diff --git a/auth/role.go b/auth/role.go
index fd8ac1b3f..b52cc4637 100644
--- a/auth/role.go
+++ b/auth/role.go
@@ -1,11 +1,12 @@
 package auth
 
 import (
+	"io"
+	"os"
+
 	liberr "github.com/jortel/go-utils/error"
 	"github.com/konveyor/tackle2-hub/settings"
 	"gopkg.in/yaml.v2"
-	"io"
-	"os"
 )
 
 var Settings = &settings.Settings
@@ -36,15 +37,15 @@ var AddonRole = []string{
 // Role represents a RBAC role which grants
 // access to particular resources in the hub.
 type Role struct {
-	Name      string     `yaml:"role"`
-	Resources []Resource `yaml:"resources"`
+	Name      string     `yaml:"role" validate:"required"`
+	Resources []Resource `yaml:"resources" validate:"required"`
 }
 
 //
 // Resource is a set of permissions for a hub resource that a role may have.
 type Resource struct {
-	Name  string   `yaml:"name"`
-	Verbs []string `yaml:"verbs"`
+	Name  string   `yaml:"name" validate:"required"`
+	Verbs []string `yaml:"verbs" validate:"required,dive,oneof=get post put patch delete"`
 }
 
 //
@@ -75,7 +76,7 @@ func LoadRoles(path string) (roles []Role, err error) {
 		return
 	}
 
-	err = yaml.Unmarshal(yamlBytes, &roles)
+	err = yaml.UnmarshalStrict(yamlBytes, &roles)
 	if err != nil {
 		err = liberr.Wrap(err)
 		return
@@ -100,7 +101,7 @@ func LoadUsers(path string) (users []User, err error) {
 		return
 	}
 
-	err = yaml.Unmarshal(yamlBytes, &users)
+	err = yaml.UnmarshalStrict(yamlBytes, &users)
 	if err != nil {
 		err = liberr.Wrap(err)
 		return
diff --git a/auth/role_test.go b/auth/role_test.go
new file mode 100644
index 000000000..0997223d7
--- /dev/null
+++ b/auth/role_test.go
@@ -0,0 +1,36 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/onsi/gomega"
+)
+
+func TestLoadYaml(t *testing.T) {
+	g := gomega.NewGomegaWithT(t)
+	roles, err := LoadRoles("./roles.yaml")
+	g.Expect(err).To(gomega.BeNil())
+	users, err := LoadUsers("./users.yaml")
+	g.Expect(err).To(gomega.BeNil())
+
+	validate := validator.New()
+	var roleNames []string
+	for _, role := range roles {
+		err = validate.Struct(role)
+		g.Expect(err).To(gomega.BeNil())
+		for _, resource := range role.Resources {
+			err = validate.Struct(resource)
+			g.Expect(err).To(gomega.BeNil())
+		}
+		roleNames = append(roleNames, role.Name)
+	}
+
+	for _, user := range users {
+		err = validate.Struct(user)
+		g.Expect(err).To(gomega.BeNil())
+		for _, role := range user.Roles {
+			g.Expect(role).To(gomega.BeElementOf(roleNames))
+		}
+	}
+}
diff --git a/auth/roles.yaml b/auth/roles.yaml
index b9035cf5b..a46df37a2 100644
--- a/auth/roles.yaml
+++ b/auth/roles.yaml
@@ -496,7 +496,7 @@
       verbs:
         - get
     - name: targets
-      verb:
+      verbs:
         - get
     - name: analyses
       verbs: