives.go
+++ b/graph/pkg/service/v0/drives.go
@@ -43,7 +43,29 @@ func (g Graph) GetDrives(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	permissions := make(map[string]struct{}, 1)
+	s := sproto.NewPermissionService("com.owncloud.api.settings", grpc.DefaultClient)
+
+	_, err = s.GetPermissionByID(ctx, &sproto.GetPermissionByIDRequest{
+		PermissionId: settingsSvc.ListAllSpacesPermissionID,
+	})
+
+	// No error means the user has the permission
+	if err == nil {
+		permissions[settingsSvc.ListAllSpacesPermissionName] = struct{}{}
+	}
+	value, err := json.Marshal(permissions)
+	if err != nil {
+		errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
+		return
+	}
 	res, err := client.ListStorageSpaces(ctx, &storageprovider.ListStorageSpacesRequest{
+		Opaque: &types.Opaque{Map: map[string]*types.OpaqueEntry{
+			"permissions": {
+				Decoder: "json",
+				Value:   value,
+			},
+		}},
 		// TODO add filters?
 	})
 	switch {
diff --git a/graph/pkg/service/v0/service.go b/graph/pkg/service/v0/service.go
index 28e57f0110..192e97c8a6 100644
--- a/graph/pkg/service/v0/service.go
+++ b/graph/pkg/service/v0/service.go
@@ -58,6 +58,7 @@ func NewService(opts ...Option) Service {
 					account.JWTSecret(options.Config.TokenManager.JWTSecret)),
 				)
 				r.Route("/drives", func(r chi.Router) {
+					r.Get("/", svc.GetDrives)
 					r.Post("/", svc.CreateDrive)
 				})
 				r.Route("/Drive({firstSegmentIdentifier})", func(r chi.Router) {
diff --git a/settings/pkg/service/v0/settings.go b/settings/pkg/service/v0/settings.go
index b96819f000..38bae76e99 100644
--- a/settings/pkg/service/v0/settings.go
+++ b/settings/pkg/service/v0/settings.go
@@ -29,6 +29,11 @@ const (
 	// SetSpaceQuotaPermissionName is the hardcoded setting name for the set space quota permission
 	SetSpaceQuotaPermissionName string = "set-space-quota"
 
+	// ListAllSpacesPermissionID is the hardcoded setting UUID for the list all spaces permission
+	ListAllSpacesPermissionID string = "016f6ddd-9501-4a0a-8ebe-64a20ee8ec82"
+	// ListAllSpacesPermissionName is the hardcoded setting name for the list all spaces permission
+	ListAllSpacesPermissionName string = "list-all-spaces"
+
 	// CreateSpacePermissionID is the hardcoded setting UUID for the create space permission
 	CreateSpacePermissionID string = "79e13b30-3e22-11eb-bc51-0b9f0bad9a58"
 	// CreateSpacePermissionName is the hardcoded setting name for the create space permission
@@ -378,6 +383,24 @@ func generatePermissionRequests() []*settings.AddSettingToBundleRequest {
 				},
 			},
 		},
+		{
+			BundleId: BundleUUIDRoleAdmin,
+			Setting: &settings.Setting{
+				Id:          ListAllSpacesPermissionID,
+				Name:        ListAllSpacesPermissionName,
+				DisplayName: "List All Spaces",
+				Description: "This permission allows list all spaces.",
+				Resource: &settings.Resource{
+					Type: settings.Resource_TYPE_SYSTEM,
+				},
+				Value: &settings.Setting_PermissionValue{
+					PermissionValue: &settings.Permission{
+						Operation:  settings.Permission_OPERATION_READ,
+						Constraint: settings.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
+		},
 	}
 }