diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index 188eb0d8e6..fdbe357bea 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -1,8 +1,6 @@
 {
     "admin_required": "role:admin",
     "cloud_admin": "role:admin and (is_admin_project:True or domain_id:admin_domain_id)",
-    "service_role": "role:service",
-    "service_or_admin": "rule:admin_required or rule:service_role",
     "owner": "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
     "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
     "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
@@ -10,24 +8,16 @@
 
     "default": "rule:admin_required",
 
-    "identity:get_limit_model": "",
     "identity:get_limit": "",
-    "identity:list_limits": "",
     "identity:create_limits": "rule:admin_required",
     "identity:update_limit": "rule:admin_required",
     "identity:delete_limit": "rule:admin_required",
 
-    "identity:create_project_tag": "rule:admin_required",
-    "identity:delete_project_tag": "rule:admin_required",
     "identity:get_project_tag": "rule:admin_required",
     "identity:list_project_tags": "rule:admin_required",
-    "identity:delete_project_tags": "rule:admin_required",
-    "identity:update_project_tags": "rule:admin_required",
 
-    "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
     "identity:ec2_list_credentials": "rule:admin_required or rule:owner",
     "identity:ec2_create_credential": "rule:admin_required or rule:owner",
-    "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
 
     "identity:get_domain_role": "rule:cloud_admin or rule:get_domain_roles",
     "identity:list_domain_roles": "rule:cloud_admin or rule:list_domain_roles",
@@ -78,57 +68,8 @@
     "identity:check_token": "rule:admin_or_owner",
     "identity:validate_token": "rule:service_admin_or_owner",
     "identity:validate_token_head": "rule:service_or_admin",
-    "identity:revocation_list": "rule:service_or_admin",
     "identity:revoke_token": "rule:admin_or_owner",
 
-    "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
-    "identity:list_trusts": "",
-    "identity:list_roles_for_trust": "",
-    "identity:get_role_for_trust": "",
-    "identity:delete_trust": "",
-    "identity:get_trust": "",
-
-    "identity:create_consumer": "rule:admin_required",
-    "identity:get_consumer": "rule:admin_required",
-    "identity:list_consumers": "rule:admin_required",
-    "identity:delete_consumer": "rule:admin_required",
-    "identity:update_consumer": "rule:admin_required",
-
-    "identity:authorize_request_token": "rule:admin_required",
-    "identity:list_access_token_roles": "rule:admin_required",
-    "identity:get_access_token_role": "rule:admin_required",
-    "identity:list_access_tokens": "rule:admin_required",
-    "identity:get_access_token": "rule:admin_required",
-    "identity:delete_access_token": "rule:admin_required",
-
-    "identity:list_projects_for_endpoint": "rule:admin_required",
-    "identity:add_endpoint_to_project": "rule:admin_required",
-    "identity:check_endpoint_in_project": "rule:admin_required",
-    "identity:list_endpoints_for_project": "rule:admin_required",
-    "identity:remove_endpoint_from_project": "rule:admin_required",
-
-    "identity:create_endpoint_group": "rule:admin_required",
-    "identity:list_endpoint_groups": "rule:admin_required",
-    "identity:get_endpoint_group": "rule:admin_required",
-    "identity:update_endpoint_group": "rule:admin_required",
-    "identity:delete_endpoint_group": "rule:admin_required",
-    "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
-    "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
-    "identity:get_endpoint_group_in_project": "rule:admin_required",
-    "identity:list_endpoint_groups_for_project": "rule:admin_required",
-    "identity:add_endpoint_group_to_project": "rule:admin_required",
-    "identity:remove_endpoint_group_from_project": "rule:admin_required",
-
-    "identity:get_auth_catalog": "",
-    "identity:get_auth_projects": "",
-    "identity:get_auth_domains": "",
-    "identity:get_auth_system": "",
-
-    "identity:list_projects_for_user": "",
-    "identity:list_domains_for_user": "",
-
-    "identity:list_revoke_events": "rule:service_or_admin",
-
     "identity:create_policy_association_for_endpoint": "rule:cloud_admin",
     "identity:check_policy_association_for_endpoint": "rule:cloud_admin",
     "identity:delete_policy_association_for_endpoint": "rule:cloud_admin",
@@ -143,13 +84,7 @@
 
     "identity:create_domain_config": "rule:cloud_admin",
     "identity:get_domain_config": "rule:cloud_admin",
-    "identity:get_security_compliance_domain_config": "",
     "identity:update_domain_config": "rule:cloud_admin",
     "identity:delete_domain_config": "rule:cloud_admin",
-    "identity:get_domain_config_default": "rule:cloud_admin",
-
-    "identity:get_application_credential": "rule:admin_or_owner",
-    "identity:list_application_credentials": "rule:admin_or_owner",
-    "identity:create_application_credential": "rule:admin_or_owner",
-    "identity:delete_application_credential": "rule:admin_or_owner"
+    "identity:get_domain_config_default": "rule:cloud_admin"
 }
diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py
index 79f02897ab..db8db5ffd5 100644
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@@ -181,6 +181,62 @@ class PolicyJsonTestCase(unit.TestCase):
         # TODO(lbragstad): Once all policies have been removed from
         # policy.v3cloudsample.json, remove this test.
         removed_policies = [
+            'service_role',
+            'service_or_admin',
+            'identity:get_limit_model',
+            'identity:list_limits',
+            'identity:create_project_tag',
+            'identity:delete_project_tag',
+            'identity:delete_project_tags',
+            'identity:update_project_tags',
+            'identity:ec2_get_credential',
+            'identity:ec2_delete_credential',
+            'identity:revocation_list',
+            'identity:create_trust',
+            'identity:list_trusts',
+            'identity:list_roles_for_trust',
+            'identity:get_role_for_trust',
+            'identity:delete_trust',
+            'identity:get_trust',
+            'identity:create_consumer',
+            'identity:get_consumer',
+            'identity:list_consumers',
+            'identity:delete_consumer',
+            'identity:update_consumer',
+            'identity:authorize_request_token',
+            'identity:list_access_token_roles',
+            'identity:get_access_token_role',
+            'identity:list_access_tokens',
+            'identity:get_access_token',
+            'identity:delete_access_token',
+            'identity:list_projects_for_endpoint',
+            'identity:add_endpoint_to_project',
+            'identity:check_endpoint_in_project',
+            'identity:list_endpoints_for_project',
+            'identity:remove_endpoint_from_project',
+            'identity:create_endpoint_group',
+            'identity:list_endpoint_groups',
+            'identity:get_endpoint_group',
+            'identity:update_endpoint_group',
+            'identity:delete_endpoint_group',
+            'identity:list_projects_associated_with_endpoint_group',
+            'identity:list_endpoints_associated_with_endpoint_group',
+            'identity:get_endpoint_group_in_project',
+            'identity:list_endpoint_groups_for_project',
+            'identity:add_endpoint_group_to_project',
+            'identity:remove_endpoint_group_from_project',
+            'identity:get_auth_catalog',
+            'identity:get_auth_projects',
+            'identity:get_auth_domains',
+            'identity:get_auth_system',
+            'identity:list_projects_for_user',
+            'identity:list_domains_for_user',
+            'identity:list_revoke_events',
+            'identity:get_security_compliance_domain_config',
+            'identity:get_application_credential',
+            'identity:list_application_credentials',
+            'identity:create_application_credential',
+            'identity:delete_application_credential',
             'identity:create_credential',
             'identity:get_credential',
             'identity:list_credentials',
diff --git a/releasenotes/notes/bug-1806762-c3bfc71cb9bb94f3.yaml b/releasenotes/notes/bug-1806762-c3bfc71cb9bb94f3.yaml
index 61240a573a..a0b1e1be93 100644
--- a/releasenotes/notes/bug-1806762-c3bfc71cb9bb94f3.yaml
+++ b/releasenotes/notes/bug-1806762-c3bfc71cb9bb94f3.yaml
@@ -10,6 +10,14 @@ upgrade:
     users with role assignments on a domain to retrieve that domain,
     as opposed to only allowing users with the ``admin`` role to access
     that policy.
+
+    All policies in ``policy.v3cloudsample.json`` that are redundant with the
+    defaults in code have been removed. This improves maintainability and
+    leaves the ``policy.v3cloudsample.json`` policy file with only
+    overrides. These overrides will eventually be moved into code or new
+    defaults in keystone directly. If you're using the policies removed
+    from ``policy.v3cloudsample.json`` please check to see if you can migrate
+    to the new defaults or continue maintaining the policy as an override.
 fixes:
   - |
     [`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]