diff --git a/tacker/policies/vnf_package.py b/tacker/policies/vnf_package.py
index 29a842ec4..5d8f2b9b0 100644
--- a/tacker/policies/vnf_package.py
+++ b/tacker/policies/vnf_package.py
@@ -31,7 +31,8 @@ rules = [
                 'method': 'POST',
                 'path': '/vnf_packages'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'show',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -41,7 +42,8 @@ rules = [
                 'method': 'GET',
                 'path': '/vnf_packages/{vnf_package_id}'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'index',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -51,7 +53,8 @@ rules = [
                 'method': 'GET',
                 'path': '/vnf_packages/'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'delete',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -61,7 +64,8 @@ rules = [
                 'method': 'DELETE',
                 'path': '/vnf_packages/{vnf_package_id}'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'fetch_package_content',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -72,7 +76,8 @@ rules = [
                 'path': '/vnf_packages/{vnf_package_id}/'
                         'package_content'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'upload_package_content',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -83,7 +88,8 @@ rules = [
                 'path': '/vnf_packages/{vnf_package_id}/'
                         'package_content'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'upload_from_uri',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -94,7 +100,8 @@ rules = [
                 'path': '/vnf_packages/{vnf_package_id}/package_content/'
                         'upload_from_uri'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'patch',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -104,7 +111,8 @@ rules = [
                 'method': 'PATCH',
                 'path': '/vnf_packages/{vnf_package_id}'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'get_vnf_package_vnfd',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -114,7 +122,8 @@ rules = [
                 'method': 'GET',
                 'path': '/vnf_packages/{vnf_package_id}/vnfd'
             }
-        ]),
+        ],
+        scope_types=['project']),
     policy.DocumentedRuleDefault(
         name=VNFPKGM % 'fetch_artifact',
         check_str=base.RULE_ADMIN_OR_OWNER,
@@ -124,7 +133,8 @@ rules = [
                 'method': 'GET',
                 'path': '/vnf_packages/{vnfPkgId}/artifacts/{artifactPath}'
             }
-        ]),
+        ],
+        scope_types=['project']),
 ]
 
 
diff --git a/tacker/tests/unit/policies/test_vnf_package.py b/tacker/tests/unit/policies/test_vnf_package.py
index 67a46b815..f064ceb0f 100644
--- a/tacker/tests/unit/policies/test_vnf_package.py
+++ b/tacker/tests/unit/policies/test_vnf_package.py
@@ -17,6 +17,8 @@ import os
 from unittest import mock
 import urllib
 
+from oslo_config import cfg
+
 from tacker.api.vnfpkgm.v1 import controller
 from tacker.common import csar_utils
 from tacker.common import exceptions
@@ -305,3 +307,45 @@ class VNFPackagePolicyTest(base_test.BasePolicyTest):
                                  rule_name,
                                  self.controller.fetch_vnf_package_artifacts,
                                  req, constants.UUID, absolute_artifact_path)
+
+
+class VNFPackageScopeTypePolicyTest(VNFPackagePolicyTest):
+    """Test VNF Package APIs policies with scope enabled.
+
+    This class set the tacker.conf [oslo_policy] enforce_scope to True
+    so that we can switch on the scope checking on oslo policy side.
+    This check that system scope users are not allowed to access the
+    Tacker VNF Package APIs.
+    """
+
+    def setUp(self):
+        super(VNFPackageScopeTypePolicyTest, self).setUp()
+        cfg.CONF.set_override('enforce_scope', True,
+                              group='oslo_policy')
+
+        self.project_authorized_contexts = [
+            self.legacy_admin_context, self.project_admin_context,
+            self.project_member_context, self.project_reader_context,
+            self.project_foo_context, self.other_project_member_context,
+            self.other_project_reader_context
+        ]
+        # With scope enabled, system scoped users will not be
+        # allowed to create VNF Package or a few of the VNF Package
+        # operations in their project.
+        self.project_unauthorized_contexts = [
+            self.system_admin_context, self.system_member_context,
+            self.system_reader_context, self.system_foo_context
+        ]
+
+        self.project_member_authorized_contexts = [
+            self.legacy_admin_context, self.project_admin_context,
+            self.project_member_context, self.project_reader_context,
+            self.project_foo_context
+        ]
+        # With scope enabled, system scoped users will not be allowed
+        # to get, detele etc operations of VNF Package.
+        self.project_member_unauthorized_contexts = [
+            self.system_admin_context, self.system_member_context,
+            self.system_reader_context, self.system_foo_context,
+            self.other_project_member_context,
+            self.other_project_reader_context]