diff --git a/dsp_permissions_scripts/models/scope.py b/dsp_permissions_scripts/models/scope.py
index 7e25e5b5..7ffa204c 100644
--- a/dsp_permissions_scripts/models/scope.py
+++ b/dsp_permissions_scripts/models/scope.py
@@ -86,3 +86,8 @@ def remove(
     D={builtin_groups.CREATOR, builtin_groups.PROJECT_MEMBER},
     V={builtin_groups.UNKNOWN_USER, builtin_groups.KNOWN_USER},
 )
+
+PRIVATE = PermissionScope.create(
+    CR={builtin_groups.PROJECT_ADMIN, builtin_groups.CREATOR},
+    V={builtin_groups.PROJECT_MEMBER},
+)
diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py
index 3540eb33..38248e2a 100644
--- a/dsp_permissions_scripts/template.py
+++ b/dsp_permissions_scripts/template.py
@@ -22,7 +22,7 @@ def modify_aps(aps: list[Ap]) -> list[Ap]:
     """Adapt this sample to your needs."""
     modified_aps = []
     for ap in aps:
-        if ap.forGroup == builtin_groups.PROJECT_MEMBER:
+        if ap.forGroup == builtin_groups.UNKNOWN_USER:
             if ApValue.ProjectAdminGroupAllPermission not in ap.hasPermissions:
                 ap.add_permission(ApValue.ProjectAdminGroupAllPermission)
                 modified_aps.append(ap)
@@ -33,7 +33,7 @@ def modify_doaps(doaps: list[Doap]) -> list[Doap]:
     """Adapt this sample to your needs."""
     modified_doaps = []
     for doap in doaps:
-        if doap.target.group in [builtin_groups.PROJECT_MEMBER, builtin_groups.PROJECT_ADMIN]:
+        if doap.target.group == builtin_groups.UNKNOWN_USER:
             doap.scope = PUBLIC
             modified_doaps.append(doap)
     return modified_doaps
@@ -69,7 +69,7 @@ def update_aps(
         host=host,
         token=token,
         existing_aps=project_aps,
-        forGroup=builtin_groups.PROJECT_MEMBER,
+        forGroup=builtin_groups.UNKNOWN_USER,
     )
     modified_aps = modify_aps(remaining_aps)
     apply_updated_aps_on_server(