diff --git a/defaults/main.yml b/defaults/main.yml
index 55229ac3..65dfbd23 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -122,6 +122,11 @@ ironic_service_token_roles:
 ironic_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
 ironic_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
 
+# Enable interaction with Nova and Neutron from 2024.1 with default policy
+# If more than one service project name is necessary, then you may need to
+# override Ironic 'service_role' policy.
+ironic_service_role_elevated_access: True
+
 # The name of the entry in container_networks for the bmaas network
 # This is the default provisioning / inspection / cleaning network for this role
 ironic_container_network_name: "bmaas_address"
diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2
index a31b7780..9254ec8b 100644
--- a/templates/ironic.conf.j2
+++ b/templates/ironic.conf.j2
@@ -26,6 +26,10 @@ enabled_power_interfaces = {{ filtered_ironic_drivers | json_query('[*].power')
 enabled_console_interfaces = {{ filtered_ironic_drivers | json_query('[*].console') | unique | join(',') }}
 enabled_raid_interfaces = {{ filtered_ironic_drivers | json_query('[*].raid') | unique | join(',') }}
 
+# rbac
+rbac_service_role_elevated_access = {{ ironic_service_role_elevated_access }}
+rbac_service_project_name = {{ ironic_service_project_name }}
+
 [agent]
 
 [amt]