diff --git a/doc/admin-guide-cloud/image/section_glance-property-protection.xml b/doc/admin-guide-cloud/image/section_glance-property-protection.xml
index 9a53e9318a..b551da8ff4 100644
--- a/doc/admin-guide-cloud/image/section_glance-property-protection.xml
+++ b/doc/admin-guide-cloud/image/section_glance-property-protection.xml
@@ -3,31 +3,99 @@
   xmlns:xi="http://www.w3.org/2001/XInclude"
   xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
   xml:id="glance-property-protection">
-  <title>Image property protection</title>
-  <para>An image property is a key and value pair that is attached to
-    OpenStack Image Service image.</para>
-  <para>Core properties, such as the image name, are defined and set
-    by the cloud administrator. Additional properties, such as
-    licensing and billing information, are defined and set by the
-    cloud administrator and the image owner.</para>
+  <title>Image properties and property protection</title>
+  <para>An image property is a key and value pair that the cloud
+    administrator or the image owner attaches to an OpenStack Image
+    Service image, as follows:</para>
+  <para>
+    <itemizedlist>
+      <listitem>
+        <para>The cloud administrator defines <emphasis role="italic"
+            >core</emphasis> properties, such as the image
+          name.</para>
+      </listitem>
+      <listitem>
+        <para>The cloud administrator and the image owner can define
+            <emphasis role="italic">additional</emphasis> properties,
+          such as licensing and billing information.</para>
+      </listitem>
+    </itemizedlist>
+  </para>
   <para>The cloud administrator can configure any property as
-      <glossterm baseform="protected property">protected</glossterm>,
-    which limits which user roles can perform CRUD operations on that
-    property. Protected properties are generally extra properties to
-    which only cloud administrators have access.</para>
+      <firstterm>protected</firstterm>, which limits which policies or
+    user roles can perform CRUD operations on that property. Protected
+    properties are generally additional properties to which only cloud
+    administrators have access.</para>
   <para>For unprotected image properties, the cloud administrator can
     manage core properties and the image owner can manage additional
     properties.</para>
   <procedure>
     <title>To configure property protection</title>
+    <para>To configure property protection, the cloud administrator
+      completes these steps:</para>
     <step>
-      <para>Define roles in the <filename>policy.json</filename>
-        file.</para>
+      <para>Define roles or policies in the
+          <filename>policy.json</filename> file. To view a sample
+        configuration file, see <link
+          xlink:href="http://docs.openstack.org/trunk/config-reference/content/section_glance-policy.json.html"
+          >policy.json</link>.</para>
     </step>
     <step>
-      <para>Define which roles can manage which properties in the
-          <filename>/etc/glance/property-protections.conf</filename>
-        file.</para>
+      <para>Define which roles or policies can manage which properties
+        in a property protections configuration file. For
+        example:</para>
+      <programlisting language="ini">[x_none_read]
+create = context_is_admin
+read = !
+update = !
+delete = !
+
+[x_none_update]
+create = context_is_admin
+read = context_is_admin
+update = !
+delete = context_is_admin
+
+[x_none_delete]
+create = context_is_admin
+read = context_is_admin
+update = context_is_admin
+delete = !</programlisting>
+      <itemizedlist>
+        <listitem>
+          <para>A value of <literal>@</literal> allows the
+            corresponding operation for a property.</para>
+        </listitem>
+        <listitem>
+          <para>A value of <literal>!</literal> disallows the
+            corresponding operation for a property.</para>
+        </listitem>
+      </itemizedlist>
+    </step>
+    <step>
+      <para>In the <filename>glance-api.conf</filename> file, define
+        the location of a property protections configuration
+        file:</para>
+      <programlisting language="ini">property_protection_file = {file_name}</programlisting>
+      <para>This file contains the rules for property protections and
+        the roles and policies associated with it.</para>
+      <para>By default, property protections are not enforced.</para>
+      <para>If you specify a file name value and the file is not
+        found, the <systemitem role="service">glance-api</systemitem>
+        service does not start.</para>
+      <para>To view a sample configuration file, see <link
+          xlink:href="http://docs.openstack.org/trunk/config-reference/content/section_glance-api.conf.html"
+          >glance-api.conf</link>.</para>
+    </step>
+    <step>
+      <para>Optionally, in the <filename>glance-api.conf</filename>
+        file, specify whether roles or policies are used in the
+        property protections configuration file:</para>
+      <programlisting language="ini">property_protection_rule_format = roles</programlisting>
+      <para>The default is <literal>roles</literal>.</para>
+      <para>To view a sample configuration file, see <link
+          xlink:href="http://docs.openstack.org/trunk/config-reference/content/section_glance-api.conf.html"
+          >glance-api.conf</link>.</para>
     </step>
   </procedure>
 </section>
diff --git a/doc/admin-guide-cloud/pom.xml b/doc/admin-guide-cloud/pom.xml
index 9600b618f2..9fbc643e0d 100644
--- a/doc/admin-guide-cloud/pom.xml
+++ b/doc/admin-guide-cloud/pom.xml
@@ -70,6 +70,7 @@
                     <canonicalUrlBase>http://docs.openstack.org/admin-guide-cloud/content</canonicalUrlBase>
                     <glossaryCollection>${basedir}/../glossary/glossary-terms.xml</glossaryCollection>
                     <branding>openstack</branding>
+                    <formalProcedures>0</formalProcedures>
                 </configuration>
             </plugin>
         </plugins>
diff --git a/doc/glossary/glossary-terms.xml b/doc/glossary/glossary-terms.xml
index 7de3377742..6773c4b562 100644
--- a/doc/glossary/glossary-terms.xml
+++ b/doc/glossary/glossary-terms.xml
@@ -7268,12 +7268,11 @@
         </indexterm></glossterm>
 
       <glossdef>
-        <para>A blob of data that can be specified by the user when launching
-        an instance. This data can be accessed by the instance through the
+        <para>A blob of data that the user can specify when they launch
+          an instance. The instance can access this data through the
         metadata service or config drive.<indexterm class="singular">
             <primary>config drive</primary>
-          </indexterm> Commonly used for passing a shell script that is
-        executed by the instance on boot.</para>
+          </indexterm> Commonly used to pass a shell script that the instance runs on boot.</para>
       </glossdef>
     </glossentry>
 
diff --git a/doc/pom.xml b/doc/pom.xml
index b9d727a4ec..84ec6257ce 100644
--- a/doc/pom.xml
+++ b/doc/pom.xml
@@ -48,7 +48,7 @@
       <plugin>
         <groupId>com.rackspace.cloud.api</groupId>
         <artifactId>clouddocs-maven-plugin</artifactId>
-        <version>2.0.2</version>
+        <version>2.0.4</version>
       </plugin>
     </plugins>
   </build>