diff --git a/dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java b/dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java
index 19ec1cba75..0c2d5e5eed 100644
--- a/dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java
+++ b/dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java
@@ -146,25 +146,16 @@ public class BitstreamResource extends Resource
 
         log.info("Reading bitstream(id=" + bitstreamId + ") policies.");
         org.dspace.core.Context context = null;
-        List<ResourcePolicy> policies = new ArrayList<ResourcePolicy>();
+        ResourcePolicy[] policies = null;
 
         try
         {
             context = createContext(getUser(headers));
             org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
+            AuthorizeManager.getPolicies(context, dspaceBitstream);
+
+            policies = new Bitstream(dspaceBitstream,"policies").getPolicies();
 
-            Bundle[] bundles = dspaceBitstream.getBundles();
-            for (Bundle bundle : bundles)
-            {
-                List<org.dspace.authorize.ResourcePolicy> bitstreamsPolicies = bundle.getBitstreamPolicies();
-                for (org.dspace.authorize.ResourcePolicy policy : bitstreamsPolicies)
-                {
-                    if (policy.getResourceID() == bitstreamId)
-                    {
-                        policies.add(new ResourcePolicy(policy));
-                    }
-                }
-            }
             context.complete();
             log.trace("Policies for bitstream(id=" + bitstreamId + ") was successfully read.");
 
@@ -184,7 +175,7 @@ public class BitstreamResource extends Resource
             processFinally(context);
         }
 
-        return policies.toArray(new ResourcePolicy[0]);
+        return policies;
     }
 
     /**
@@ -359,42 +350,26 @@ public class BitstreamResource extends Resource
      */
     @POST
     @Path("/{bitstream_id}/policy")
+    @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
     public javax.ws.rs.core.Response addBitstreamPolicy(@PathParam("bitstream_id") Integer bitstreamId, ResourcePolicy policy,
-            @Context HttpHeaders headers)
+            @QueryParam("userIP") String user_ip, @QueryParam("userAgent") String user_agent,
+            @QueryParam("xforwardedfor") String xforwardedfor, @Context HttpHeaders headers, @Context HttpServletRequest request)
+            throws WebApplicationException
     {
 
-        log.info("Adding bitstream(id=" + bitstreamId + ") READ policy with permission for group(id=" + policy.getGroupId()
+        log.info("Adding bitstream(id=" + bitstreamId + ") " + policy.getAction() + " policy with permission for group(id=" + policy.getGroupId()
                 + ").");
         org.dspace.core.Context context = null;
 
         try
         {
             context = createContext(getUser(headers));
-            org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
+            org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
 
-            Bundle[] bundles = dspaceBitstream.getBundles();
+            writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,
+                    request, context);
 
-            for (Bundle bundle : bundles)
-            {
-                List<org.dspace.authorize.ResourcePolicy> bitstreamsPolicies = bundle.getBitstreamPolicies();
-
-                org.dspace.authorize.ResourcePolicy dspacePolicy = org.dspace.authorize.ResourcePolicy.create(context);
-                dspacePolicy.setAction(policy.getActionInt());
-                dspacePolicy.setGroup(Group.find(context, policy.getGroupId()));
-                dspacePolicy.setResourceID(dspaceBitstream.getID());
-                dspacePolicy.setResource(dspaceBitstream);
-                dspacePolicy.setResourceType(org.dspace.core.Constants.BITSTREAM);
-                dspacePolicy.setStartDate(policy.getStartDate());
-                dspacePolicy.setEndDate(policy.getEndDate());
-                dspacePolicy.setRpDescription(policy.getRpDescription());
-                dspacePolicy.setRpName(policy.getRpName());
-                dspacePolicy.update();
-                // dspacePolicy.setRpType(org.dspace.authorize.ResourcePolicy.TYPE_CUSTOM);
-                bitstreamsPolicies.add(dspacePolicy);
-
-                bundle.replaceAllBitstreamPolicies(bitstreamsPolicies);
-                bundle.update();
-            }
+            addPolicyToBitstream(context, policy, dspaceBitstream);
 
             context.complete();
             log.trace("Policy for bitstream(id=" + bitstreamId + ") was successfully added.");
@@ -485,43 +460,14 @@ public class BitstreamResource extends Resource
 
             if (bitstream.getPolicies() != null)
             {
-                Bundle[] bundles = dspaceBitstream.getBundles();
-                ResourcePolicy[] policies = bitstream.getPolicies();
-                for (Bundle bundle : bundles)
-                {
-                    List<org.dspace.authorize.ResourcePolicy> bitstreamsPolicies = bundle.getBitstreamPolicies();
-                    // Remove old bitstream policies
-                    List<org.dspace.authorize.ResourcePolicy> policiesToRemove = new ArrayList<org.dspace.authorize.ResourcePolicy>();
-                    for (org.dspace.authorize.ResourcePolicy policy : bitstreamsPolicies)
-                    {
-                        if (policy.getResourceID() == dspaceBitstream.getID())
-                        {
-                            policiesToRemove.add(policy);
-                        }
-                    }
-                    for (org.dspace.authorize.ResourcePolicy policy : policiesToRemove)
-                    {
-                        bitstreamsPolicies.remove(policy);
-                    }
+                log.trace("Updating bitstream policies.");
 
-                    // Add all new bitstream policies
-                    for (ResourcePolicy policy : policies)
-                    {
-                        org.dspace.authorize.ResourcePolicy dspacePolicy = org.dspace.authorize.ResourcePolicy.create(context);
-                        dspacePolicy.setAction(policy.getActionInt());
-                        dspacePolicy.setGroup(Group.find(context, policy.getGroupId()));
-                        dspacePolicy.setResourceID(dspaceBitstream.getID());
-                        dspacePolicy.setResource(dspaceBitstream);
-                        dspacePolicy.setResourceType(org.dspace.core.Constants.BITSTREAM);
-                        dspacePolicy.setStartDate(policy.getStartDate());
-                        dspacePolicy.setEndDate(policy.getEndDate());
-                        dspacePolicy.setRpDescription(policy.getRpDescription());
-                        dspacePolicy.setRpName(policy.getRpName());
-                        dspacePolicy.update();
-                        bitstreamsPolicies.add(dspacePolicy);
-                    }
-                    bundle.replaceAllBitstreamPolicies(bitstreamsPolicies);
-                    bundle.update();
+                // Remove all old bitstream policies.
+                AuthorizeManager.removeAllPolicies(context,dspaceBitstream);
+
+                // Add all new bitstream policies
+                for (ResourcePolicy policy : bitstream.getPolicies()) {
+                    addPolicyToBitstream(context, policy, dspaceBitstream);
                 }
             }
 
@@ -730,55 +676,52 @@ public class BitstreamResource extends Resource
     @DELETE
     @Path("/{bitstream_id}/policy/{policy_id}")
     public javax.ws.rs.core.Response deleteBitstreamPolicy(@PathParam("bitstream_id") Integer bitstreamId,
-            @PathParam("policy_id") Integer policyId, @Context HttpHeaders headers)
+            @PathParam("policy_id") Integer policyId, @QueryParam("userIP") String user_ip, @QueryParam("userAgent") String user_agent,
+            @QueryParam("xforwardedfor") String xforwardedfor, @Context HttpHeaders headers, @Context HttpServletRequest request)
+            throws WebApplicationException
     {
-
-        log.info("Deleting bitstream(id=" + bitstreamId + ") READ policy(id=" + policyId + ").");
+        log.info("Deleting  policy(id=" + policyId + ") from bitstream(id=" + bitstreamId + ").");
         org.dspace.core.Context context = null;
 
         try
         {
             context = createContext(getUser(headers));
-            org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
+            org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
 
-            Bundle[] bundles = dspaceBitstream.getBundles();
+            writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,
+                    request, context);
 
-            for (Bundle bundle : bundles)
-            {
-                List<org.dspace.authorize.ResourcePolicy> bitstreamsPolicies = bundle.getBitstreamPolicies();
-
-                for (org.dspace.authorize.ResourcePolicy policy : bitstreamsPolicies)
-                {
-                    if (policy.getID() == policyId.intValue())
-                    {
-                        bitstreamsPolicies.remove(policy);
-                        break;
-                    }
+            // Check if resource policy exists in bitstream.
+            boolean found = false;
+            List<org.dspace.authorize.ResourcePolicy> policies =  AuthorizeManager.getPolicies(context, dspaceBitstream);
+            for(org.dspace.authorize.ResourcePolicy policy : policies) {
+                if(policy.getID() == policyId) {
+                    found = true;
+                    break;
                 }
+            }
 
-                bundle.replaceAllBitstreamPolicies(bitstreamsPolicies);
-                bundle.update();
+            if(found) {
+                removePolicyFromBitstream(context, policyId, bitstreamId);
+            } else {
+                context.abort();
+                throw new WebApplicationException(Response.Status.NOT_FOUND);
             }
 
             context.complete();
-            log.trace("Policy for bitstream(id=" + bitstreamId + ") was successfully added.");
+            log.trace("Policy for bitstream(id=" + bitstreamId + ") was successfully removed.");
 
         }
         catch (SQLException e)
         {
-            processException("Someting went wrong while deleting READ policy(id=" + policyId + ") to bitstream(id=" + bitstreamId
+            processException("Someting went wrong while deleting policy(id=" + policyId + ") to bitstream(id=" + bitstreamId
                     + "), SQLException! Message: " + e, context);
         }
         catch (ContextException e)
         {
-            processException("Someting went wrong while deleting READ policy(id=" + policyId + ") to bitstream(id=" + bitstreamId
+            processException("Someting went wrong while deleting policy(id=" + policyId + ") to bitstream(id=" + bitstreamId
                     + "), ContextException. Message: " + e.getMessage(), context);
         }
-        catch (AuthorizeException e)
-        {
-            processException("Someting went wrong while deleting READ policy(id=" + policyId + ") to bitstream(id=" + bitstreamId
-                    + "), AuthorizeException! Message: " + e, context);
-        }
         finally
         {
             processFinally(context);
@@ -799,6 +742,41 @@ public class BitstreamResource extends Resource
         return URLConnection.guessContentTypeFromName(name);
     }
 
+    /**
+     * Add policy(org.dspace.rest.common.ResourcePolicy) to bitstream.
+     * @param context Context to create DSpace ResourcePolicy.
+     * @param policy Policy which will be added to bitstream.
+     * @param dspaceBitstream
+     * @throws SQLException
+     * @throws AuthorizeException
+     */
+    private void addPolicyToBitstream(org.dspace.core.Context context, ResourcePolicy policy, org.dspace.content.Bitstream dspaceBitstream) throws SQLException, AuthorizeException {
+        org.dspace.authorize.ResourcePolicy dspacePolicy = org.dspace.authorize.ResourcePolicy.create(context);
+        dspacePolicy.setAction(policy.getActionInt());
+        dspacePolicy.setGroup(Group.find(context, policy.getGroupId()));
+        dspacePolicy.setResourceID(dspaceBitstream.getID());
+        dspacePolicy.setResource(dspaceBitstream);
+        dspacePolicy.setResourceType(org.dspace.core.Constants.BITSTREAM);
+        dspacePolicy.setStartDate(policy.getStartDate());
+        dspacePolicy.setEndDate(policy.getEndDate());
+        dspacePolicy.setRpDescription(policy.getRpDescription());
+        dspacePolicy.setRpName(policy.getRpName());
+
+        dspacePolicy.update();
+        dspaceBitstream.updateLastModified();
+    }
+
+    /**
+     * Remove policy from bitstream. But only if resourceID of policy is same as bitstream id.
+     * @param context Context to delete policy.
+     * @param policyID Id of resource policy, which will be deleted.
+     * @param bitstreamID Id of bitstream.
+     * @throws SQLException
+     */
+    private void removePolicyFromBitstream(org.dspace.core.Context context, int policyID, int bitstreamID) throws SQLException {
+        DatabaseManager.updateQuery(context, "DELETE FROM resourcepolicy WHERE POLICY_ID = ? AND RESOURCE_ID = ?", policyID,bitstreamID);
+    }
+
     /**
      * Find bitstream from DSpace database. This encapsulatets the 
      * org.dspace.content.Bitstream.find method with a check whether the item exists and 
diff --git a/dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java b/dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java
index 9407214e3c..04e5fb6a0f 100644
--- a/dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java
+++ b/dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java
@@ -543,11 +543,9 @@ public class ItemsResource extends Resource
                         date.setSeconds(0);
                         dspacePolicy.setStartDate(date);
                     }
-                    dspacePolicy.update();
-                    bitstreamsPolicies.add(dspacePolicy);
 
-                    dspaceBundle.replaceAllBitstreamPolicies(bitstreamsPolicies);
-                    dspaceBundle.update();
+                    dspacePolicy.update();
+                    dspaceBitstream.updateLastModified();
                 }
             }
 
diff --git a/dspace-rest/src/main/java/org/dspace/rest/common/Bitstream.java b/dspace-rest/src/main/java/org/dspace/rest/common/Bitstream.java
index 87b99aecd2..83cee35f26 100644
--- a/dspace-rest/src/main/java/org/dspace/rest/common/Bitstream.java
+++ b/dspace-rest/src/main/java/org/dspace/rest/common/Bitstream.java
@@ -76,7 +76,12 @@ public class Bitstream extends DSpaceObject {
 
         if(expandFields.contains("parent") || expandFields.contains("all")) {
             parentObject = new DSpaceObject(bitstream.getParentObject());
-        } else if(expandFields.contains("policies") || expandFields.contains("all")) {
+        } else {
+            this.addExpand("parent");
+        }
+
+        if(expandFields.contains("policies") || expandFields.contains("all")) {
+            // Find policies without context.
         	List<ResourcePolicy> tempPolicies = new ArrayList<ResourcePolicy>();
         	Bundle[] bundles = bitstream.getBundles();
 			for (Bundle bundle : bundles) {
@@ -90,7 +95,6 @@ public class Bitstream extends DSpaceObject {
 			
 			policies = tempPolicies.toArray(new ResourcePolicy[0]);
         } else {
-            this.addExpand("parent");
             this.addExpand("policies");
         }
 
diff --git a/dspace-rest/src/main/java/org/dspace/rest/common/ResourcePolicy.java b/dspace-rest/src/main/java/org/dspace/rest/common/ResourcePolicy.java
index b260901f23..e0d06c06cf 100644
--- a/dspace-rest/src/main/java/org/dspace/rest/common/ResourcePolicy.java
+++ b/dspace-rest/src/main/java/org/dspace/rest/common/ResourcePolicy.java
@@ -11,6 +11,9 @@ import java.util.Date;
 
 import org.codehaus.jackson.annotate.JsonIgnore;
 
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "resourcepolicy")
 public class ResourcePolicy{
 	
 	public enum Action {