diff --git a/pkg/services/control/server/policy_engine.go b/pkg/services/control/server/policy_engine.go
index 16b365b21..7ec3d58ac 100644
--- a/pkg/services/control/server/policy_engine.go
+++ b/pkg/services/control/server/policy_engine.go
@@ -19,6 +19,10 @@ func apeTarget(chainTarget *control.ChainTarget) (engine.Target, error) {
 		return engine.ContainerTarget(chainTarget.GetName()), nil
 	case control.ChainTarget_NAMESPACE:
 		return engine.NamespaceTarget(chainTarget.GetName()), nil
+	case control.ChainTarget_USER:
+		return engine.UserTarget(chainTarget.GetName()), nil
+	case control.ChainTarget_GROUP:
+		return engine.GroupTarget(chainTarget.GetName()), nil
 	default:
 	}
 	return engine.Target{}, status.Error(codes.InvalidArgument,
@@ -42,6 +46,16 @@ func controlTarget(chainTarget *engine.Target) (control.ChainTarget, error) {
 			Name: nm,
 			Type: control.ChainTarget_NAMESPACE,
 		}, nil
+	case engine.User:
+		return control.ChainTarget{
+			Name: chainTarget.Name,
+			Type: control.ChainTarget_USER,
+		}, nil
+	case engine.Group:
+		return control.ChainTarget{
+			Name: chainTarget.Name,
+			Type: control.ChainTarget_GROUP,
+		}, nil
 	default:
 	}
 	return control.ChainTarget{}, status.Error(codes.InvalidArgument,
diff --git a/pkg/services/control/service.pb.go b/pkg/services/control/service.pb.go
index 345110bab..9c597beec 100644
Binary files a/pkg/services/control/service.pb.go and b/pkg/services/control/service.pb.go differ
diff --git a/pkg/services/control/service_grpc.pb.go b/pkg/services/control/service_grpc.pb.go
index 95264fcd3..feeee0006 100644
Binary files a/pkg/services/control/service_grpc.pb.go and b/pkg/services/control/service_grpc.pb.go differ
diff --git a/pkg/services/control/types.pb.go b/pkg/services/control/types.pb.go
index 2fc16a926..858755694 100644
Binary files a/pkg/services/control/types.pb.go and b/pkg/services/control/types.pb.go differ
diff --git a/pkg/services/control/types.proto b/pkg/services/control/types.proto
index 3306924ac..55636d88a 100644
--- a/pkg/services/control/types.proto
+++ b/pkg/services/control/types.proto
@@ -179,6 +179,10 @@ message ChainTarget {
     NAMESPACE = 1;
 
     CONTAINER = 2;
+
+    USER = 3;
+
+    GROUP = 4;
   }
 
   TargetType type = 1;