diff --git a/policies/CWpolicy.json b/policies/CWpolicy.json
new file mode 100644
index 0000000..db207b9
--- /dev/null
+++ b/policies/CWpolicy.json
@@ -0,0 +1,42 @@
+{
+    "is_anonymous": "identity:None",
+    "is_authenticated": "not rule:is_anonymous",
+    "swift_reseller": "role:ResellerAdmin",
+    "swift_operator": "role:swiftoperator or role:admin",
+
+    "swift_owner": "rule:swift_reseller or rule:swift_operator or is_admin:True",
+
+    "reseller_request": "rule:swift_reseller",
+    "same_tenant": "account:%%(account)s",
+    "tenant_mismatch": "not rule:same_tenant",
+
+    "allowed_for_authenticated": "rule:swift_reseller or acl:check_cross_tenant or acl:check_is_public or (rule:same_tenant and rule:swift_operator) or (rule:same_tenant and acl:check_roles) or (rule:same_tenant and is_admin:True) or (rule:same_tenant and is_admin:False and acl:check_roles)",
+
+    "allowed_for_anonymous": "is_authoritative:True and acl:check_is_public",
+
+    "allowed_for_user": "(rule:is_authenticated and rule:allowed_for_authenticated) or rule:allowed_for_anonymous",
+
+    "remove_only": "role:remove_only",
+    "upload_disabled": "role:upload_disabled",
+    "support": "role:support",
+
+    "get_account": "rule:allowed_for_user and not rule:remove_only",
+    "post_account": "rule:allowed_for_user and not rule:remove_only",
+    "head_account": "rule:allowed_for_user or rule:support",
+    "delete_account": "rule:swift_reseller",
+    "options_account": "",
+    "get_container": "rule:allowed_for_user and not rule:remove_only",
+    "put_container": "rule:allowed_for_user and not rule:remove_only and not rule:upload_disabled",
+    "delete_container": "rule:allowed_for_user",
+    "post_container": "rule:allowed_for_user and not rule:remove_only and not rule:upload_disabled",
+    "head_container": "rule:allowed_for_user or rule:support",
+    "options_container": "",
+    "get_object": "rule:allowed_for_user and not rule:remove_only",
+    "put_object": "rule:allowed_for_user and not rule:remove_only and not rule:upload_disabled",
+    "copy_object": "rule:allowed_for_user and not rule:remove_only and not rule:upload_disabled",
+    "delete_object": "rule:allowed_for_user",
+    "head_object": "rule:allowed_for_user or rule:support",
+    "post_object": "rule:allowed_for_user and not rule:remove_only and not rule:upload_disabled",
+    "options_object": ""
+}
+
diff --git a/swiftpolicy/swiftpolicy.py b/swiftpolicy/swiftpolicy.py
index ae4d199..1c1d1fd 100644
--- a/swiftpolicy/swiftpolicy.py
+++ b/swiftpolicy/swiftpolicy.py
@@ -55,8 +55,9 @@ class SwiftPolicy(object):
     And add a swift authorization filter section, such as::
 
         [filter:swiftpolicy]
-        use = egg:swift#swiftpolicy
+        use = egg:swiftpolicy#swiftpolicy
         operator_roles = admin, swiftoperator
+        policy = /path/to/policy.json
 
     This maps tenants to account in Swift.