diff --git a/policy/global.hcl b/policy/global.hcl
new file mode 100644
index 0000000..da140c6
--- /dev/null
+++ b/policy/global.hcl
@@ -0,0 +1,28 @@
+# Mount secrets engines
+path "sys/mounts/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Configure the Terraform secrets engine and create roles
+path "terraform/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Manage the leases
+path "sys/leases/+/terraform/creds/my-user/*" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}
+
+path "sys/leases/+/terraform/creds/my-user" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}
+
+# Write ACL policies
+path "sys/policies/acl/*" {
+  capabilities = [ "create", "read", "update", "delete", "list" ]
+}
+
+# Manage tokens for verification
+path "auth/token/create" {
+  capabilities = [ "create", "read", "update", "delete", "list", "sudo" ]
+}