diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyApiIntegrationTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyApiIntegrationTests.java
index 23395bf5d..06d75b4c1 100644
--- a/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyApiIntegrationTests.java
+++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/oauth/scope/pdp/ScopePolicyApiIntegrationTests.java
@@ -53,6 +53,7 @@
 import it.infn.mw.iam.persistence.model.IamGroup;
 import it.infn.mw.iam.persistence.model.IamScopePolicy;
 import it.infn.mw.iam.persistence.model.PolicyRule;
+import it.infn.mw.iam.persistence.model.IamScopePolicy.MatchingPolicy;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 import it.infn.mw.iam.persistence.repository.IamGroupRepository;
 import it.infn.mw.iam.persistence.repository.IamScopePolicyRepository;
@@ -547,6 +548,31 @@ public void testDefaultPolicyUpdate() throws Exception {
       .andExpect(jsonPath("$.scopes").doesNotExist());
 
   }
+
+  @Test
+  @WithMockOAuthUser(user = "admin", authorities = {"ROLE_USER", "ROLE_ADMIN"}, scopes = {"iam:admin.read", "iam:admin.write"})
+  public void testDefaultPolicyUpdateUpdatingMatchingPolicy() throws Exception {
+    final String description = "DENY ALL!";
+
+    ScopePolicyDTO sp = new ScopePolicyDTO();
+    sp.setDescription(description);
+    sp.setRule(PolicyRule.DENY.name());
+    sp.setMatchingPolicy(MatchingPolicy.PATH.name());
+    sp.setScopes(Sets.newHashSet(SCIM_READ, SCIM_WRITE));
+    sp.setId(1L);
+
+    String serializedSp = mapper.writeValueAsString(sp);
+    mvc.perform(put("/iam/scope_policies/1").content(serializedSp).contentType(APPLICATION_JSON))
+      .andExpect(status().isNoContent());
+
+    mvc.perform(get("/iam/scope_policies/1"))
+      .andExpect(status().isOk())
+      .andExpect(jsonPath("$.id", equalTo(1)))
+      .andExpect(jsonPath("$.rule", equalTo("DENY")))
+      .andExpect(jsonPath("$.description", equalTo(description)))
+      .andExpect(jsonPath("$.matchingPolicy", equalTo(MatchingPolicy.PATH.name())));
+
+  }
   
   @Test
   @WithMockOAuthUser(user = "admin", authorities = {"ROLE_USER", "ROLE_ADMIN"}, scopes = "iam:admin.write")
diff --git a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamScopePolicy.java b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamScopePolicy.java
index f2605ae70..f3bdc4a48 100644
--- a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamScopePolicy.java
+++ b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamScopePolicy.java
@@ -218,6 +218,7 @@ public void from(IamScopePolicy other) {
     setDescription(other.getDescription());
     setRule(other.getRule());
     setScopes(other.getScopes());
+    setMatchingPolicy(other.getMatchingPolicy());
     linkAccount();
     linkGroup();
   }