diff --git a/src/rm/RequestManagerGroup.cc b/src/rm/RequestManagerGroup.cc
index 1084d434f6..555f61536d 100644
--- a/src/rm/RequestManagerGroup.cc
+++ b/src/rm/RequestManagerGroup.cc
@@ -208,7 +208,7 @@ int GroupAddProvider::edit_acl_rules(
         mask_prefix = AclRule::CLUSTER_ID | cluster_id;
     }
 
-    // @<gid> HOST/%<cid> MANAGE
+    // @<gid> HOST/%<cid> MANAGE #<zone>
     rc += aclm->add_rule(
             AclRule::GROUP_ID |
             group_id,
@@ -223,7 +223,7 @@ int GroupAddProvider::edit_acl_rules(
 
             error_msg);
 
-    // @<gid> DATASTORE+NET/%<cid> USE
+    // @<gid> DATASTORE+NET/%<cid> USE #<zone>
     rc += aclm->add_rule(
             AclRule::GROUP_ID |
             group_id,
@@ -239,6 +239,21 @@ int GroupAddProvider::edit_acl_rules(
 
             error_msg);
 
+    // @<gid> ZONE/#<zone> USE *
+    rc += aclm->add_rule(
+            AclRule::GROUP_ID |
+            group_id,
+
+            PoolObjectSQL::ZONE |
+            AclRule::INDIVIDUAL_ID |
+            zone_id,
+
+            AuthRequest::USE,
+
+            AclRule::ALL_ID,
+
+            error_msg);
+
     if (rc != 0)
     {
         return -1;
@@ -306,6 +321,21 @@ int GroupDelProvider::edit_acl_rules(
 
             error_msg);
 
+    // @<gid> ZONE/#<zone> USE *
+    rc += aclm->del_rule(
+            AclRule::GROUP_ID |
+            group_id,
+
+            PoolObjectSQL::ZONE |
+            AclRule::INDIVIDUAL_ID |
+            zone_id,
+
+            AuthRequest::USE,
+
+            AclRule::ALL_ID,
+
+            error_msg);
+
     if (rc != 0)
     {
         return -1;