diff --git a/README.md b/README.md
index edf8b89..32552f4 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,9 @@ Enabling a default policy
     plugin.actionpolicy.enable_default = 1
     plugin.actionpolicy.default_name = default
 
-This allows you to create a policy file called default.policy which will be used unless a specific policy file exists.
+This allows you to create a policy file called default.policy which will be used unless a specific policy file exists. Note that if both
+allow_unconfigured and enable_default are configured all requests will go through the default policy, as enable_default takes precedence
+over allow_unconfigured.
 
 Usage
 =============================
diff --git a/spec/actionpolicy/actionpolicy_spec.rb b/spec/actionpolicy/actionpolicy_spec.rb
index 16ee7f4..1de72db 100644
--- a/spec/actionpolicy/actionpolicy_spec.rb
+++ b/spec/actionpolicy/actionpolicy_spec.rb
@@ -78,6 +78,15 @@ module MCollective
           ActionPolicy.any_instance.expects(:parse_policy_file).with('/rspecdir/policyfile')
           actionpolicy.authorize_request
         end
+
+        it 'should enforce precedence of enable_default over allow_unconfigured' do
+          config.stubs(:pluginconf).returns({'actionpolicy.allow_unconfigured' => 'y',
+                                             'actionpolicy.enable_default' => 'y'})
+          ActionPolicy.any_instance.expects(:lookup_policy_file).returns('/rspec/default')
+          ActionPolicy.any_instance.expects(:parse_policy_file).with('/rspec/default')
+          actionpolicy.authorize_request
+
+        end
       end
 
       describe '#parse_policy_file' do