diff --git a/weed/iam/integration/iam_manager.go b/weed/iam/integration/iam_manager.go
index e9c9e5a16..cc0cd66e0 100644
--- a/weed/iam/integration/iam_manager.go
+++ b/weed/iam/integration/iam_manager.go
@@ -115,8 +115,8 @@ func (m *IAMManager) Initialize(config *IAMConfig) error {
 // createRoleStore creates a role store based on configuration
 func (m *IAMManager) createRoleStore(config *RoleStoreConfig) (RoleStore, error) {
 	if config == nil {
-		// Default to filer role store
-		return NewFilerRoleStore(nil)
+		// Default to memory role store when no config provided
+		return NewMemoryRoleStore(), nil
 	}
 
 	switch config.StoreType {
diff --git a/weed/iam/integration/role_store.go b/weed/iam/integration/role_store.go
index 295115be4..c34c1a2b2 100644
--- a/weed/iam/integration/role_store.go
+++ b/weed/iam/integration/role_store.go
@@ -146,11 +146,18 @@ func NewFilerRoleStore(config map[string]interface{}) (*FilerRoleStore, error) {
 		basePath: "/etc/iam/roles", // Default path for role storage - aligned with /etc/ convention
 	}
 
-	// Parse configuration - only basePath and other settings, NOT filerAddress
+	// Parse configuration
 	if config != nil {
 		if basePath, ok := config["basePath"].(string); ok && basePath != "" {
 			store.basePath = strings.TrimSuffix(basePath, "/")
 		}
+
+		// Validate that filerAddress is provided in config - required for distributed setup
+		if _, ok := config["filerAddress"].(string); !ok {
+			return nil, fmt.Errorf("filer address is required in configuration for FilerRoleStore")
+		}
+	} else {
+		return nil, fmt.Errorf("filer address is required in configuration for FilerRoleStore")
 	}
 
 	glog.V(2).Infof("Initialized FilerRoleStore with basePath %s", store.basePath)
diff --git a/weed/iam/policy/policy_store.go b/weed/iam/policy/policy_store.go
index 4c673d40a..c44afd6e4 100644
--- a/weed/iam/policy/policy_store.go
+++ b/weed/iam/policy/policy_store.go
@@ -158,11 +158,18 @@ func NewFilerPolicyStore(config map[string]interface{}) (*FilerPolicyStore, erro
 		basePath: "/etc/iam/policies", // Default path for policy storage - aligned with /etc/ convention
 	}
 
-	// Parse configuration - only basePath and other settings, NOT filerAddress
+	// Parse configuration
 	if config != nil {
 		if basePath, ok := config["basePath"].(string); ok && basePath != "" {
 			store.basePath = strings.TrimSuffix(basePath, "/")
 		}
+
+		// Validate that filerAddress is provided in config - required for distributed setup
+		if _, ok := config["filerAddress"].(string); !ok {
+			return nil, fmt.Errorf("filer address is required in configuration for FilerPolicyStore")
+		}
+	} else {
+		return nil, fmt.Errorf("filer address is required in configuration for FilerPolicyStore")
 	}
 
 	glog.V(2).Infof("Initialized FilerPolicyStore with basePath %s", store.basePath)