diff --git a/files/rootwrap.d/volume.filters b/files/rootwrap.d/volume.filters
index 925df2d4..db642f3a 100644
--- a/files/rootwrap.d/volume.filters
+++ b/files/rootwrap.d/volume.filters
@@ -65,10 +65,6 @@ lvconvert: CommandFilter, lvconvert, root
 # cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
 iscsiadm: CommandFilter, iscsiadm, root
 
-# cinder/volume/drivers/lvm.py: 'shred', '-n3'
-# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB'
-shred: CommandFilter, shred, root
-
 # cinder/volume/utils.py: utils.temporary_chown(path, 0)
 chown: CommandFilter, chown, root
 
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 69d638d0..88183720 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -10,6 +10,7 @@
     "volume:get": "rule:admin_or_owner",
     "volume:get_all": "rule:admin_or_owner",
     "volume:get_volume_metadata": "rule:admin_or_owner",
+    "volume:create_volume_metadata": "rule:admin_or_owner",
     "volume:delete_volume_metadata": "rule:admin_or_owner",
     "volume:update_volume_metadata": "rule:admin_or_owner",
     "volume:get_volume_admin_metadata": "rule:admin_api",
@@ -114,6 +115,18 @@
     "group:access_group_types_specs": "rule:admin_api",
     "group:group_type_access": "rule:admin_or_owner",
 
+    "group:create" : "",
+    "group:delete": "rule:admin_or_owner",
+    "group:update": "rule:admin_or_owner",
+    "group:get": "rule:admin_or_owner",
+    "group:get_all": "rule:admin_or_owner",
+
+    "group:create_group_snapshot": "",
+    "group:delete_group_snapshot": "rule:admin_or_owner",
+    "group:update_group_snapshot": "rule:admin_or_owner",
+    "group:get_group_snapshot": "rule:admin_or_owner",
+    "group:get_all_group_snapshots": "rule:admin_or_owner",
+
     "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
     "message:delete": "rule:admin_or_owner",
     "message:get": "rule:admin_or_owner",