diff --git a/barbican/common/policies/base.py b/barbican/common/policies/base.py
index debac8fec..c95c7f55d 100644
--- a/barbican/common/policies/base.py
+++ b/barbican/common/policies/base.py
@@ -89,6 +89,9 @@ rules = [
         name='container_project_creator',
         check_str="rule:creator and rule:container_project_match and " +
                   "rule:container_creator_user"),
+    policy.RuleDefault(
+        name='container_project_creator_role',
+        check_str="rule:creator and rule:container_project_match"),
 ]
 
 
diff --git a/barbican/common/policies/containers.py b/barbican/common/policies/containers.py
index 0636e81c2..d015135a1 100644
--- a/barbican/common/policies/containers.py
+++ b/barbican/common/policies/containers.py
@@ -68,7 +68,10 @@ rules = [
     ),
     policy.DocumentedRuleDefault(
         name='container_secret:post',
-        check_str='rule:admin',
+        check_str='rule:container_project_admin or ' +
+                  'rule:container_project_creator or ' +
+                  'rule:container_project_creator_role and ' +
+                  'rule:container_non_private_read',
         scope_types=[],
         description='Add a secret to an existing container.',
         operations=[
@@ -80,7 +83,10 @@ rules = [
     ),
     policy.DocumentedRuleDefault(
         name='container_secret:delete',
-        check_str='rule:admin',
+        check_str='rule:container_project_admin or ' +
+                  'rule:container_project_creator or ' +
+                  'rule:container_project_creator_role and ' +
+                  'rule:container_non_private_read',
         scope_types=[],
         description='Remove a secret from a container.',
         operations=[