diff --git a/app/controllers/admin/enterprise_fees_controller.rb b/app/controllers/admin/enterprise_fees_controller.rb
index 56187450a7..3d118e5083 100644
--- a/app/controllers/admin/enterprise_fees_controller.rb
+++ b/app/controllers/admin/enterprise_fees_controller.rb
@@ -27,7 +27,7 @@ module Admin
     end
 
     def bulk_update
-      @enterprise_fee_set = EnterpriseFeeSet.new(params[:enterprise_fee_set])
+      @enterprise_fee_set = EnterpriseFeeSet.new(enterprise_fee_bulk_params)
 
       if @enterprise_fee_set.save
         redirect_to redirect_path, notice: I18n.t(:enterprise_fees_update_notice)
@@ -78,5 +78,15 @@ module Admin
 
       main_app.admin_enterprise_fees_path
     end
+
+    def enterprise_fee_bulk_params
+      params.require(:enterprise_fee_set).permit(
+        collection_attributes: [
+          :id, :enterprise_id, :fee_type, :name, :tax_category_id,
+          :inherits_tax_category, :calculator_type,
+          { calculator_attributes: [:id, :preferred_flat_percent] }
+        ]
+      )
+    end
   end
 end
diff --git a/app/controllers/admin/order_cycles_controller.rb b/app/controllers/admin/order_cycles_controller.rb
index f6ec38293a..a28060ea5b 100644
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -223,7 +223,7 @@ module Admin
     end
 
     def order_cycle_set
-      @order_cycle_set ||= OrderCycleSet.new(@order_cycles, params[:order_cycle_set])
+      @order_cycle_set ||= OrderCycleSet.new(@order_cycles, order_cycle_bulk_params)
     end
 
     def require_order_cycle_set_params
@@ -240,5 +240,11 @@ module Admin
     def order_cycle_params
       PermittedAttributes::OrderCycle.new(params).call
     end
+
+    def order_cycle_bulk_params
+      params.require(:order_cycle_set).permit(
+        collection_attributes: [:id] + PermittedAttributes::OrderCycle.basic_attributes
+      )
+    end
   end
 end
diff --git a/app/services/permitted_attributes/order_cycle.rb b/app/services/permitted_attributes/order_cycle.rb
index b81dccef0f..046726a96f 100644
--- a/app/services/permitted_attributes/order_cycle.rb
+++ b/app/services/permitted_attributes/order_cycle.rb
@@ -9,17 +9,24 @@ module PermittedAttributes
     def call
       return @params[:order_cycle] if @params[:order_cycle].blank?
 
-      @params.require(:order_cycle).permit(
+      @params.require(:order_cycle).permit(attributes)
+    end
+
+    def self.basic_attributes
+      [
         :name, :orders_open_at, :orders_close_at, :coordinator_id,
         :preferred_product_selection_from_coordinator_inventory_only,
-        incoming_exchanges: permitted_exchange_attributes,
-        outgoing_exchanges: permitted_exchange_attributes,
         schedule_ids: [], coordinator_fee_ids: []
-      )
+      ]
     end
 
     private
 
+    def attributes
+      self.class.basic_attributes + [incoming_exchanges: permitted_exchange_attributes,
+                                     outgoing_exchanges: permitted_exchange_attributes]
+    end
+
     def permitted_exchange_attributes
       [
         :id, :sender_id, :receiver_id, :enterprise_id, :incoming, :active,