diff --git a/etc/policy.json.sample b/etc/policy.json.sample
index 28819cc19..2ac551e59 100644
--- a/etc/policy.json.sample
+++ b/etc/policy.json.sample
@@ -6,14 +6,5 @@
     "subscription:get": "",
     "subscription:delete": "",
     "subscription:update": "",
-    "subscription:confirm": "",
-
-    "pools:get_all": "rule:context_is_admin",
-    "pools:create": "rule:context_is_admin",
-    "pools:get": "rule:context_is_admin",
-    "pools:delete": "rule:context_is_admin",
-    "pools:update": "rule:context_is_admin",
-
-    "ping:get": "",
-    "health:get": "rule:context_is_admin"
+    "subscription:confirm": ""
 }
diff --git a/zaqar/common/policies/__init__.py b/zaqar/common/policies/__init__.py
index 30030f6f7..ba1d78c2b 100644
--- a/zaqar/common/policies/__init__.py
+++ b/zaqar/common/policies/__init__.py
@@ -15,7 +15,9 @@ import itertools
 from zaqar.common.policies import base
 from zaqar.common.policies import claims
 from zaqar.common.policies import flavors
+from zaqar.common.policies import health
 from zaqar.common.policies import messages
+from zaqar.common.policies import pools
 from zaqar.common.policies import queues
 
 
@@ -24,6 +26,8 @@ def list_rules():
         base.list_rules(),
         claims.list_rules(),
         flavors.list_rules(),
+        health.list_rules(),
         messages.list_rules(),
+        pools.list_rules(),
         queues.list_rules()
     )
diff --git a/zaqar/common/policies/health.py b/zaqar/common/policies/health.py
new file mode 100644
index 000000000..53e8b5438
--- /dev/null
+++ b/zaqar/common/policies/health.py
@@ -0,0 +1,48 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from zaqar.common.policies import base
+
+PING = 'ping:%s'
+HEALTH = 'health:%s'
+
+rules = [
+
+    policy.DocumentedRuleDefault(
+        name=PING % 'get',
+        check_str=base.UNPROTECTED,
+        description='Simple health check for end user(ping).',
+        operations=[
+            {
+                'path': '/v2/ping',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=HEALTH % 'get',
+        check_str=base.ROLE_ADMIN,
+        description='Detailed health check for cloud operator/admin.',
+        operations=[
+            {
+                'path': '/v2/health',
+                'method': 'GET'
+            }
+        ]
+    )
+]
+
+
+def list_rules():
+    return rules
diff --git a/zaqar/common/policies/pools.py b/zaqar/common/policies/pools.py
new file mode 100644
index 000000000..146655dbb
--- /dev/null
+++ b/zaqar/common/policies/pools.py
@@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from zaqar.common.policies import base
+
+POOLS = 'pools:%s'
+
+
+rules = [
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'get_all',
+        check_str=base.ROLE_ADMIN,
+        description='Lists pools.',
+        operations=[
+            {
+                'path': '/v2/pools',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'create',
+        check_str=base.ROLE_ADMIN,
+        description='Creates a pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'PUT'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'get',
+        check_str=base.ROLE_ADMIN,
+        description='Shows details for a pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'delete',
+        check_str=base.ROLE_ADMIN,
+        description='Delete pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'DELETE'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'update',
+        check_str=base.ROLE_ADMIN,
+        description='Update pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'PATCH'
+            }
+        ]
+    )
+]
+
+
+def list_rules():
+    return rules
diff --git a/zaqar/tests/etc/policy.json b/zaqar/tests/etc/policy.json
index 28819cc19..2ac551e59 100644
--- a/zaqar/tests/etc/policy.json
+++ b/zaqar/tests/etc/policy.json
@@ -6,14 +6,5 @@
     "subscription:get": "",
     "subscription:delete": "",
     "subscription:update": "",
-    "subscription:confirm": "",
-
-    "pools:get_all": "rule:context_is_admin",
-    "pools:create": "rule:context_is_admin",
-    "pools:get": "rule:context_is_admin",
-    "pools:delete": "rule:context_is_admin",
-    "pools:update": "rule:context_is_admin",
-
-    "ping:get": "",
-    "health:get": "rule:context_is_admin"
+    "subscription:confirm": ""
 }