diff --git a/handlers/main.yml b/handlers/main.yml
index f4f7761..6eef3dc 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -27,34 +27,11 @@
     - "Restart designate services"
     - "venv changed"
 
-# Note (odyssey4me):
-# The policy.json file is currently read continually by the services
-# and is not only read on service start. We therefore cannot template
-# directly to the file read by the service because the new policies
-# may not be valid until the service restarts. This is particularly
-# important during a major upgrade. We therefore only put the policy
-# file in place after the service has been stopped.
-#
-- name: Copy new policy file into place
-  copy:
-    src: "/etc/designate/policy.json-{{ designate_venv_tag }}"
-    dest: "/etc/designate/policy.json"
-    owner: "root"
-    group: "{{ designate_system_group_name }}"
-    mode: "0640"
-    remote_src: yes
-  when:
-    - designate_policy_overrides != {}
-  listen:
-    - "Restart designate services"
-    - "venv changed"
-
-- name: Remove legacy policy.json file
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
   file:
     path: "/etc/designate/policy.json"
     state: absent
-  when:
-    - designate_policy_overrides == {}
   listen:
     - "Restart designate services"
     - "venv changed"
diff --git a/tasks/designate_post_install.yml b/tasks/designate_post_install.yml
index 86d356b..e610014 100644
--- a/tasks/designate_post_install.yml
+++ b/tasks/designate_post_install.yml
@@ -57,12 +57,27 @@
       config_type: "ini"
   notify: Restart designate services
 
-- name: Implement policy.json if there are overrides configured
-  copy:
-    content: "{{ designate_policy_overrides | to_nice_json }}"
-    dest: "/etc/designate/policy.json-{{ designate_venv_tag }}"
+- name: Implement policy.yaml if there are overrides configured
+  config_template:
+    content: "{{ designate_policy_overrides }}"
+    dest: "/etc/designate/policy.yaml"
+    owner: "{{ designate_system_user_name }}"
+    group: "{{ designate_system_group_name }}"
+    mode: "0644"
+    config_type: yaml
   when:
-    - designate_policy_overrides != {}
+    - designate_policy_overrides | length > 0
+  tags:
+    - designate-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "/etc/designate/policy.yaml"
+    state: absent
+  when:
+    - designate_policy_overrides | length == 0
+  tags:
+    - designate-policy-override
 
 - name: Create Designate pools.yaml file
   copy: