diff --git a/app/controllers/admin/enterprises_controller.rb b/app/controllers/admin/enterprises_controller.rb
index d634b4e3fc..dc741f1a8e 100644
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -214,7 +214,8 @@ module Admin
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
-          rule.update(attrs)
+
+          rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
       end
     end
diff --git a/app/services/permitted_attributes/tag_rules.rb b/app/services/permitted_attributes/tag_rules.rb
new file mode 100644
index 0000000000..ce6bd879e0
--- /dev/null
+++ b/app/services/permitted_attributes/tag_rules.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module PermittedAttributes
+  class TagRules
+    def self.attributes
+      [
+        :id, :type, :preferred_customer_tags, :calculator_type,
+        { calculator_attributes: [:id, :preferred_flat_percent] }
+      ]
+    end
+  end
+end