diff --git a/files/policy.json b/files/policy.json
index 4bbc8b46..3a3042e0 100644
--- a/files/policy.json
+++ b/files/policy.json
@@ -1,5 +1,7 @@
 {
     "context_is_admin":  "role:admin",
+    "tenant_is_owner": "tenant:%(owner)s",
+    "admin_or_owner": "role:admin OR rule:tenant_is_owner",
     "default": "",
 
     "add_image": "",
@@ -7,7 +9,7 @@
     "get_image": "",
     "get_images": "",
     "modify_image": "",
-    "publicize_image": "role:admin",
+    "publicize_image": "rule:admin_or_owner",
     "copy_from": "",
 
     "download_image": "",
@@ -17,11 +19,11 @@
     "get_image_location": "",
     "set_image_location": "",
 
-    "add_member": "",
-    "delete_member": "",
+    "add_member": "rule:admin_or_owner",
+    "delete_member": "rule:admin_or_owner",
     "get_member": "",
     "get_members": "",
-    "modify_member": "",
+    "modify_member": "rule:admin_or_owner",
 
     "manage_image_cache": "role:admin",