diff --git a/etc/magnum/policy.json b/etc/magnum/policy.json
index d8f39b4d7f..dbb42df472 100644
--- a/etc/magnum/policy.json
+++ b/etc/magnum/policy.json
@@ -3,4 +3,11 @@
     "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
     "default": "rule:admin_or_owner",
     "admin_api": "is_admin:True",
+
+    "bay:create": "rule:default",
+    "bay:delete": "rule:default",
+    "bay:detail": "rule:default",
+    "bay:get": "rule:default",
+    "bay:get_all": "rule:default",
+    "bay:update": "rule:default"
 }
diff --git a/magnum/api/controllers/v1/bay.py b/magnum/api/controllers/v1/bay.py
index 14c0653d47..15473e66e9 100644
--- a/magnum/api/controllers/v1/bay.py
+++ b/magnum/api/controllers/v1/bay.py
@@ -27,6 +27,7 @@ from magnum.api.controllers.v1 import collection
 from magnum.api.controllers.v1 import types
 from magnum.api.controllers.v1 import utils as api_utils
 from magnum.common import exception
+from magnum.common import policy
 from magnum import objects
 
 
@@ -207,6 +208,7 @@ class BaysController(rest.RestController):
                                                 sort_key=sort_key,
                                                 sort_dir=sort_dir)
 
+    @policy.enforce_wsgi("bay")
     @wsme_pecan.wsexpose(BayCollection, types.uuid,
                          types.uuid, int, wtypes.text, wtypes.text)
     def get_all(self, bay_uuid=None, marker=None, limit=None,
@@ -221,6 +223,7 @@ class BaysController(rest.RestController):
         return self._get_bays_collection(marker, limit, sort_key,
                                          sort_dir)
 
+    @policy.enforce_wsgi("bay")
     @wsme_pecan.wsexpose(BayCollection, types.uuid,
                          types.uuid, int, wtypes.text, wtypes.text)
     def detail(self, bay_uuid=None, marker=None, limit=None,
@@ -244,6 +247,7 @@ class BaysController(rest.RestController):
                                          sort_key, sort_dir, expand,
                                          resource_url)
 
+    @policy.enforce_wsgi("bay", "get")
     @wsme_pecan.wsexpose(Bay, types.uuid_or_name)
     def get_one(self, bay_ident):
         """Retrieve information about the given bay.
@@ -257,6 +261,7 @@ class BaysController(rest.RestController):
 
         return Bay.convert_with_links(rpc_bay)
 
+    @policy.enforce_wsgi("bay", "create")
     @wsme_pecan.wsexpose(Bay, body=Bay, status_code=201)
     def post(self, bay):
         """Create a new bay.
@@ -281,6 +286,7 @@ class BaysController(rest.RestController):
         pecan.response.location = link.build_url('bays', res_bay.uuid)
         return Bay.convert_with_links(res_bay)
 
+    @policy.enforce_wsgi("bay", "update")
     @wsme.validate(types.uuid, [BayPatchType])
     @wsme_pecan.wsexpose(Bay, types.uuid_or_name, body=[BayPatchType])
     def patch(self, bay_ident, patch):
@@ -314,6 +320,7 @@ class BaysController(rest.RestController):
         res_bay = pecan.request.rpcapi.bay_update(rpc_bay)
         return Bay.convert_with_links(res_bay)
 
+    @policy.enforce_wsgi("bay", "delete")
     @wsme_pecan.wsexpose(None, types.uuid_or_name, status_code=204)
     def delete(self, bay_ident):
         """Delete a bay.
diff --git a/magnum/tests/base.py b/magnum/tests/base.py
index c9453337e3..89c916b9e2 100644
--- a/magnum/tests/base.py
+++ b/magnum/tests/base.py
@@ -29,6 +29,7 @@ import testscenarios
 from magnum.common import context as magnum_context
 from magnum.objects import base as objects_base
 from magnum.tests import conf_fixture
+from magnum.tests import policy_fixture
 
 
 CONF = cfg.CONF
@@ -68,6 +69,8 @@ class TestCase(base.BaseTestCase):
             project_id='fake_project',
             user_id='fake_user')
 
+        self.policy = self.useFixture(policy_fixture.PolicyFixture())
+
         def make_context(*args, **kwargs):
             # If context hasn't been constructed with token_info
             if not kwargs.get('auth_token_info'):
diff --git a/magnum/tests/fake_policy.py b/magnum/tests/fake_policy.py
new file mode 100644
index 0000000000..f26d3b5f74
--- /dev/null
+++ b/magnum/tests/fake_policy.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+policy_data = """
+{
+    "context_is_admin":  "role:admin",
+    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+    "admin_api": "is_admin:True",
+
+    "bay:create": "",
+    "bay:delete": "",
+    "bay:detail": "",
+    "bay:get": "",
+    "bay:get_all": "",
+    "bay:update": ""
+}
+"""
+
+
+policy_data_compat_juno = """
+{
+}
+"""
+
+
+def get_policy_data(compat):
+    if not compat:
+        return policy_data
+    elif compat == 'juno':
+        return policy_data_compat_juno
+    else:
+        raise Exception('Policy data for %s not available' % compat)
diff --git a/magnum/tests/policy_fixture.py b/magnum/tests/policy_fixture.py
new file mode 100644
index 0000000000..70f8f5f8e0
--- /dev/null
+++ b/magnum/tests/policy_fixture.py
@@ -0,0 +1,41 @@
+# Copyright 2012 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import os
+
+import fixtures
+from oslo_config import cfg
+from oslo_policy import opts as policy_opts
+
+from magnum.common import policy as magnum_policy
+from magnum.tests import fake_policy
+
+CONF = cfg.CONF
+
+
+class PolicyFixture(fixtures.Fixture):
+    def __init__(self, compat=None):
+        self.compat = compat
+
+    def setUp(self):
+        super(PolicyFixture, self).setUp()
+        self.policy_dir = self.useFixture(fixtures.TempDir())
+        self.policy_file_name = os.path.join(self.policy_dir.path,
+                                             'policy.json')
+        with open(self.policy_file_name, 'w') as policy_file:
+            policy_file.write(fake_policy.get_policy_data(self.compat))
+        policy_opts.set_defaults(CONF)
+        CONF.set_override('policy_file', self.policy_file_name, 'oslo_policy')
+        magnum_policy._ENFORCER = None
+        self.addCleanup(magnum_policy.init().clear)