diff --git a/templates/add_role_policy_permission.json.j2 b/templates/add_role_policy_permission.json.j2
index a008492..80ae1f0 100644
--- a/templates/add_role_policy_permission.json.j2
+++ b/templates/add_role_policy_permission.json.j2
@@ -82,7 +82,7 @@
             "type" : "SIMPLE",
             "taskReferenceName": "retrieve_default_permission_policies",
             "inputParameters" : {
-              "url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}",
+              "url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}/associatedPolicies",
               "method" :"GET",
               "headers" : {
                 "Authorization" : "Bearer ${authorize.output.body.access_token}",
@@ -96,7 +96,29 @@
     {
         "name" : "join",
         "type" : "JOIN",
-        "taskReferenceName" : "join_prepare_policy_and_permission"
-    }
+        "taskReferenceName" : "join_prepare_policy_and_permission",
+        "joinOn" : ["retrieve_default_permission_policies","add_policy"]
+    },
+    {
+		  "name" : "pyrest",
+		  "taskReferenceName" : "finalize_permission",
+		  "type" : "SIMPLE",
+		  "inputParameters" : {
+			  "url" : "${init.input.keycloak_admin}/clients/${role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}",
+			  "method" : "PUT",
+			  "headers" : {
+				  "Authorization" : "Bearer ${authorize.output.body.access_token}",
+				  "Content-Type" : "application/json"
+			  },
+			  "body" : {
+           "name": "Default Permission",
+           "description": "",
+           "type" : "resource",
+           "logic": "POSITIVE",
+           "decisionStrategy": "AFFIRMATIVE",
+           "policies" : "${join_prepare_policy_and_permission.output.body[*].id}"
+        }
+		  }
+	  }
 	]
 }