diff --git a/src/menelaus_web_audit.erl b/src/menelaus_web_audit.erl
index a0879ea011..3ab4c883e3 100644
--- a/src/menelaus_web_audit.erl
+++ b/src/menelaus_web_audit.erl
@@ -86,6 +86,8 @@ audit_user_exists({_, ExtOrUnknown}) when ExtOrUnknown =:= external
     %% since external users might not exist in CB users database and still be
     %% able to perform auditable actions
     true;
+audit_user_exists({_, bad_domain}) ->
+    false;
 audit_user_exists(Identity) ->
     SpecIds = [{N, local} || N <- memcached_permissions:spec_users()],
     menelaus_users:user_exists(Identity) orelse lists:member(Identity, SpecIds).
@@ -210,7 +212,7 @@ validate_users(Name, State) ->
               UsersFound =
                   lists:map(
                     fun ({U, [N, S]}) ->
-                            Identity = {N, menelaus_web_rbac:domain_to_atom(S)},
+                            Identity = {N, domain_to_atom(S)},
                             case audit_user_exists(Identity) of
                                 true ->
                                     Identity;
@@ -229,6 +231,17 @@ validate_users(Name, State) ->
               end
       end, Name, State).
 
+known_domains() ->
+    ["local", "external", "unknown"].
+
+domain_to_atom(Domain) ->
+    case lists:member(Domain, known_domains()) of
+        true ->
+            list_to_atom(Domain);
+        false ->
+            bad_domain
+    end.
+
 validators(Config) ->
     Descriptors = orddict:from_list(ns_audit_cfg:get_descriptors(Config)),
     [validator:has_params(_),
diff --git a/src/menelaus_web_rbac.erl b/src/menelaus_web_rbac.erl
index ce0487c884..9c41a1668c 100644
--- a/src/menelaus_web_rbac.erl
+++ b/src/menelaus_web_rbac.erl
@@ -44,7 +44,6 @@
          handle_get_password_policy/1,
          handle_post_password_policy/1,
          assert_no_users_upgrade/0,
-         domain_to_atom/1,
          handle_put_group/2,
          handle_delete_group/2,
          handle_get_groups/2,