diff --git a/app/policies/group_member_policy.rb b/app/policies/group_member_policy.rb
index 62335527654cd230a2947a5f52ff97807f0f02fc..5a3fe814b77950a685e3b06f10b3a1966fc53e07 100644
--- a/app/policies/group_member_policy.rb
+++ b/app/policies/group_member_policy.rb
@@ -15,5 +15,11 @@ class GroupMemberPolicy < BasePolicy
     elsif @user == target_user
       can! :destroy_group_member
     end
+
+    additional_rules!
+  end
+
+  def additional_rules!
+    # This is meant to be overriden in EE
   end
 end
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index b65fb68cd88b93ce6e5e293fe91595f6c3d88ade..6f943feb2a72690cc51806eb5b98a2b3394cb8eb 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -33,6 +33,8 @@ class GroupPolicy < BasePolicy
     if globally_viewable && @subject.request_access_enabled && !member
       can! :request_access
     end
+
+    additional_rules!(master)
   end
 
   def can_read_group?
@@ -43,4 +45,8 @@ class GroupPolicy < BasePolicy
 
     GroupProjectsFinder.new(@subject).execute(@user).any?
   end
+
+  def additional_rules!(master)
+    # This is meant to be overriden in EE
+  end
 end