diff --git a/planetstack/model_policies/model_policy_User.py b/planetstack/model_policies/model_policy_User.py
new file mode 100644
index 0000000..1b1895e
--- /dev/null
+++ b/planetstack/model_policies/model_policy_User.py
@@ -0,0 +1,30 @@
+from core.models import *
+
+def handle(user):
+	deployments = Deployment.objects.all()
+	site_deployments = SiteDeployments.objects.all()
+	site_deploy_lookup = defaultdict(list)
+	for site_deployment in site_deployments:
+		site_deploy_lookup[site_deployment.site].append(site_deployment.deployment)
+
+	user_deploy_lookup = defaultdict(list)
+	for user_deployment in UserDeployments.objects.all():
+		user_deploy_lookup[user_deployment.user].append(user_deployment.deployment)
+   
+	all_deployments = Deployment.objects.filter() 
+	if user.is_admin:
+		# admins should have an account at all deployments
+		expected_deployments = deployments
+	else:
+		# normal users should have an account at their site's deployments
+		#expected_deployments = site_deploy_lookup[user.site]
+		# users are added to all deployments for now
+		expected_deployments = deployments        
+
+	for expected_deployment in expected_deployments:
+		if not user in user_deploy_lookup or \
+		  expected_deployment not in user_deploy_lookup[user]: 
+			# add new record
+			ud = UserDeployments(user=user, deployment=expected_deployment)
+			ud.save()    
+