diff --git a/.zuul.yaml b/.zuul.yaml
index a9d9a53532..25aac920eb 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -59,11 +59,11 @@
       - release-notes-jobs-python3
     check:
       jobs:
-        - magnum-tempest-plugin-tests-api
+        - magnum-tempest-plugin-tests-api-rbac
         - magnum-container-build
     gate:
       jobs:
-        - magnum-tempest-plugin-tests-api
+        - magnum-tempest-plugin-tests-api-rbac
     post:
       jobs:
         - magnum-container-publish
diff --git a/magnum/common/policy.py b/magnum/common/policy.py
index a79d371e56..ff98454e03 100644
--- a/magnum/common/policy.py
+++ b/magnum/common/policy.py
@@ -32,11 +32,16 @@ LOG = logging.getLogger(__name__)
 _ENFORCER = None
 CONF = cfg.CONF
 
-# TODO(gmann): Remove setting the default value of config policy_file
-# once oslo_policy change the default value to 'policy.yaml'.
-# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+# TODO(ricolin): Remove overriding the default value of config options
+# 'policy_file', 'enforce_scope', and 'enforce_new_defaults' once
+# oslo_policy change their default value to what is overridden here.
 DEFAULT_POLICY_FILE = 'policy.yaml'
-opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
+opts.set_defaults(
+    CONF,
+    DEFAULT_POLICY_FILE,
+    enforce_scope=True,
+    enforce_new_defaults=True
+)
 
 
 # we can get a policy enforcer by this init.
diff --git a/releasenotes/notes/enable-enforce-scope-and-new-defaults-572730ea8804a843.yaml b/releasenotes/notes/enable-enforce-scope-and-new-defaults-572730ea8804a843.yaml
new file mode 100644
index 0000000000..6ab68ff0bc
--- /dev/null
+++ b/releasenotes/notes/enable-enforce-scope-and-new-defaults-572730ea8804a843.yaml
@@ -0,0 +1,21 @@
+---
+upgrade:
+  - |
+    The Magnum service enable the API policies (RBAC) new defaults and scope by
+    default. The Default value of config options ``[oslo_policy] enforce_scope``
+    and ``[oslo_policy] enforce_new_defaults`` have been changed
+    to ``True``.
+
+    This means if you are using system scope token to access Magnum API then
+    the request will be failed with 403 error code. Also, new defaults will be
+    enforced by default. To know about the new defaults of each policy
+    rule, refer to the `Policy New Defaults Sample File`_.
+
+    If you want to disable them then modify the below config options value in
+    ``magnum.conf`` file::
+
+      [oslo_policy]
+      enforce_new_defaults=False
+      enforce_scope=False
+
+    .. _`Policy New Defaults Sample File`: https://docs.openstack.org/magnum/latest/configuration/samples/policy-yaml.html