diff --git a/pkg/services/control/server/policy_engine.go b/pkg/services/control/server/policy_engine.go
new file mode 100644
index 000000000..058839bfb
--- /dev/null
+++ b/pkg/services/control/server/policy_engine.go
@@ -0,0 +1,24 @@
+package control
+
+import (
+	"context"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+)
+
+func (s *Server) AddChainLocalOverride(ctx context.Context, req *control.AddChainLocalOverrideRequest) (*control.AddChainLocalOverrideResponse, error) {
+	return nil, fmt.Errorf("not implemented yet")
+}
+
+func (s *Server) GetChainLocalOverride(ctx context.Context, req *control.GetChainLocalOverrideRequest) (*control.GetChainLocalOverrideResponse, error) {
+	return nil, fmt.Errorf("not implemented yet")
+}
+
+func (s *Server) ListChainLocalOverrides(ctx context.Context, req *control.ListChainLocalOverridesRequest) (*control.ListChainLocalOverridesResponse, error) {
+	return nil, fmt.Errorf("not implemented yet")
+}
+
+func (s *Server) RemoveChainLocalOverride(ctx context.Context, req *control.RemoveChainLocalOverrideRequest) (*control.RemoveChainLocalOverrideResponse, error) {
+	return nil, fmt.Errorf("not implemented yet")
+}
diff --git a/pkg/services/control/service.pb.go b/pkg/services/control/service.pb.go
index 443afb1aa..547ea7e7e 100644
Binary files a/pkg/services/control/service.pb.go and b/pkg/services/control/service.pb.go differ
diff --git a/pkg/services/control/service.proto b/pkg/services/control/service.proto
index cbcf74e53..e7d218f20 100644
--- a/pkg/services/control/service.proto
+++ b/pkg/services/control/service.proto
@@ -44,6 +44,18 @@ service ControlService {
 
     // Doctor performs storage restructuring operations on engine.
     rpc Doctor (DoctorRequest) returns (DoctorResponse);
+
+    // Add local access policy engine overrides to a node.
+    rpc AddChainLocalOverride (AddChainLocalOverrideRequest) returns (AddChainLocalOverrideResponse);
+
+    // Get local access policy engine overrides stored in the node by chain id.
+    rpc GetChainLocalOverride (GetChainLocalOverrideRequest) returns (GetChainLocalOverrideResponse);
+
+    // List local access policy engine overrides stored in the node by container id.
+    rpc ListChainLocalOverrides (ListChainLocalOverridesRequest) returns (ListChainLocalOverridesResponse);
+
+    // Remove local access policy engine overrides stored in the node by chaind id.
+    rpc RemoveChainLocalOverride (RemoveChainLocalOverrideRequest) returns (RemoveChainLocalOverrideResponse);
 }
 
 // Health check request.
@@ -405,3 +417,105 @@ message StopShardEvacuationResponse {
     Body body = 1;
     Signature signature = 2;
 }
+
+// AddChainLocalOverride request.
+message AddChainLocalOverrideRequest {
+    message Body {
+        // Container id for which the overrides are applied.
+        bytes container_id = 1;
+
+        // Serialized rule chain.
+        bytes chain = 2;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+// AddChainLocalOverride response.
+message AddChainLocalOverrideResponse {
+    message Body {
+        // Chain ID assigned for the added rule chain.
+        string chain_id = 1;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+// GetChainLocalOverride request.
+message GetChainLocalOverrideRequest {
+    message Body {
+        // Container id for which the overrides are defined.
+        bytes container_id = 1;
+
+        // Chain ID assigned for the added rule chain.
+        string chain_id = 2;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+// GetChainLocalOverride response.
+message GetChainLocalOverrideResponse {
+    message Body {
+        // Serialized rule chain.
+        bytes chain = 1;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+// ListChainLocalOverrides request.
+message ListChainLocalOverridesRequest {
+    message Body {
+        // Container id for which the overrides are defined.
+        bytes container_id = 1;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+// ListChainLocalOverrides response.
+message ListChainLocalOverridesResponse {
+    message Body {
+        // The list of serialized rule chain.
+        repeated bytes chains = 1;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+message RemoveChainLocalOverrideRequest {
+    message Body {
+        // Container id for which the overrides are defined.
+        bytes container_id = 1;
+
+        // Chain ID assigned for the added rule chain.
+        string chain_id = 2;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
+
+message RemoveChainLocalOverrideResponse {
+    message Body {
+        bool removed = 1;
+    }
+
+    Body body = 1;
+
+    Signature signature = 2;
+}
diff --git a/pkg/services/control/service_frostfs.pb.go b/pkg/services/control/service_frostfs.pb.go
index 56ff81ace..852788a30 100644
Binary files a/pkg/services/control/service_frostfs.pb.go and b/pkg/services/control/service_frostfs.pb.go differ
diff --git a/pkg/services/control/service_grpc.pb.go b/pkg/services/control/service_grpc.pb.go
index 967c739f5..b5881ccb2 100644
Binary files a/pkg/services/control/service_grpc.pb.go and b/pkg/services/control/service_grpc.pb.go differ