diff --git a/etc/policy.json b/etc/policy.json
deleted file mode 100644
index 2c63c08510..0000000000
--- a/etc/policy.json
+++ /dev/null
@@ -1,2 +0,0 @@
-{
-}
diff --git a/etc/property-protections-policies.conf.sample b/etc/property-protections-policies.conf.sample
index 38f611e5e8..9ceee30f6c 100644
--- a/etc/property-protections-policies.conf.sample
+++ b/etc/property-protections-policies.conf.sample
@@ -4,8 +4,13 @@
 # property_protection_rule_format=policies is enabled.
 #
 # Specify regular expression for which properties will be protected in []
-# For each section, specify CRUD permissions. You may refer to policies defined
-# in policy.json.
+# For each section, specify CRUD permissions.
+#
+# The permissions specified may refer to policies defined in a policy file.
+# The name of this file may be specified as the value of the policy_file
+# option in the [oslo_policy] section of the glance-api.conf file.  The
+# format of this file may be JSON or YAML.
+#
 # The property rules will be applied in the order specified. Once
 # a match is found the remaining property rules will not be applied.
 #
diff --git a/releasenotes/notes/policy-in-code-implications-438449a73af2893c.yaml b/releasenotes/notes/policy-in-code-implications-438449a73af2893c.yaml
new file mode 100644
index 0000000000..2e89134edf
--- /dev/null
+++ b/releasenotes/notes/policy-in-code-implications-438449a73af2893c.yaml
@@ -0,0 +1,16 @@
+---
+upgrade:
+  - |
+    Operators who use property protections with the
+    ``property_protection_rule_format`` set to  ``policies`` must still
+    define the policy rules used for property protections in a policy
+    file.  The content of the file may be JSON or YAML.  Additionally,
+    we suggest that the absolute pathname of this file be set as the
+    value of ``policy_file`` in the ``[oslo_policy]`` section of the
+    ``glance-api.conf`` file.
+
+    Be aware that if you define a policy rule for ``default`` or
+    ``context_is_admin``, that policy rule will also be used by the
+    policies that govern permissions to perform actions using the
+    Images API, even if these actions are not specified in the policy
+    file.