diff --git a/acl/policy.go b/acl/policy.go
index bb22b45b8..b077d053e 100644
--- a/acl/policy.go
+++ b/acl/policy.go
@@ -33,6 +33,9 @@ const (
 	NamespaceCapabilityAllocNodeExec    = "alloc-node-exec"
 	NamespaceCapabilityAllocLifecycle   = "alloc-lifecycle"
 	NamespaceCapabilitySentinelOverride = "sentinel-override"
+	NamespaceCapabilityPrivilegedTask   = "privileged-task"
+	NamespaceCapabilityCSIAccess        = "csi-access"
+	NamespaceCapabilityCSICreateVolume  = "csi-create-volume"
 )
 
 var (
@@ -122,7 +125,8 @@ func isNamespaceCapabilityValid(cap string) bool {
 	case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob,
 		NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs,
 		NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle,
-		NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec:
+		NamespaceCapabilityAllocExec, NamespaceCapabilityAllocNodeExec,
+		NamespaceCapabilityCSIAccess, NamespaceCapabilityCSICreateVolume:
 		return true
 	// Separate the enterprise-only capabilities
 	case NamespaceCapabilitySentinelOverride: