diff --git a/src/api2/types.rs b/src/api2/types.rs
index 90207861..5b852a88 100644
--- a/src/api2/types.rs
+++ b/src/api2/types.rs
@@ -257,8 +257,10 @@ pub const ACL_ROLE_SCHEMA: Schema = StringSchema::new(
         "Admin",
         "Audit",
         "Datastore.Admin",
+        "Datastore.Reader",
         "Datastore.Audit",
-        "Datastore.User",
+        "Datastore.Backup",
+        "Datastore.PowerUser",
         "NoAccess",
     ]))
     .schema();
diff --git a/tests/verify-api.rs b/tests/verify-api.rs
index d919f154..a5887758 100644
--- a/tests/verify-api.rs
+++ b/tests/verify-api.rs
@@ -142,3 +142,27 @@ fn verify_root_api() -> Result<(), Error> {
 
     Ok(())
 }
+
+#[test]
+fn verify_acl_role_schema() -> Result<(), Error> {
+
+    let list = match api2::types::ACL_ROLE_SCHEMA {
+        Schema::String(StringSchema { format: Some(ApiStringFormat::Enum(list)), .. }) => list,
+        _ => unreachable!(),
+    };
+
+    let map = &proxmox_backup::config::acl::ROLE_NAMES;
+    for item in *list {
+        if !map.contains_key(item) {
+            bail!("found role '{}' without description/mapping", item);
+        }
+    }
+
+    for role in map.keys() {
+        if !list.contains(role) {
+            bail!("role '{}' missing in ACL_ROLE_SCHEMA enum", role);
+        }
+    }
+
+    Ok(())
+}