diff --git a/resources/sql/autopatches/20141107.phriction.policy.1.sql b/resources/sql/autopatches/20141107.phriction.policy.1.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20141107.phriction.policy.1.sql
@@ -0,0 +1,5 @@
+ALTER TABLE {$NAMESPACE}_phriction.phriction_document
+  ADD viewPolicy VARBINARY(64) NOT NULL;
+
+ALTER TABLE {$NAMESPACE}_phriction.phriction_document
+  ADD editPolicy VARBINARY(64) NOT NULL;
diff --git a/resources/sql/autopatches/20141107.phriction.policy.2.php b/resources/sql/autopatches/20141107.phriction.policy.2.php
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20141107.phriction.policy.2.php
@@ -0,0 +1,47 @@
+<?php
+
+$table = new PhrictionDocument();
+$conn_w = $table->establishConnection('w');
+
+echo "Populating Phriction policies.\n";
+
+$default_view_policy = PhabricatorPolicies::getMostOpenPolicy();
+$default_edit_policy = PhabricatorPolicies::POLICY_USER;
+
+foreach (new LiskMigrationIterator($table) as $doc) {
+  $id = $doc->getID();
+
+  if ($doc->getViewPolicy() && $doc->getEditPolicy()) {
+    echo "Skipping doc $id; already has policy set.\n";
+    continue;
+  }
+
+  // project documents get the project policy
+  if (PhrictionDocument::isProjectSlug($doc->getSlug())) {
+
+    $project_slug =
+      PhrictionDocument::getProjectSlugIdentifier($doc->getSlug());
+    $project_slugs = array($project_slug);
+    $project = id(new PhabricatorProjectQuery())
+      ->setViewer(PhabricatorUser::getOmnipotentUser())
+      ->withPhrictionSlugs($project_slugs)
+      ->executeOne();
+
+    $project_name = $project->getName();
+    echo "Migrating doc $id to project policy $project_name...\n";
+    $doc->setViewPolicy($project->getViewPolicy());
+    $doc->setEditPolicy($project->getEditPolicy());
+    $doc->save();
+
+  // non-project documents get the most open policy possible
+  } else {
+
+    echo "Migrating doc $id to default install policy...\n";
+    $doc->setViewPolicy($default_view_policy);
+    $doc->setEditPolicy($default_edit_policy);
+    $doc->save();
+
+  }
+}
+
+echo "Done.\n";
diff --git a/src/applications/phriction/controller/PhrictionDocumentController.php b/src/applications/phriction/controller/PhrictionDocumentController.php
--- a/src/applications/phriction/controller/PhrictionDocumentController.php
+++ b/src/applications/phriction/controller/PhrictionDocumentController.php
@@ -199,6 +199,8 @@
     }
 
     $header = id(new PHUIHeaderView())
+      ->setUser($user)
+      ->setPolicyObject($document)
       ->setHeader($page_title);
 
     $prop_list = null;
diff --git a/src/applications/phriction/editor/PhrictionTransactionEditor.php b/src/applications/phriction/editor/PhrictionTransactionEditor.php
--- a/src/applications/phriction/editor/PhrictionTransactionEditor.php
+++ b/src/applications/phriction/editor/PhrictionTransactionEditor.php
@@ -83,10 +83,8 @@
     $types[] = PhrictionTransaction::TYPE_MOVE_TO;
     $types[] = PhrictionTransaction::TYPE_MOVE_AWAY;
 
-    /* TODO
     $types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
     $types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
-     */
 
     return $types;
   }
diff --git a/src/applications/phriction/storage/PhrictionDocument.php b/src/applications/phriction/storage/PhrictionDocument.php
--- a/src/applications/phriction/storage/PhrictionDocument.php
+++ b/src/applications/phriction/storage/PhrictionDocument.php
@@ -13,6 +13,8 @@
   protected $contentID;
   protected $status;
   protected $mailKey;
+  protected $viewPolicy;
+  protected $editPolicy;
 
   private $contentObject = self::ATTACHABLE;
   private $ancestors = array();
@@ -66,6 +68,10 @@
     $content->setTitle($default_title);
     $document->attachContent($content);
 
+    $default_view_policy = PhabricatorPolicies::getMostOpenPolicy();
+    $document->setViewPolicy($default_view_policy);
+    $document->setEditPolicy(PhabricatorPolicies::POLICY_USER);
+
     return $document;
   }
 
@@ -172,31 +178,29 @@
   }
 
   public function getPolicy($capability) {
-    if ($this->hasProject()) {
-      return $this->getProject()->getPolicy($capability);
+    switch ($capability) {
+      case PhabricatorPolicyCapability::CAN_VIEW:
+        return $this->getViewPolicy();
+      case PhabricatorPolicyCapability::CAN_EDIT:
+        return $this->getEditPolicy();
     }
-
-    return PhabricatorPolicies::POLICY_USER;
   }
 
   public function hasAutomaticCapability($capability, PhabricatorUser $user) {
-    if ($this->hasProject()) {
-      return $this->getProject()->hasAutomaticCapability($capability, $user);
-    }
     return false;
   }
 
   public function describeAutomaticCapability($capability) {
-    if ($this->hasProject()) {
-      return pht(
-        "This is a project wiki page, and inherits the project's policies.");
-    }
 
     switch ($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW:
         return pht(
           'To view a wiki document, you must also be able to view all '.
           'of its parents.');
+      case PhabricatorPolicyCapability::CAN_EDIT:
+        return pht(
+          'To edit a wiki document, you must also be able to view all '.
+          'of its parents.');
     }
 
     return null;