diff --git a/app/controllers/admin/enterprise_relationships_controller.rb b/app/controllers/admin/enterprise_relationships_controller.rb
index 0ffb648f44..1996b4f73d 100644
--- a/app/controllers/admin/enterprise_relationships_controller.rb
+++ b/app/controllers/admin/enterprise_relationships_controller.rb
@@ -7,7 +7,7 @@ module Admin
     end
 
     def create
-      @enterprise_relationship = EnterpriseRelationship.new params[:enterprise_relationship]
+      @enterprise_relationship = EnterpriseRelationship.new enterprise_relationship_params
 
       if @enterprise_relationship.save
         render text: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
@@ -21,5 +21,11 @@ module Admin
       @enterprise_relationship.destroy
       render nothing: true
     end
+
+    private
+
+    def enterprise_relationship_params
+      params.require(:enterprise_relationship).permit(:parent_id, :child_id, :permissions_list)
+    end
   end
 end