diff --git a/lower-constraints.txt b/lower-constraints.txt
index b3d0f6a219..4b698b3f54 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -86,7 +86,7 @@ oslo.i18n==3.20.0
 oslo.log==4.3.0
 oslo.messaging==12.4.0
 oslo.middleware==4.0.1
-oslo.policy==3.6.2
+oslo.policy==3.7.0
 oslo.reports==1.18.0
 oslo.serialization==2.28.1
 oslo.service==1.30.0
diff --git a/octavia/policies/base.py b/octavia/policies/base.py
index c66cae270c..9998e1098c 100644
--- a/octavia/policies/base.py
+++ b/octavia/policies/base.py
@@ -18,17 +18,23 @@ from octavia.common import constants
 deprecated_context_is_admin = policy.DeprecatedRule(
     name='context_is_admin',
     check_str='role:admin or '
-              'role:load-balancer_admin'
+              'role:load-balancer_admin',
+    deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
+    deprecated_since=versionutils.deprecated.WALLABY,
 )
 deprecated_observer_and_owner = policy.DeprecatedRule(
     name='load-balancer:observer_and_owner',
     check_str='role:load-balancer_observer and '
-              'rule:load-balancer:owner'
+              'rule:load-balancer:owner',
+    deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
+    deprecated_since=versionutils.deprecated.WALLABY,
 )
 deprecated_member_and_owner = policy.DeprecatedRule(
     name='load-balancer:member_and_owner',
     check_str='role:load-balancer_member and '
-              'rule:load-balancer:owner'
+              'rule:load-balancer:owner',
+    deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
+    deprecated_since=versionutils.deprecated.WALLABY,
 )
 
 rules = [
@@ -87,8 +93,6 @@ rules = [
         check_str='role:load-balancer_admin or '
                   'rule:system-admin',
         deprecated_rule=deprecated_context_is_admin,
-        deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
-        deprecated_since=versionutils.deprecated.WALLABY,
         scope_types=[constants.RBAC_SCOPE_SYSTEM]),
 
     # Note: 'is_admin:True' is a policy rule that takes into account the
@@ -106,8 +110,6 @@ rules = [
         check_str='role:load-balancer_observer and '
                   'rule:project-reader',
         deprecated_rule=deprecated_observer_and_owner,
-        deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
-        deprecated_since=versionutils.deprecated.WALLABY,
         scope_types=[constants.RBAC_SCOPE_PROJECT]),
 
     policy.RuleDefault(
@@ -121,8 +123,6 @@ rules = [
         check_str='role:load-balancer_member and '
                   'rule:project-member',
         deprecated_rule=deprecated_member_and_owner,
-        deprecated_reason=constants.RBAC_ROLES_DEPRECATED_REASON,
-        deprecated_since=versionutils.deprecated.WALLABY,
         scope_types=[constants.RBAC_SCOPE_PROJECT]),
 
     # API access methods
diff --git a/requirements.txt b/requirements.txt
index 7e450f6960..d3f55e13f0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,7 +22,7 @@ oslo.i18n>=3.20.0 # Apache-2.0
 oslo.log>=4.3.0 # Apache-2.0
 oslo.messaging>=12.4.0 # Apache-2.0
 oslo.middleware>=4.0.1 # Apache-2.0
-oslo.policy>=3.6.2 # Apache-2.0
+oslo.policy>=3.7.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
 oslo.serialization>=2.28.1 # Apache-2.0
 oslo.upgradecheck>=1.3.0 # Apache-2.0