diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index d45edbbfe9..5dfff4c4a6 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -25,6 +25,7 @@ user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ watcher_keystone_user }}
 password = {{ watcher_keystone_password }}
+service_token_roles_required = True
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}