diff --git a/manifests/params.pp b/manifests/params.pp
index 7dc418ef..59d1b6b5 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,6 +6,7 @@ class barbican::params {
   include ::openstacklib::defaults
 
   $client_package_name   = 'python-barbicanclient'
+  $group                 = 'barbican'
   $dogtag_client_package = 'pki-base'
 
   case $::osfamily {
diff --git a/manifests/policy.pp b/manifests/policy.pp
index d358a745..bec287c2 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -29,11 +29,14 @@ class barbican::policy (
 ) {
 
   include ::barbican::deps
+  include ::barbican::params
 
   validate_hash($policies)
 
   Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::barbican::params::group,
   }
 
   create_resources('openstacklib::policy::base', $policies)
diff --git a/spec/classes/barbican_policy_spec.rb b/spec/classes/barbican_policy_spec.rb
index 321e726e..bd1f7824 100644
--- a/spec/classes/barbican_policy_spec.rb
+++ b/spec/classes/barbican_policy_spec.rb
@@ -1,22 +1,3 @@
-#
-# Copyright (C) 2016 Red Hat Inc. <licensing@redhat.com>
-#
-# Author: Ade Lee <alee@redhat.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Unit tests for barbican::policy class
-#
 require 'spec_helper'
 
 describe 'barbican::policy' do
@@ -36,8 +17,10 @@ describe 'barbican::policy' do
 
     it 'set up the policies' do
       is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'barbican',
       })
       is_expected.to contain_oslo__policy('barbican_config').with(
         :policy_file => '/etc/barbican/policy.json',
@@ -56,5 +39,4 @@ describe 'barbican::policy' do
       it_configures 'barbican policies'
     end
   end
-
 end