diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 148b756b..c14746b7 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -16,7 +16,9 @@
     "default": "rule:admin_or_owner",
 
     "create_subnet": "rule:admin_or_network_owner",
+    "create_subnet:segment_id": "rule:admin_only",
     "get_subnet": "rule:admin_or_owner or rule:shared",
+    "get_subnet:segment_id": "rule:admin_only",
     "update_subnet": "rule:admin_or_network_owner",
     "delete_subnet": "rule:admin_or_network_owner",
 
@@ -61,6 +63,11 @@
     "update_network:router:external": "rule:admin_only",
     "delete_network": "rule:admin_or_owner",
 
+    "create_segment": "rule:admin_only",
+    "get_segment": "rule:admin_only",
+    "update_segment": "rule:admin_only",
+    "delete_segment": "rule:admin_only",
+
     "network_device": "field:port:device_owner=~^network:",
     "create_port": "",
     "create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
@@ -213,26 +220,8 @@
     "get_flavor_service_profile": "rule:regular_user",
     "get_auto_allocated_topology": "rule:admin_or_owner",
 
-    "get_bgp_speaker": "rule:admin_only",
-    "create_bgp_speaker": "rule:admin_only",
-    "update_bgp_speaker": "rule:admin_only",
-    "delete_bgp_speaker": "rule:admin_only",
-
-    "get_bgp_peer": "rule:admin_only",
-    "create_bgp_peer": "rule:admin_only",
-    "update_bgp_peer": "rule:admin_only",
-    "delete_bgp_peer": "rule:admin_only",
-
-    "add_bgp_peer": "rule:admin_only",
-    "remove_bgp_peer": "rule:admin_only",
-
     "add_gateway_network": "rule:admin_only",
     "remove_gateway_network": "rule:admin_only",
 
-    "get_advertised_routes":"rule:admin_only",
-
-    "add_bgp_speaker_to_dragent": "rule:admin_only",
-    "remove_bgp_speaker_from_dragent": "rule:admin_only",
-    "list_bgp_speaker_on_dragent": "rule:admin_only",
-    "list_dragent_hosting_bgp_speaker": "rule:admin_only"
+    "get_advertised_routes":"rule:admin_only"
 }