diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index d9d31f9ddf..d7ab0c78b2 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -171,12 +171,6 @@
     "identity:add_endpoint_group_to_project": "rule:admin_required",
     "identity:remove_endpoint_group_from_project": "rule:admin_required",
 
-    "identity:create_protocol": "rule:cloud_admin",
-    "identity:update_protocol": "rule:cloud_admin",
-    "identity:get_protocol": "rule:cloud_admin",
-    "identity:list_protocols": "rule:cloud_admin",
-    "identity:delete_protocol": "rule:cloud_admin",
-
     "identity:get_auth_catalog": "",
     "identity:get_auth_projects": "",
     "identity:get_auth_domains": "",
diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py
index df3178bcef..436110d829 100644
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@@ -216,6 +216,11 @@ class PolicyJsonTestCase(unit.TestCase):
             'identity:list_identity_providers',
             'identity:update_identity_provider',
             'identity:delete_identity_provider',
+            'identity:create_protocol',
+            'identity:get_protocol',
+            'identity:list_protocols',
+            'identity:update_protocol',
+            'identity:delete_protocol',
             'identity:create_domain',
             'identity:get_domain',
             'identity:list_domains',
diff --git a/releasenotes/notes/bug-1806762-daed3e27f58f0f6d.yaml b/releasenotes/notes/bug-1806762-daed3e27f58f0f6d.yaml
new file mode 100644
index 0000000000..456c6d8bbd
--- /dev/null
+++ b/releasenotes/notes/bug-1806762-daed3e27f58f0f6d.yaml
@@ -0,0 +1,17 @@
+---
+upgrade:
+  - |
+    [`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
+    [`bug 1804518 <https://bugs.launchpad.net/keystone/+bug/1804518>`_]
+    The protocol policies defined in the ``policy.v3cloudsample.json``
+    policy file have been removed. These policies are now obsolete after
+    incorporating system-scope into the federated protocol API and
+    implementing default roles.
+fixes:
+  - |
+    [`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
+    [`bug 1804518 <https://bugs.launchpad.net/keystone/+bug/1804518>`_]
+    The federated protocol policies in the ``policy.v3cloudsample.json``
+    policy file have been removed in favor of better defaults in code.
+    These policies weren't tested exhaustively and were misleading to
+    users and operators.