diff --git a/src/Command/LoadDefaultUserGroupsCommand.php b/src/Command/LoadDefaultUserGroupsCommand.php
index a4bdda2..51bc6fe 100644
--- a/src/Command/LoadDefaultUserGroupsCommand.php
+++ b/src/Command/LoadDefaultUserGroupsCommand.php
@@ -3,6 +3,7 @@
 namespace App\Command;
 
 use App\Entity\UserGroup;
+use App\Model\UserGroupPermissions;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
@@ -22,22 +23,22 @@ class LoadDefaultUserGroupsCommand extends Command
         $userGroups = [
             [
                 'name' => 'Super Admin',
-                'permissions' => ['ROLE_SUPER_ADMIN'],
+                'permissions' => [UserGroupPermissions::ROLE_SUPER_ADMIN],
                 'enabled' => true
             ],
             [
                 'name' => 'Administrador de aulas',
-                'permissions' => ['ROLE_ORGANIZATIONAL_UNIT_ADMIN'],
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_ADMIN],
                 'enabled' => true
             ],
             [
                 'name' => 'Operador de aulas',
-                'permissions' => ['ROLE_ORGANIZATIONAL_UNIT_OPERATOR'],
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_OPERATOR],
                 'enabled' => true
             ],
             [
-                'name' => 'Usuario',
-                'permissions' => ['ROLE_USER'],
+                'name' => 'Usuario básico de aulas',
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_MINIMAL],
                 'enabled' => true
             ],
         ];
diff --git a/src/Dto/Input/UserGroupInput.php b/src/Dto/Input/UserGroupInput.php
index 71047cf..918e1ef 100644
--- a/src/Dto/Input/UserGroupInput.php
+++ b/src/Dto/Input/UserGroupInput.php
@@ -3,6 +3,7 @@
 namespace App\Dto\Input;
 
 use App\Entity\UserGroup;
+use App\Validator\Constraints\UserGroupsValidPermission;
 use Symfony\Component\Serializer\Annotation\Groups;
 use Symfony\Component\Validator\Constraints as Assert;
 
@@ -13,6 +14,7 @@ final class UserGroupInput
     public ?string $name = null;
 
     #[Groups(['user-group:write'])]
+    #[UserGroupsValidPermission]
     public ?array $permissions = [];
 
     #[Assert\NotNull]
diff --git a/src/Model/UserGroupPermissions.php b/src/Model/UserGroupPermissions.php
new file mode 100644
index 0000000..90a3c9b
--- /dev/null
+++ b/src/Model/UserGroupPermissions.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Model;
+
+final class UserGroupPermissions
+{
+    public const ROLE_SUPER_ADMIN = 'ROLE_SUPER_ADMIN';
+    public const ROLE_ORGANIZATIONAL_UNIT_ADMIN = 'ROLE_ORGANIZATIONAL_UNIT_ADMIN';
+    public const ROLE_ORGANIZATIONAL_UNIT_OPERATOR = 'ROLE_ORGANIZATIONAL_UNIT_OPERATOR';
+    public const ROLE_ORGANIZATIONAL_UNIT_MINIMAL = 'ROLE_ORGANIZATIONAL_UNIT_MINIMAL';
+
+    public const ROLE_USER = 'ROLE_USER';
+
+    private const ROLE_NAMES = [
+        self::ROLE_SUPER_ADMIN => 'Super Admin',
+        self::ROLE_ORGANIZATIONAL_UNIT_ADMIN => 'Admin de aulas',
+        self::ROLE_ORGANIZATIONAL_UNIT_OPERATOR => 'Operador de aulas',
+        self::ROLE_ORGANIZATIONAL_UNIT_MINIMAL => 'Usuario básico de aulas',
+        self::ROLE_USER => 'Usuario',
+    ];
+
+    public static function getRoleNames(): array
+    {
+        return self::ROLE_NAMES;
+    }
+
+    public static function getRoleName(string $role): ?string
+    {
+        return self::ROLE_NAMES[$role] ?? null;
+    }
+
+    public static function getRoles(): array
+    {
+        return array_keys(self::ROLE_NAMES);
+    }
+}
\ No newline at end of file
diff --git a/src/Validator/Constraints/UserGroupsValidPermission.php b/src/Validator/Constraints/UserGroupsValidPermission.php
new file mode 100644
index 0000000..b4a2841
--- /dev/null
+++ b/src/Validator/Constraints/UserGroupsValidPermission.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Validator\Constraints;
+
+use App\Model\UserGroupPermissions;
+use Symfony\Component\Validator\Constraint;
+
+#[\Attribute]
+class UserGroupsValidPermission extends Constraint
+{
+    private array $roles;
+    public string $message;
+
+    public function __construct(mixed $options = null, ?array $groups = null, mixed $payload = null)
+    {
+        parent::__construct($options, $groups, $payload);
+
+        $this->roles = UserGroupPermissions::getRoles();
+        $this->message = sprintf(
+            'The permission is not valid. Please use one of the following: %s',
+            implode(', ', $this->roles)
+        );
+    }
+
+
+}
\ No newline at end of file
diff --git a/src/Validator/Constraints/UserGroupsValidPermissionValidator.php b/src/Validator/Constraints/UserGroupsValidPermissionValidator.php
new file mode 100644
index 0000000..031039a
--- /dev/null
+++ b/src/Validator/Constraints/UserGroupsValidPermissionValidator.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Validator\Constraints;
+
+use App\Model\UserGroupPermissions;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+class UserGroupsValidPermissionValidator extends ConstraintValidator
+{
+    public function validate($value, Constraint $constraint): void
+    {
+        if (null === $value) {
+            return;
+        }
+
+        foreach ($value as $role) {
+            if (!in_array($role, UserGroupPermissions::getRoles())) {
+                $this->context->buildViolation($constraint->message)->addViolation();
+            }
+        }
+    }
+}
\ No newline at end of file