diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml
index e64a8d7df2..12c3f47eb3 100644
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@@ -1,4 +1,8 @@
 ---
+- name: Check if Policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
+  register: keystone_policy
+
 - name: Check if Keystone Domain specific settings enabled
   local_action: stat path="{{ node_custom_config }}/keystone/domains"
   register: keystone_domain_cfg
@@ -49,6 +53,13 @@
   with_fileglob:
     - "{{ node_custom_config }}/keystone/domains/*"
 
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/keystone/policy.json"
+    dest: "{{ node_config_directory }}/keystone/policy.json"
+  when:
+    keystone_policy.stat.exists
+
 - name: Copying over wsgi-keystone.conf
   template:
     src: "wsgi-keystone.conf.j2"
diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index 21cc9559ec..acd507ff8a 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -16,6 +16,13 @@
             "perm": "0600",
             "optional": true
         },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/keystone/policy.json",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
         {
             "source": "{{ container_config_directory }}/wsgi-keystone.conf",
             "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",