diff --git a/policies/CWpolicy.json b/policies/CWpolicy.json
new file mode 100644
index 0000000..c03e232
--- /dev/null
+++ b/policies/CWpolicy.json
@@ -0,0 +1,37 @@
+{
+    "is_anonymous": "identity:None",
+    "is_authenticated": "not rule:is_anonymous",
+    "swift_reseller": "(role:%(reseller_admin)s)",
+    "swift_operator": "%(operators)s",
+
+    "swift_owner": "rule:swift_reseller or rule:swift_operator or is_admin:True",
+
+    "reseller_request": "rule:swift_reseller",
+    "same_tenant": "account:%%(account)s",
+    "tenant_mismatch": "not rule:same_tenant",
+
+    "allowed_for_authenticated": "rule:swift_reseller or acl:check_cross_tenant or acl:check_is_public or (rule:same_tenant and rule:swift_operator) or (rule:same_tenant and acl:check_roles) or (rule:same_tenant and is_admin:True) or (rule:same_tenant and is_admin:False and acl:check_roles)",
+
+    "allowed_for_anonymous": "is_authoritative:True and acl:check_is_public",
+
+    "allowed_for_user": "(rule:is_authenticated and rule:allowed_for_authenticated) or rule:allowed_for_anonymous",
+
+    "get_account": "rule:allowed_for_user and not role:remove_only",
+    "post_account": "rule:allowed_for_user and not role:remove_only",
+    "head_account": "rule:allowed_for_user",
+    "delete_account": "rule:swift_reseller",
+    "options_account": "",
+    "get_container": "rule:allowed_for_user and not role:remove_only",
+    "put_container": "rule:allowed_for_user and not role:remove_only and not role:upload_disabled",
+    "delete_container": "rule:allowed_for_user",
+    "post_container": "rule:allowed_for_user and not role:remove_only and not role:upload_disabled",
+    "head_container": "rule:allowed_for_user",
+    "options_container": "",
+    "get_object": "rule:allowed_for_user and not role:remove_only",
+    "put_object": "rule:allowed_for_user and not role:remove_only and not role:upload_disabled",
+    "copy_object": "rule:allowed_for_user and not role:remove_only and not role:upload_disabled",
+    "delete_object": "rule:allowed_for_user",
+    "head_object": "rule:allowed_for_user",
+    "post_object": "rule:allowed_for_user and not role:remove_only and not role:upload_disabled",
+    "options_object": ""
+}