diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index dc35f0c2..2f63cd90 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -46,7 +46,7 @@
 
     "compute:attach_volume": "rule:admin_or_owner",
     "compute:detach_volume": "rule:admin_or_owner",
-    "compute:swap_volume": "rule:admin_or_owner",
+    "compute:swap_volume": "rule:admin_api",
 
     "compute:attach_interface": "rule:admin_or_owner",
     "compute:detach_interface": "rule:admin_or_owner",
@@ -190,7 +190,7 @@
     "compute_extension:volume_attachments:index": "rule:admin_or_owner",
     "compute_extension:volume_attachments:show": "rule:admin_or_owner",
     "compute_extension:volume_attachments:create": "rule:admin_or_owner",
-    "compute_extension:volume_attachments:update": "rule:admin_or_owner",
+    "compute_extension:volume_attachments:update": "rule:admin_api",
     "compute_extension:volume_attachments:delete": "rule:admin_or_owner",
     "compute_extension:volumetypes": "rule:admin_or_owner",
     "compute_extension:availability_zone:list": "rule:admin_or_owner",
@@ -312,6 +312,7 @@
     "os_compute_api:os-cloudpipe": "rule:admin_api",
     "os_compute_api:os-cloudpipe:discoverable": "@",
     "os_compute_api:os-config-drive": "rule:admin_or_owner",
+    "os_compute_api:os-config-drive:discoverable": "@",
     "os_compute_api:os-consoles:discoverable": "@",
     "os_compute_api:os-consoles:create": "rule:admin_or_owner",
     "os_compute_api:os-consoles:delete": "rule:admin_or_owner",
@@ -444,6 +445,12 @@
     "os_compute_api:os-server-usage:discoverable": "@",
     "os_compute_api:os-server-groups": "rule:admin_or_owner",
     "os_compute_api:os-server-groups:discoverable": "@",
+    "os_compute_api:os-server-tags:index": "@",
+    "os_compute_api:os-server-tags:show": "@",
+    "os_compute_api:os-server-tags:update": "@",
+    "os_compute_api:os-server-tags:update_all": "@",
+    "os_compute_api:os-server-tags:delete": "@",
+    "os_compute_api:os-server-tags:delete_all": "@",
     "os_compute_api:os-services": "rule:admin_api",
     "os_compute_api:os-services:discoverable": "@",
     "os_compute_api:server-metadata:discoverable": "@",
@@ -473,7 +480,7 @@
     "os_compute_api:os-volumes-attachments:index": "rule:admin_or_owner",
     "os_compute_api:os-volumes-attachments:show": "rule:admin_or_owner",
     "os_compute_api:os-volumes-attachments:create": "rule:admin_or_owner",
-    "os_compute_api:os-volumes-attachments:update": "rule:admin_or_owner",
+    "os_compute_api:os-volumes-attachments:update": "rule:admin_api",
     "os_compute_api:os-volumes-attachments:delete": "rule:admin_or_owner",
     "os_compute_api:os-volumes-attachments:discoverable": "@",
     "os_compute_api:os-availability-zone:list": "rule:admin_or_owner",
@@ -487,5 +494,7 @@
     "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
     "os_compute_api:os-assisted-volume-snapshots:discoverable": "@",
     "os_compute_api:os-console-auth-tokens": "rule:admin_api",
-    "os_compute_api:os-server-external-events:create": "rule:admin_api"
+    "os_compute_api:os-console-auth-tokens:discoverable": "@",
+    "os_compute_api:os-server-external-events:create": "rule:admin_api",
+    "os_compute_api:os-server-external-events:discoverable": "@"
 }