diff --git a/deploy/kube.yaml b/deploy/kube.yaml
index 97d5a3a..bdd3570 100644
--- a/deploy/kube.yaml
+++ b/deploy/kube.yaml
@@ -60,7 +60,7 @@ spec:
         # uncomment to add authorization to the contacts-app example. Please
         # note that authz also needs to be running in order to authorize
         # requests to the contacts-app
-        # - "-authz=pdpserver.authz:5555"
+        # - "-authz=themis.authz:5555"
         image: infoblox/contacts-server:latest
         imagePullPolicy: Always
         ports:
diff --git a/deploy/pargs.yaml b/deploy/pargs.yaml
index 45bf07f..b5daabf 100644
--- a/deploy/pargs.yaml
+++ b/deploy/pargs.yaml
@@ -1,85 +1,103 @@
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Group
 metadata:
   name: all-users
-  namespace: authz
+  namespace: contacts
   labels:
-    pargset: authz
+    authz-namespace: authz
 criteria:
-  type: User
+  type: user
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Group
 metadata:
   name: engineers
-  namespace: authz
+  namespace: contacts
+  labels:
+    authz-namespace: authz
+criteria:
+  type: user
+  department: admin
+---
+apiVersion: authz.infoblox.com/v1
+kind: Group
+metadata:
+  name: all-resources
+  namespace: contacts
   labels:
-    pargset: authz
+    authz-namespace: authz
 criteria:
-  type: User
-  department: Engineering
+  type: none
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: RoleAssignment
 metadata:
   name: contacts-all-users
   namespace: contacts
   labels:
-    pargset: authz
-group: all-users
-role: contacts-read-only
+    authz-namespace: authz
+subjectgroups:
+- all-users
+roles:
+- contacts-read-only
+resourcegroups:
+- all-resources
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: RoleAssignment
 metadata:
   name: contacts-admin
   namespace: contacts
   labels:
-    pargset: authz
-group: engineers
-role: contacts-read-write
+    authz-namespace: authz
+subjectgroups:
+- engineers
+roles:
+- contacts-read-write
+resourcegroups:
+- all-resources
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Role
 metadata:
   name: contacts-read-only
   namespace: contacts
   labels:
-    pargset: authz
+    authz-namespace: authz
 permissions:
   - contacts-read
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Role
 metadata:
   name: contacts-read-write
   namespace: contacts
   labels:
-    pargset: authz
+    authz-namespace: authz
 permissions:
   - contacts-read
   - contacts-write
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Permission
 metadata:
   name: contacts-read
   namespace: contacts
   labels:
-    pargset: authz
-operations:
+    authz-namespace: authz
+endpoints:
   - Contacts.List
   - Contacts.Get
 ---
-apiVersion: infoblox.com/v1
+apiVersion: authz.infoblox.com/v1
 kind: Permission
 metadata:
   name: contacts-write
   namespace: contacts
   labels:
-    pargset: authz
-operations:
+    authz-namespace: authz
+endpoints:
   - Contacts.Create
   - Contacts.Update
   - Contacts.Delete
-  - Contacts.SendSMS
\ No newline at end of file
+  - Contacts.SendSMS