diff --git a/pkg/registry/resource/resourceclaim/strategy.go b/pkg/registry/resource/resourceclaim/strategy.go
index 1aa2f47e918..ea8f11a758b 100644
--- a/pkg/registry/resource/resourceclaim/strategy.go
+++ b/pkg/registry/resource/resourceclaim/strategy.go
@@ -182,20 +182,25 @@ func dropDisabledDRAAdminAccessFields(newClaim, oldClaim *resource.ResourceClaim
 		// No need to drop anything.
 		return
 	}
+	if draAdminAccessFeatureInUse(oldClaim) {
+		// If anything was set in the past, then fields must not get
+		// dropped on potentially unrelated updates and, for example,
+		// adding a status with AdminAccess=true is allowed. The
+		// scheduler typically doesn't do that (it also checks the
+		// feature gate and refuses to schedule), but the apiserver
+		// would allow it.
+		return
+	}
 
 	for i := range newClaim.Spec.Devices.Requests {
-		if newClaim.Spec.Devices.Requests[i].AdminAccess != nil && !draAdminAccessFeatureInUse(oldClaim) {
-			newClaim.Spec.Devices.Requests[i].AdminAccess = nil
-		}
+		newClaim.Spec.Devices.Requests[i].AdminAccess = nil
 	}
 
 	if newClaim.Status.Allocation == nil {
 		return
 	}
 	for i := range newClaim.Status.Allocation.Devices.Results {
-		if newClaim.Status.Allocation.Devices.Results[i].AdminAccess != nil && !draAdminAccessFeatureInUse(oldClaim) {
-			newClaim.Status.Allocation.Devices.Results[i].AdminAccess = nil
-		}
+		newClaim.Status.Allocation.Devices.Results[i].AdminAccess = nil
 	}
 }
 
diff --git a/pkg/registry/resource/resourceclaimtemplate/strategy.go b/pkg/registry/resource/resourceclaimtemplate/strategy.go
index 7f43c79919e..3677683e9f7 100644
--- a/pkg/registry/resource/resourceclaimtemplate/strategy.go
+++ b/pkg/registry/resource/resourceclaimtemplate/strategy.go
@@ -108,11 +108,14 @@ func dropDisabledDRAAdminAccessFields(newClaimTemplate, oldClaimTemplate *resour
 		// No need to drop anything.
 		return
 	}
+	if draAdminAccessFeatureInUse(oldClaimTemplate) {
+		// If anything was set in the past, then fields must not get
+		// dropped on potentially unrelated updates.
+		return
+	}
 
 	for i := range newClaimTemplate.Spec.Spec.Devices.Requests {
-		if newClaimTemplate.Spec.Spec.Devices.Requests[i].AdminAccess != nil && !draAdminAccessFeatureInUse(oldClaimTemplate) {
-			newClaimTemplate.Spec.Spec.Devices.Requests[i].AdminAccess = nil
-		}
+		newClaimTemplate.Spec.Spec.Devices.Requests[i].AdminAccess = nil
 	}
 }