diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml
index a33f61cb..e0ec1deb 100644
--- a/tasks/ironic_post_install.yml
+++ b/tasks/ironic_post_install.yml
@@ -45,3 +45,14 @@
   tags:
     - ironic-init
 
+- name: Build the policy.json file
+  template:
+    src: "policy.json.j2"
+    dest: "/etc/ironic/policy.json"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-init
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
new file mode 100644
index 00000000..f7726778
--- /dev/null
+++ b/templates/policy.json.j2
@@ -0,0 +1,5 @@
+{
+    "admin_api": "role:admin or role:administrator",
+    "show_password": "!",
+    "default": "rule:admin_api"
+}