diff --git a/aodh/tests/functional/api/__init__.py b/aodh/tests/functional/api/__init__.py
index 62980f8ac..58ff76305 100644
--- a/aodh/tests/functional/api/__init__.py
+++ b/aodh/tests/functional/api/__init__.py
@@ -16,9 +16,13 @@
 """Base classes for API tests.
 """
 
+import json
+
 from oslo_config import fixture as fixture_config
+from oslo_utils import fileutils
 import pecan
 import pecan.testing
+import six
 
 from aodh import service
 from aodh.tests.functional import db as db_test_base
@@ -39,8 +43,21 @@ class FunctionalTest(db_test_base.TestBase):
         self.CONF = self.useFixture(fixture_config.Config(conf)).conf
         self.setup_messaging(self.CONF)
 
+        policies = json.dumps({
+            "context_is_admin": "role:admin",
+            "context_is_project": "project_id:%(target.project_id)s",
+            "context_is_owner": "user_id:%(target.user_id)s",
+            "segregation": "rule:context_is_admin",
+            "default": ""
+        })
+        if six.PY3:
+            policies = policies.encode('utf-8')
+
         self.CONF.set_override("policy_file",
-                               self.path_get('etc/aodh/policy.json'),
+                               fileutils.write_to_tempfile(
+                                   content=policies,
+                                   prefix='policy',
+                                   suffix='.json'),
                                group='oslo_policy')
         self.app = self._make_app()
 
diff --git a/aodh/tests/functional/gabbi/fixtures.py b/aodh/tests/functional/gabbi/fixtures.py
index 89f7fcc1b..cc2b77486 100644
--- a/aodh/tests/functional/gabbi/fixtures.py
+++ b/aodh/tests/functional/gabbi/fixtures.py
@@ -15,6 +15,7 @@
 
 """Fixtures used during Gabbi-based test runs."""
 
+import json
 import os
 from unittest import case
 import uuid
@@ -23,6 +24,8 @@ from gabbi import fixture
 import mock
 from oslo_config import fixture as fixture_config
 from oslo_policy import opts
+from oslo_utils import fileutils
+import six
 
 from aodh import service
 from aodh import storage
@@ -66,9 +69,23 @@ class ConfigFixture(fixture.GabbiFixture):
         conf = fixture_config.Config(conf).conf
         self.conf = conf
         opts.set_defaults(self.conf)
-        conf.set_override('policy_file',
-                          os.path.abspath('etc/aodh/policy.json'),
-                          group='oslo_policy')
+
+        policies = json.dumps({
+            "context_is_admin": "role:admin",
+            "context_is_project": "project_id:%(target.project_id)s",
+            "context_is_owner": "user_id:%(target.user_id)s",
+            "segregation": "rule:context_is_admin",
+            "default": ""
+        })
+        if six.PY3:
+            policies = policies.encode('utf-8')
+
+        self.conf.set_override("policy_file",
+                               fileutils.write_to_tempfile(
+                                   content=policies,
+                                   prefix='policy',
+                                   suffix='.json'),
+                               group='oslo_policy')
 
         database_name = '%s-%s' % (db_url, str(uuid.uuid4()))
         conf.set_override('connection', database_name, group='database')
diff --git a/etc/aodh/policy.json b/etc/aodh/policy.json
index 2bcd03425..fc786a411 100644
--- a/etc/aodh/policy.json
+++ b/etc/aodh/policy.json
@@ -3,5 +3,18 @@
     "context_is_project": "project_id:%(target.project_id)s",
     "context_is_owner": "user_id:%(target.user_id)s",
     "segregation": "rule:context_is_admin",
-    "default": ""
+
+    "telemetry:get_alarm": "rule:context_is_admin",
+    "telemetry:get_alarms": "rule:context_is_admin",
+    "telemetry:query_alarm": "rule:context_is_admin",
+
+    "telemetry:create_alarm": "rule:context_is_admin",
+    "telemetry:change_alarm": "rule:context_is_admin",
+    "telemetry:delete_alarm": "rule:context_is_admin",
+
+    "telemetry:get_alarm_state": "rule:context_is_admin",
+    "telemetry:change_alarm_state": "rule:context_is_admin",
+
+    "telemetry:alarm_history": "rule:context_is_admin",
+    "telemetry:query_alarm_history": "rule:context_is_admin"
 }
diff --git a/etc/aodh/policy.json.sample b/etc/aodh/policy.json.sample
deleted file mode 100644
index c19ee6d00..000000000
--- a/etc/aodh/policy.json.sample
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "context_is_admin": "role:admin",
-    "context_is_project": "project_id:%(target.project_id)s",
-    "context_is_owner": "user_id:%(target.user_id)s",
-    "segregation": "rule:context_is_admin",
-    "service_role": "role:service",
-    "iaas_role": "role:iaas",
-
-    "telemetry:get_alarm": "rule:context_is_admin",
-    "telemetry:query_alarm": "rule:context_is_admin",
-    "telemetry:get_alarm_state": "rule:context_is_admin",
-    "telemetry:get_alarms": "rule:context_is_admin",
-    "telemetry:create_alarm": "rule:context_is_admin",
-    "telemetry:set_alarm": "rule:context_is_admin",
-    "telemetry:delete_alarm": "rule:context_is_admin",
-
-    "telemetry:alarm_history": "rule:context_is_admin",
-    "telemetry:change_alarm_state": "rule:context_is_admin",
-    "telemetry:query_alarm_history": "rule:context_is_admin"
-}