The present invention is a system and method for allowing an administrator of a computer network higher up in a hierarchical arrangement to define the scope of policies for the services offered, and users lower in the hierarchical arrangement to customize policies within the scope defined by the administrator. While defining policy rules, administrators classify them as scoping or non-scoping. Users lower in the hierarchical arrangement can then customize scoping rules by defining sub-rules. Policy rules have a condition part and an action part, and the sub-rules can be used to change the scope of the condition and action parts. The present invention adds all the non-scoping policy rules, all the scoping policy rules, and all the sub-rules (with their scope limited by the scoping rules) to a rules database. This rules database is then used by any policy enforcement engine to enforce policy rules.