diff --git a/acl/policy.go b/acl/policy.go
index db45f1194..eba1204f2 100644
--- a/acl/policy.go
+++ b/acl/policy.go
@@ -28,6 +28,7 @@ const (
 	NamespaceCapabilityDispatchJob      = "dispatch-job"
 	NamespaceCapabilityReadLogs         = "read-logs"
 	NamespaceCapabilityReadFS           = "read-fs"
+	NamespaceCapabilityAllocLifecycle   = "alloc-lifecycle"
 	NamespaceCapabilitySentinelOverride = "sentinel-override"
 )
 
@@ -93,7 +94,7 @@ func isNamespaceCapabilityValid(cap string) bool {
 	switch cap {
 	case NamespaceCapabilityDeny, NamespaceCapabilityListJobs, NamespaceCapabilityReadJob,
 		NamespaceCapabilitySubmitJob, NamespaceCapabilityDispatchJob, NamespaceCapabilityReadLogs,
-		NamespaceCapabilityReadFS:
+		NamespaceCapabilityReadFS, NamespaceCapabilityAllocLifecycle:
 		return true
 	// Separate the enterprise-only capabilities
 	case NamespaceCapabilitySentinelOverride:
@@ -122,6 +123,7 @@ func expandNamespacePolicy(policy string) []string {
 			NamespaceCapabilityDispatchJob,
 			NamespaceCapabilityReadLogs,
 			NamespaceCapabilityReadFS,
+			NamespaceCapabilityAllocLifecycle,
 		}
 	default:
 		return nil
diff --git a/acl/policy_test.go b/acl/policy_test.go
index dece35067..3385370aa 100644
--- a/acl/policy_test.go
+++ b/acl/policy_test.go
@@ -80,6 +80,7 @@ func TestParse(t *testing.T) {
 							NamespaceCapabilityDispatchJob,
 							NamespaceCapabilityReadLogs,
 							NamespaceCapabilityReadFS,
+							NamespaceCapabilityAllocLifecycle,
 						},
 					},
 					{