diff --git a/etc/policy.json b/etc/policy.json
index e7db4357..1664c8d7 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -1,6 +1,7 @@
 {
     "context_is_admin":  "role:admin",
     "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
+    "context_is_advsvc":  "role:advsvc",
     "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
     "admin_only": "rule:context_is_admin",
     "regular_user": "",
@@ -15,7 +16,7 @@
     "delete_subnet": "rule:admin_or_network_owner",
 
     "create_network": "",
-    "get_network": "rule:admin_or_owner or rule:shared or rule:external",
+    "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
     "get_network:router:external": "rule:regular_user",
     "get_network:segments": "rule:admin_only",
     "get_network:provider:network_type": "rule:admin_only",
@@ -38,25 +39,25 @@
     "delete_network": "rule:admin_or_owner",
 
     "create_port": "",
-    "create_port:mac_address": "rule:admin_or_network_owner",
-    "create_port:fixed_ips": "rule:admin_or_network_owner",
-    "create_port:port_security_enabled": "rule:admin_or_network_owner",
+    "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
     "create_port:binding:host_id": "rule:admin_only",
     "create_port:binding:profile": "rule:admin_only",
-    "create_port:mac_learning_enabled": "rule:admin_or_network_owner",
-    "get_port": "rule:admin_or_owner",
+    "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "get_port": "rule:admin_or_owner or rule:context_is_advsvc",
     "get_port:queue_id": "rule:admin_only",
     "get_port:binding:vif_type": "rule:admin_only",
     "get_port:binding:vif_details": "rule:admin_only",
     "get_port:binding:host_id": "rule:admin_only",
     "get_port:binding:profile": "rule:admin_only",
-    "update_port": "rule:admin_or_owner",
-    "update_port:fixed_ips": "rule:admin_or_network_owner",
-    "update_port:port_security_enabled": "rule:admin_or_network_owner",
+    "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
+    "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
     "update_port:binding:host_id": "rule:admin_only",
     "update_port:binding:profile": "rule:admin_only",
-    "update_port:mac_learning_enabled": "rule:admin_or_network_owner",
-    "delete_port": "rule:admin_or_owner",
+    "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
 
     "get_router:ha": "rule:admin_only",
     "create_router": "rule:regular_user",