diff --git a/playbooks/configure-openshift-access-control.yml b/playbooks/configure-openshift-access-control.yml
new file mode 100644
index 0000000..003c0f4
--- /dev/null
+++ b/playbooks/configure-openshift-access-control.yml
@@ -0,0 +1,8 @@
+---
+
+  - name: Configure the OpenShift Access Control Layer
+    hosts: itix
+    become: yes
+    tasks:
+    - name: Remove authenticated users the right to create projects
+      command: oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth
diff --git a/playbooks/site.yml b/playbooks/site.yml
index a9e5e35..fb4afd3 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -8,3 +8,5 @@
   - include: "./openshift-ansible/playbooks/byo/config.yml"
 
   - include: "post-install.yml"
+
+  - include: "configure-openshift-access-control.yml"