diff --git a/src/routers/permission.js b/src/routers/permission.js
index de41e3b..f1458e7 100644
--- a/src/routers/permission.js
+++ b/src/routers/permission.js
@@ -19,12 +19,21 @@ async function updatePermission(req, res) {
     }
 }
 
+const sanitizeBody = [
+    body('action').isString().optional(),
+    body('active').isBoolean().optional(),
+    body('router').isString().optional(),
+    body('identifiedBy').isString().optional(),
+    body('values').isArray().optional(),
+    body('environments').isArray().optional()
+];
+
 router.post('/permission/create/:team', auth, [
     check('team').isMongoId(),
-    body('action').not().isEmpty(),
-    body('router').not().isEmpty(),
-    body('environments').isArray().optional(),
-], validate, verifyInputUpdateParameters(['action', 'router', 'environments']), async (req, res) => {
+    ...sanitizeBody
+], validate, verifyInputUpdateParameters([
+    'action', 'active', 'router', 'identifiedBy', 'values', 'environments'
+]), async (req, res) => {
     try {
         const permission = await Services.createPermission(req.body, req.params.team, req.admin);
         res.status(201).send(permission);
@@ -82,13 +91,9 @@ router.get('/permission/:id', auth, [
 
 router.patch('/permission/:id', auth, [
     check('id').isMongoId(),
-    body('action').isString().optional(),
-    body('active').isBoolean().optional(),
-    body('router').isString().optional(),
-    body('identifiedBy').isString().optional(),
-    body('environments').isArray().optional()
+    ...sanitizeBody
 ], validate, verifyInputUpdateParameters([
-    'action', 'active', 'router', 'identifiedBy', 'environments'
+    'action', 'active', 'router', 'identifiedBy', 'values', 'environments'
 ]), async (req, res) => {
     await updatePermission(req, res);
 });
diff --git a/tests/permission.test.js b/tests/permission.test.js
index ba56cd0..4349da7 100644
--- a/tests/permission.test.js
+++ b/tests/permission.test.js
@@ -24,7 +24,9 @@ describe('Insertion tests', () => {
             .set('Authorization', `Bearer ${adminMasterAccountToken}`)
             .send({
                 action: ActionTypes.READ,
-                router: RouterTypes.GROUP
+                router: RouterTypes.GROUP,
+                identifiedBy: KeyTypes.NAME,
+                values: ['Group 1', 'Group 2']
             }).expect(201);
 
         // DB validation - document created
@@ -42,7 +44,7 @@ describe('Insertion tests', () => {
             .send({
                 action: ActionTypes.READ,
                 route: RouterTypes.GROUP
-            }).expect(422);
+            }).expect(400);
     });
 
     test('PERMISSION_SUITE - Should NOT create a new Permission - Missing required parameter', async () => {
@@ -51,7 +53,7 @@ describe('Insertion tests', () => {
             .set('Authorization', `Bearer ${adminMasterAccountToken}`)
             .send({
                 action: ActionTypes.READ
-            }).expect(422);
+            }).expect(400);
     });
 
     test('PERMISSION_SUITE - Should NOT create a new Permission - Team not found', async () => {