diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst
index 5b581b0a..06c300b9 100644
--- a/doc/source/configuration/index.rst
+++ b/doc/source/configuration/index.rst
@@ -222,6 +222,23 @@ will deny the access and users must contact an admin to change their password.
 Setting this value to ``N`` days means the user will be alerted when the
 password expires in less than ``N+1`` days. ``-1`` disables the feature.
 
+``POLICY_DIRS``
+----------------
+
+Default: ``{}``
+
+Specifies a list of policy directories per service types. The directories
+are relative to ``POLICY_FILES_PATH``. Services whose additional policies
+are defined here must be defined in ``POLICY_FILES`` too. Otherwise,
+additional policies specified in ``POLICY_DIRS`` are not loaded.
+
+Example::
+
+    POLICY_DIRS = {
+        'identity': 'keystone_policy.d',
+        'compute': 'nova_policy.d'
+    }
+
 ``POLICY_FILES``
 ----------------
 
diff --git a/openstack_auth/policy.py b/openstack_auth/policy.py
index 81fc7c2f..e0a3ab03 100644
--- a/openstack_auth/policy.py
+++ b/openstack_auth/policy.py
@@ -30,16 +30,22 @@ _ENFORCER = None
 _BASE_PATH = getattr(settings, 'POLICY_FILES_PATH', '')
 
 
-def _get_policy_conf():
+def _get_policy_conf(policy_file, policy_dirs=None):
     conf = cfg.ConfigOpts()
     # Passing [] is required. Otherwise oslo.config looks up sys.argv.
     conf([])
     policy_opts.set_defaults(conf)
+    policy_file = os.path.join(_BASE_PATH, policy_file)
+    conf.set_default('policy_file', policy_file, 'oslo_policy')
     # Policy Enforcer has been updated to take in a policy directory
     # as a config option. However, the default value in is set to
     # ['policy.d'] which causes the code to break. Set the default
     # value to empty list for now.
-    conf.set_default('policy_dirs', [], 'oslo_policy')
+    if policy_dirs is None:
+        policy_dirs = []
+    policy_dirs = [os.path.join(_BASE_PATH, policy_dir)
+                   for policy_dir in policy_dirs]
+    conf.set_default('policy_dirs', policy_dirs, 'oslo_policy')
     return conf
 
 
@@ -48,10 +54,11 @@ def _get_enforcer():
     if not _ENFORCER:
         _ENFORCER = {}
         policy_files = getattr(settings, 'POLICY_FILES', {})
-        conf = _get_policy_conf()
+        policy_dirs = getattr(settings, 'POLICY_DIRS', {})
         for service in policy_files.keys():
-            policy_file = os.path.join(_BASE_PATH, policy_files[service])
-            enforcer = policy.Enforcer(conf, policy_file)
+            conf = _get_policy_conf(policy_file=policy_files[service],
+                                    policy_dirs=policy_dirs.get(service, []))
+            enforcer = policy.Enforcer(conf)
             # Ensure enforcer.policy_path is populated.
             enforcer.load_rules()
             if os.path.isfile(enforcer.policy_path):