diff --git a/manila/share/drivers/cephfs/driver.py b/manila/share/drivers/cephfs/driver.py
index 92f6625088..4de11c2e6c 100644
--- a/manila/share/drivers/cephfs/driver.py
+++ b/manila/share/drivers/cephfs/driver.py
@@ -846,7 +846,16 @@ class NativeProtocolHelper(ganesha.NASHelperBase):
         if share["share_group_id"] is not None:
             argdict.update({"group_name": share["share_group_id"]})
 
-        rados_command(self.rados_client, "fs subvolume deauthorize", argdict)
+        try:
+            rados_command(self.rados_client,
+                          "fs subvolume deauthorize",
+                          argdict)
+        except exception.ShareBackendException as e:
+            if "doesn't exist" in e.msg.lower():
+                LOG.warning(f"%{access['access_to']} did not have access to "
+                            f"share {share['id']}.")
+                return
+            raise e
         rados_command(self.rados_client, "fs subvolume evict", argdict)
 
     def update_access(self, context, share, access_rules, add_rules,
diff --git a/manila/tests/share/drivers/cephfs/test_driver.py b/manila/tests/share/drivers/cephfs/test_driver.py
index 5b7f21259e..89dee79070 100644
--- a/manila/tests/share/drivers/cephfs/test_driver.py
+++ b/manila/tests/share/drivers/cephfs/test_driver.py
@@ -706,6 +706,37 @@ class NativeProtocolHelperTestCase(test.TestCase):
 
         self.assertEqual(2, driver.rados_command.call_count)
 
+    def test_deny_access_missing_access_rule(self):
+        access_deny_prefix = "fs subvolume deauthorize"
+
+        exception_msg = (
+            f"json_command failed - prefix=fs subvolume deauthorize, "
+            f"argdict='vol_name': {self._native_protocol_helper.volname}, "
+            f"'sub_name': '{self._share['id']}', 'auth_id': 'alice', "
+            f"'format': 'json' - exception message: [errno -2] "
+            f"auth ID: alice doesn't exist.")
+
+        driver.rados_command.side_effect = exception.ShareBackendException(
+            msg=exception_msg)
+
+        access_deny_dict = {
+            "vol_name": self._native_protocol_helper.volname,
+            "sub_name": self._share["id"],
+            "auth_id": "alice",
+        }
+
+        self._native_protocol_helper._deny_access(self._context, self._share, {
+            'access_level': 'rw',
+            'access_type': 'cephx',
+            'access_to': 'alice'
+        })
+
+        driver.rados_command.assert_called_once_with(
+            self._native_protocol_helper.rados_client,
+            access_deny_prefix, access_deny_dict)
+
+        self.assertEqual(1, driver.rados_command.call_count)
+
     def test_update_access_add_rm(self):
         alice = {
             'id': 'instance_mapping_id1',
diff --git a/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml b/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml
new file mode 100644
index 0000000000..4468f1dc2f
--- /dev/null
+++ b/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The CephFS driver no longer fails to delete access rules that were never
+    applied or were missing from the back end storage. See `LP #1971530
+    <https://launchpad.net/bugs/1971530>`_ for more details.