diff --git a/rbac_iotbzh.conf b/rbac_iotbzh.conf
new file mode 100644
index 0000000..fd302e9
--- /dev/null
+++ b/rbac_iotbzh.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && regexMatch(r.obj, p.obj) && r.act == p.act