diff --git a/openstack_auth/policy.py b/openstack_auth/policy.py
index 2b43ef3a51..74ca0aabb2 100644
--- a/openstack_auth/policy.py
+++ b/openstack_auth/policy.py
@@ -199,11 +199,21 @@ def check(actions, request, target=None):
     # the service APIs will correct us if we are too permissive.
     if target.get('project_id') is None:
         target['project_id'] = user.project_id
+    # (gmann): Keystone use some of the policy rule as
+    # 'target.project.id' so we need to set the project.id
+    # attribute also.
+    if target.get('project.id') is None:
+        target['project.id'] = user.project_id
     if target.get('tenant_id') is None:
         target['tenant_id'] = target['project_id']
     # same for user_id
     if target.get('user_id') is None:
         target['user_id'] = user.id
+    # (gmann): Keystone use some of the policy rule as
+    # 'target.user.id' so we need to set the user.id
+    # attribute also.
+    if target.get('user.id') is None:
+        target['user.id'] = user.id
 
     domain_id_keys = [
         'domain_id',
diff --git a/openstack_dashboard/test/helpers.py b/openstack_dashboard/test/helpers.py
index 9fcc49ff45..f6b67539bb 100644
--- a/openstack_dashboard/test/helpers.py
+++ b/openstack_dashboard/test/helpers.py
@@ -236,7 +236,9 @@ class TestCase(horizon_helpers.TestCase):
             'user_domain_name': self.domain.name,
             'tenant_id': self.tenant.id,
             'service_catalog': self.service_catalog,
-            'authorized_tenants': tenants
+            'authorized_tenants': tenants,
+            'roles': [{'id': '2', 'name': 'member'},
+                      {'id': '3', 'name': 'reader'}]
         }
         base_kwargs.update(kwargs)
         self.setActiveUser(**base_kwargs)
@@ -462,6 +464,8 @@ class BaseAdminViewTests(TestCase):
     def setActiveUser(self, *args, **kwargs):
         if "roles" not in kwargs:
             kwargs['roles'] = [self.roles.admin._info]
+        else:
+            kwargs['roles'].append(self.roles.admin._info)
         super().setActiveUser(*args, **kwargs)
 
     def setSessionValues(self, **kwargs):
@@ -556,6 +560,8 @@ class SeleniumAdminTestCase(SeleniumTestCase):
     def setActiveUser(self, *args, **kwargs):
         if "roles" not in kwargs:
             kwargs['roles'] = [self.roles.admin._info]
+        else:
+            kwargs['roles'].append(self.roles.admin._info)
         super().setActiveUser(*args, **kwargs)
 
 
diff --git a/openstack_dashboard/test/unit/api/rest/test_policy.py b/openstack_dashboard/test/unit/api/rest/test_policy.py
index eb5b678742..bd70682556 100644
--- a/openstack_dashboard/test/unit/api/rest/test_policy.py
+++ b/openstack_dashboard/test/unit/api/rest/test_policy.py
@@ -86,6 +86,10 @@ class AdminPolicyRestTestCase(test.BaseAdminViewTests):
         super().setUp()
         mock.patch('horizon.utils.http.is_ajax', return_value=True).start()
 
+    def _setup_user(self, **kwargs):
+        kwargs.update({'roles': [{'name': 'admin'}]})
+        super()._setup_user(**kwargs)
+
     @override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
     def test_rule_with_target(self):
         body = json.dumps(