diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go
index f354c2d037..d5c9a6eb71 100644
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@@ -614,8 +614,8 @@ func TestSystemBackend_policyList(t *testing.T) {
 	}
 
 	exp := map[string]interface{}{
-		"keys":     []string{"default", "response-wrapping", "root"},
-		"policies": []string{"default", "response-wrapping", "root"},
+		"keys":     []string{"default", "root"},
+		"policies": []string{"default", "root"},
 	}
 	if !reflect.DeepEqual(resp.Data, exp) {
 		t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
@@ -667,8 +667,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 	}
 
 	exp = map[string]interface{}{
-		"keys":     []string{"default", "foo", "response-wrapping", "root"},
-		"policies": []string{"default", "foo", "response-wrapping", "root"},
+		"keys":     []string{"default", "foo", "root"},
+		"policies": []string{"default", "foo", "root"},
 	}
 	if !reflect.DeepEqual(resp.Data, exp) {
 		t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
@@ -702,8 +702,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 	}
 
 	exp = map[string]interface{}{
-		"keys":     []string{"default", "response-wrapping", "root"},
-		"policies": []string{"default", "response-wrapping", "root"},
+		"keys":     []string{"default", "root"},
+		"policies": []string{"default", "root"},
 	}
 	if !reflect.DeepEqual(resp.Data, exp) {
 		t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
diff --git a/vault/policy_store_test.go b/vault/policy_store_test.go
index 3fcd381068..4a0656e23b 100644
--- a/vault/policy_store_test.go
+++ b/vault/policy_store_test.go
@@ -138,7 +138,8 @@ func TestPolicyStore_Predefined(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if len(out) != 2 || out[0] != "default" || out[1] != "response-wrapping" {
+	// This shouldn't contain response-wrapping since it's non-assignable
+	if len(out) != 1 || out[0] != "default" {
 		t.Fatalf("bad: %v", out)
 	}
 
diff --git a/vault/token_store_test.go b/vault/token_store_test.go
index dfab0b0d1a..fcc7207bfd 100644
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@@ -503,6 +503,32 @@ func TestTokenStore_RevokeSelf(t *testing.T) {
 	}
 }
 
+func TestTokenStore_HandleRequest_NonAssignable(t *testing.T) {
+	_, ts, _, root := TestCoreWithTokenStore(t)
+
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
+	req.ClientToken = root
+	req.Data["policies"] = []string{"default", "foo"}
+
+	resp, err := ts.HandleRequest(req)
+	if err != nil {
+		t.Fatalf("err: %v %v", err, resp)
+	}
+
+	req.Data["policies"] = []string{"default", "foo", cubbyholeResponseWrappingPolicyName}
+
+	resp, err = ts.HandleRequest(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resp == nil {
+		t.Fatal("got a nil response")
+	}
+	if !resp.IsError() {
+		t.Fatalf("expected error; response is %#v", *resp)
+	}
+}
+
 func TestTokenStore_HandleRequest_CreateToken_DisplayName(t *testing.T) {
 	_, ts, _, root := TestCoreWithTokenStore(t)