diff --git a/config/sync/user.role.contributor.yml b/config/sync/user.role.contributor.yml
index 0b020a87c..c1253ed7b 100644
--- a/config/sync/user.role.contributor.yml
+++ b/config/sync/user.role.contributor.yml
@@ -5,6 +5,7 @@ dependencies:
   config:
     - filter.format.stanford_html
     - filter.format.stanford_minimal_html
+    - media.type.embeddable
     - media.type.file
     - media.type.google_form
     - media.type.image
@@ -25,7 +26,6 @@ dependencies:
     - editoria11y
     - filter
     - media
-    - menu_admin_per_menu
     - node
     - paragraphs
     - pathauto
@@ -49,21 +49,17 @@ permissions:
   - 'access user profiles'
   - 'add citation entities'
   - 'add content to books'
-  - 'administer main menu items'
   - 'break content lock'
   - 'create file media'
   - 'create google_form media'
   - 'create image media'
   - 'create media'
   - 'create policy log'
-  - 'create stanford_course content'
   - 'create stanford_event content'
-  - 'create stanford_event_series content'
   - 'create stanford_gallery_images media'
   - 'create stanford_news content'
   - 'create stanford_page content'
   - 'create stanford_person content'
-  - 'create stanford_policy content'
   - 'create stanford_publication content'
   - 'create video media'
   - 'delete citation entities'
@@ -82,6 +78,9 @@ permissions:
   - 'delete own stanford_publication content'
   - 'delete own video media'
   - 'dropzone upload files'
+  - 'edit any embeddable media'
+  - 'edit any file media'
+  - 'edit any google_form media'
   - 'edit any image media'
   - 'edit any stanford_course content'
   - 'edit any stanford_event content'
@@ -92,8 +91,10 @@ permissions:
   - 'edit any stanford_person content'
   - 'edit any stanford_policy content'
   - 'edit any stanford_publication content'
+  - 'edit any video media'
   - 'edit behavior plugin settings'
   - 'edit citation entities'
+  - 'edit own embeddable media'
   - 'edit own file media'
   - 'edit own google_form media'
   - 'edit own image media'
@@ -112,6 +113,7 @@ permissions:
   - 'mark as ok in editoria11y'
   - 'notify of path changes'
   - 'schedule publishing of nodes'
+  - 'update any media'
   - 'update media'
   - 'use text format stanford_html'
   - 'use text format stanford_minimal_html'
diff --git a/config/sync/user.role.site_editor.yml b/config/sync/user.role.site_editor.yml
index 8bbcbc3a6..53ec0cbe1 100644
--- a/config/sync/user.role.site_editor.yml
+++ b/config/sync/user.role.site_editor.yml
@@ -139,6 +139,9 @@ permissions:
   - 'delete terms in stanford_publication_topics'
   - 'delete terms in su_shared_tags'
   - 'dropzone upload files'
+  - 'edit any embeddable media'
+  - 'edit any file media'
+  - 'edit any google_form media'
   - 'edit any image media'
   - 'edit any stanford_course content'
   - 'edit any stanford_event content'
@@ -149,6 +152,7 @@ permissions:
   - 'edit any stanford_person content'
   - 'edit any stanford_policy content'
   - 'edit any stanford_publication content'
+  - 'edit any video media'
   - 'edit behavior plugin settings'
   - 'edit citation entities'
   - 'edit field_media_embeddable_code'
@@ -188,6 +192,7 @@ permissions:
   - 'revert stanford_policy revisions'
   - 'revert stanford_publication revisions'
   - 'schedule publishing of nodes'
+  - 'update any media'
   - 'update media'
   - 'use text format stanford_html'
   - 'use text format stanford_minimal_html'
diff --git a/config/sync/user.role.su_site_embedder.yml b/config/sync/user.role.su_site_embedder.yml
new file mode 100644
index 000000000..479a55699
--- /dev/null
+++ b/config/sync/user.role.su_site_embedder.yml
@@ -0,0 +1,14 @@
+uuid: 9dedbe8e-27b6-40de-95fd-29e4efe67be4
+langcode: en
+status: true
+dependencies:
+  module:
+    - field_permissions
+id: su_site_embedder
+label: 'Site Embedder'
+weight: 1
+is_admin: false
+permissions:
+  - 'create field_media_embeddable_code'
+  - 'edit field_media_embeddable_code'
+  - 'edit own field_media_embeddable_code'
diff --git a/tests/codeception/acceptance/Content/EventsSeriesCest.php b/tests/codeception/acceptance/Content/EventsSeriesCest.php
index 7b101c89d..3a3dd90ab 100644
--- a/tests/codeception/acceptance/Content/EventsSeriesCest.php
+++ b/tests/codeception/acceptance/Content/EventsSeriesCest.php
@@ -63,9 +63,9 @@ public function testContentTypeExists(AcceptanceTester $I) {
   public function testContributorPerms(AcceptanceTester $I) {
     $I->logInWithRole('contributor');
 
-    // Can create a node.
+    // D8CORE-4551: Can NOT create a node.
     $I->amOnPage('/node/add/stanford_event_series');
-    $I->canSeeResponseCodeIs(200);
+    $I->canSeeResponseCodeIs(403);
 
     // Can not delete a node that is not theirs but can edit.
     $node = $this->createEventSeriesNode($I);
diff --git a/tests/codeception/acceptance/Content/PolicyCest.php b/tests/codeception/acceptance/Content/PolicyCest.php
index 2ffccf4a8..f16a3c060 100644
--- a/tests/codeception/acceptance/Content/PolicyCest.php
+++ b/tests/codeception/acceptance/Content/PolicyCest.php
@@ -42,6 +42,14 @@ public function testPolicyAccess(AcceptanceTester $I) {
     $I->logInWithRole('contributor');
     $I->amOnPage('/node/add/stanford_policy');
     $I->cantSee('Create a new book');
+    // D8CORE-4551 - removed create policy permission for contributors
+    $I->canSee('Access Denied');
+    $book = $I->createEntity([
+      'type' => 'stanford_policy',
+      'su_policy_title' => $this->faker->words(2, TRUE) . '-baz-foo',
+      'su_policy_auto_prefix' => 1,
+    ]);
+    $I->amOnPage($book->toUrl('edit-form')->toString());
     // This indicates they can add to an existing book.
     $I->canSeeOptionIsSelected('Book', '- None -');
     $I->cantSee('Policy Prefix');
@@ -63,7 +71,7 @@ public function testPolicyAccess(AcceptanceTester $I) {
   /**
    * Test book title changes.
    */
-  public function testPolicyTitle(AcceptanceTester $I){
+  public function testPolicyTitle(AcceptanceTester $I) {
     $title = $this->faker->words(4, TRUE) . ' foo bar';
     $I->logInWithRole('administrator');
     $I->amOnPage('/node/add/stanford_policy');
@@ -231,7 +239,7 @@ public function testPolicyHeirarcy(AcceptanceTester $I) {
     $I->canSee($chapter_two->label(), '.breadcrumb');
     $I->canSee($article_one->label(), '.breadcrumb');
 
-    $I->canSee( $data_formatter->format($fifteen_days_ago, 'custom', 'F d, Y', self::getTimezone()));
+    $I->canSee($data_formatter->format($fifteen_days_ago, 'custom', 'F d, Y', self::getTimezone()));
     $I->canSee($data_formatter->format($time, 'custom', 'F d, Y', self::getTimezone()));
     $I->canSee($authority);
 
diff --git a/tests/codeception/acceptance/Media/MediaPermissionsCest.php b/tests/codeception/acceptance/Media/MediaPermissionsCest.php
index c632ba6a2..79ef6ae4e 100644
--- a/tests/codeception/acceptance/Media/MediaPermissionsCest.php
+++ b/tests/codeception/acceptance/Media/MediaPermissionsCest.php
@@ -30,6 +30,18 @@ public function testAdminPerms(AcceptanceTester $I) {
     $I->canSee('Embed Code');
   }
 
+  /**
+   * Test site embedder perms
+   */
+  public function testSiteEmbedderPerms(AcceptanceTester $I) {
+    $user = $I->createUserWithRoles(['su_site_embedder', 'site_manager']);
+    $I->logInAs($user->getAccountName());
+    $I->amOnPage('/media/add/embeddable');
+    $I->canSeeResponseCodeIs(200);
+    $I->canSee('oEmbed URL');
+    $I->canSee('Embed Code');
+  }
+
   /**
    * Test site manager perms
    */
diff --git a/tests/codeception/acceptance/Users/RolesCest.php b/tests/codeception/acceptance/Users/RolesCest.php
index 6f4b7c752..d97224dad 100644
--- a/tests/codeception/acceptance/Users/RolesCest.php
+++ b/tests/codeception/acceptance/Users/RolesCest.php
@@ -19,6 +19,7 @@ public function testRolesExist(AcceptanceTester $I) {
     $I->canSee('Site Builder');
     $I->canSee('Site Developer');
     $I->canSee('Administrator');
+    $I->canSee('Site Embedder');
   }
 
   /**