diff --git a/app/controllers/admin/enterprise_roles_controller.rb b/app/controllers/admin/enterprise_roles_controller.rb
index 98810e2a64..299292238e 100644
--- a/app/controllers/admin/enterprise_roles_controller.rb
+++ b/app/controllers/admin/enterprise_roles_controller.rb
@@ -7,7 +7,7 @@ module Admin
     end
 
     def create
-      @enterprise_role = EnterpriseRole.new params[:enterprise_role]
+      @enterprise_role = EnterpriseRole.new enterprise_role_params
 
       if @enterprise_role.save
         render text: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json
@@ -22,5 +22,11 @@ module Admin
       @enterprise_role.destroy
       render nothing: true
     end
+
+    private
+
+    def enterprise_role_params
+      params.require(:enterprise_role).permit(:user_id, :enterprise_id)
+    end
   end
 end