Extending role scope in a directory server system. A directory server system comprises a directory server and a role mechanism. The directory server interacts with entries organized in a tree structure. The entries comprise user entries and role entries. The role entries define a role and have an associated scope defined from their location in the tree structure. The role mechanism is capable of attaching a role of an existing role entry to a user entry subject to a first condition comprising. The role mechanism is further capable of determining whether the existing role entry has extra data designating an extra scope, and, if so, of attaching a role of the existing role entry to a user entry subject to a second condition. The second condition comprises the role membership condition and the fact that the user entry belongs to the extra scope of the existing role entry.