diff --git a/etc/kayobe/kolla/config/neutron/policy.yml b/etc/kayobe/kolla/config/neutron/policy.yml
new file mode 100644
index 000000000..6cee340ed
--- /dev/null
+++ b/etc/kayobe/kolla/config/neutron/policy.yml
@@ -0,0 +1,2 @@
+"create_port:fixed_ips:ip_address": "(rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s or role:member and rule:network_owner or role:baremetaluser"
+"create_port:mac_address": "(rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s or role:member and rule:network_owner or role:baremetaluser"
diff --git a/etc/kayobe/kolla/config/nova/policy.yml b/etc/kayobe/kolla/config/nova/policy.yml
new file mode 100644
index 000000000..1b1984533
--- /dev/null
+++ b/etc/kayobe/kolla/config/nova/policy.yml
@@ -0,0 +1,2 @@
+"os_compute_api:servers:create:forced_host": "rule:context_is_admin or role:baremetaluser"
+"compute:servers:create:requested_destination": "rule:context_is_admin or role:baremetaluser"