Use the policy.json file to define additional access controls that apply to the Identity service:
policy.json
../../_static/keystone.policy.yaml.sample