diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 29aa25854c9..da655b8eccb 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -273,15 +273,14 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
     private void createPolicyAndAddToDomainGroup(String policyName, String description, String entityType,
             Long entityId, String action, AccessType accessType, Long domainId, Boolean recursive) {
 
-        AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null);
-       _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
-               entityId, action, accessType.toString(), Permission.Allow, recursive);
-
-       List<Long> policyList = new ArrayList<Long>();
-       policyList.add(new Long(policy.getId()));
-
        Domain domain = _domainDao.findById(domainId);
        if (domain != null) {
+            AclPolicy policy = _iamSrv.createAclPolicy(policyName, description, null, domain.getPath());
+            _iamSrv.addAclPermissionToAclPolicy(policy.getId(), entityType, PermissionScope.RESOURCE.toString(),
+                    entityId, action, accessType.toString(), Permission.Allow, recursive);
+            List<Long> policyList = new ArrayList<Long>();
+            policyList.add(new Long(policy.getId()));
+
            List<AclGroup> domainGroups = listDomainGroup(domain);
            if (domainGroups != null) {
                for (AclGroup group : domainGroups) {
@@ -352,7 +351,12 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
     public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
-        return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId);
+        Long domainId = caller.getDomainId();
+        Domain callerDomain = _domainDao.findById(domainId);
+        if (callerDomain == null) {
+            throw new InvalidParameterValueException("Caller does not have a domain");
+        }
+        return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId, callerDomain.getPath());
     }
 
     @DB
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 2b26e72974c..3957b622200 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -40,7 +40,7 @@ public interface IAMService {
     Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
 
     /* ACL Policy related interfaces */
-    AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId);
+    AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId, String path);
 
     boolean deleteAclPolicy(long aclPolicyId);
 
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 84ed5456ff7..1398889539c 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -294,7 +294,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
 
     @DB
     @Override
-    public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId) {
+    public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId, final String path) {
 
         // check if the policy is already existing
         AclPolicy ro = _aclPolicyDao.findByName(aclPolicyName);
@@ -308,6 +308,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
             @Override
             public AclPolicy doInTransaction(TransactionStatus status) {
                 AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
+                rvo.setPath(path);
 
                 AclPolicy role = _aclPolicyDao.persist(rvo);
                 if (parentPolicyId != null) {