diff --git a/accounts-service/com.endlessm.ParentalControls.rules b/accounts-service/com.endlessm.ParentalControls.rules.in
similarity index 96%
rename from accounts-service/com.endlessm.ParentalControls.rules
rename to accounts-service/com.endlessm.ParentalControls.rules.in
index b3bf998..fa021fa 100644
--- a/accounts-service/com.endlessm.ParentalControls.rules
+++ b/accounts-service/com.endlessm.ParentalControls.rules.in
@@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) {
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
          action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
         subject.active && subject.local &&
-        subject.isInGroup("sudo")) {
+        subject.isInGroup("@PRIVILEGED_GROUP@")) {
             return polkit.Result.YES;
     }
 
diff --git a/accounts-service/meson.build b/accounts-service/meson.build
index 09a149e..6942d2b 100644
--- a/accounts-service/meson.build
+++ b/accounts-service/meson.build
@@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces
     join_paths(accountsserviceinterfacesdir, filename))
 endforeach
 
-install_data('com.endlessm.ParentalControls.rules',
-  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
+polkit_conf = configuration_data()
+polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group'))
+configure_file(
+  input: 'com.endlessm.ParentalControls.rules.in',
+  output: 'com.endlessm.ParentalControls.rules',
+  configuration: polkit_conf,
+  install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')
+)
diff --git a/meson_options.txt b/meson_options.txt
index d516c70..726cac1 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -21,3 +21,9 @@ option(
   value: false,
   description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle'
 )
+option(
+  'privileged_group',
+  type: 'string',
+  value: 'wheel',
+  description: 'name of group that has elevated permissions'
+)