diff --git a/roles/pvc/tasks/libvirt/bootstrap.yml b/roles/pvc/tasks/libvirt/bootstrap.yml
index 5e75597..d4fc49c 100644
--- a/roles/pvc/tasks/libvirt/bootstrap.yml
+++ b/roles/pvc/tasks/libvirt/bootstrap.yml
@@ -1,3 +1,3 @@
 ---
 - name: create Libvirt keyring
-  command: ceph auth get-or-create client.libvirt mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=pvc*'
+  command: ceph auth get-or-create client.libvirt mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=*'
diff --git a/roles/pvc/tasks/libvirt/main.yml b/roles/pvc/tasks/libvirt/main.yml
index f1c16a4..9e2f339 100644
--- a/roles/pvc/tasks/libvirt/main.yml
+++ b/roles/pvc/tasks/libvirt/main.yml
@@ -11,6 +11,12 @@
       - libjemalloc2
     state: latest
 
+- name: add libvirt user to ceph group
+  user:
+    name: libvirt-qemu
+    groups: ceph
+    append: yes
+
 - name: install libvirt configuration
   template:
     src: libvirt/{{ item }}.j2