diff --git a/acl/cache.go b/acl/cache.go
index f5ef96fb8e..b61e32fc6f 100644
--- a/acl/cache.go
+++ b/acl/cache.go
@@ -140,3 +140,10 @@ func (c *Cache) GetACL(id string) (ACL, error) {
 func (c *Cache) ClearACL(id string) {
 	c.aclCache.Remove(id)
 }
+
+// Purge is used to clear all the ACL caches. The
+// rule and policy caches are not purged, since they
+// are content-hashed anyways.
+func (c *Cache) Purge() {
+	c.aclCache.Purge()
+}
diff --git a/acl/cache_test.go b/acl/cache_test.go
index 341ad9c166..51ca5a2dfe 100644
--- a/acl/cache_test.go
+++ b/acl/cache_test.go
@@ -126,6 +126,39 @@ func TestCache_ClearACL(t *testing.T) {
 	}
 }
 
+func TestCache_Purge(t *testing.T) {
+	policies := map[string]string{
+		"foo": testSimplePolicy,
+		"bar": testSimplePolicy,
+	}
+	faultfn := func(id string) (string, error) {
+		return policies[id], nil
+	}
+
+	c, err := NewCache(1, DenyAll(), faultfn)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	acl, err := c.GetACL("foo")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	// Nuke the cache
+	c.Purge()
+	c.policyCache.Purge()
+
+	acl2, err := c.GetACL("foo")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	if acl == acl2 {
+		t.Fatalf("should not be cached")
+	}
+}
+
 func TestCache_GetACLPolicy(t *testing.T) {
 	policies := map[string]string{
 		"foo": testSimplePolicy,