diff --git a/handlers/main.yml b/handlers/main.yml
index 1fcdde3c..b499f2d6 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -47,6 +47,9 @@
   copy:
     src: "/etc/glance/policy.json-{{ glance_venv_tag }}"
     dest: "/etc/glance/policy.json"
+    owner: "root"
+    group: "{{ glance_system_group_name }}"
+    mode: "0640"
     remote_src: yes
 
 - name: Start services