diff --git a/src/iam/router.py b/src/iam/router.py
index caeb459..316c5fa 100644
--- a/src/iam/router.py
+++ b/src/iam/router.py
@@ -19,6 +19,7 @@ from fastapi import APIRouter, status
 from sqlalchemy.exc import IntegrityError
 from psycopg import errors
 
+from service.exceptions import ServiceNotFoundException
 from src.exceptions import ConflictException
 from src.database import db_dependency
 from src.schemas import ResourceName
@@ -170,18 +171,21 @@ async def get_permissions(db: db_dependency, org_model: org_model_root_claim_que
 	return {"permissions": permission_models}
 
 
-@router.post("/permission")
-async def create_new_permission(db: db_dependency, su: super_admin_dependency, request_mode: IAMPostPermissionRequest):
-	perm_model = Perm(**request_mode.__dict__)
+@router.post("/permission", response_model=IAMPostPermissionResponse)
+async def create_new_permission(db: db_dependency, su: super_admin_dependency, request_model: IAMPostPermissionRequest):
+	service_model = db.get(Service, request_model.service_id)
+	if service_model is None:
+		raise ServiceNotFoundException(service_id=request_model.service_id)
+	perm_model = Perm(**request_model.__dict__)
 	try:
 		db.add(perm_model)
 	except IntegrityError as e:
 		if isinstance(e.orig, errors.UniqueViolation):
 			raise ConflictException(message="Permission already exists")
 	db.flush()
-	response = IAMPostPermissionResponse(permission=PermissionSchema(**perm_model.__dict__))
+	response = {"service_name": perm_model.service_name, "resource": perm_model.resource, "action": perm_model.action}
 	db.commit()
-	return response
+	return {"permission": response}
 
 
 @router.delete("/permission", status_code=status.HTTP_204_NO_CONTENT)
diff --git a/src/iam/schemas.py b/src/iam/schemas.py
index 58e636d..bd2f586 100644
--- a/src/iam/schemas.py
+++ b/src/iam/schemas.py
@@ -10,6 +10,7 @@ from typing import Optional
 
 from pydantic import EmailStr, ConfigDict, Field
 
+from src.service.schemas import ServiceIDMixin
 from src.organisation.schemas import OrgIDMixin
 from src.schemas import CustomBaseModel
 from user.schemas import UserIDMixin
@@ -83,8 +84,7 @@ class IAMDeleteGroupUserResponse(CustomBaseModel):
 class IAMGetPermissionsResponse(CustomBaseModel):
 	permissions: list[PermissionSchema]
 
-class IAMPostPermissionRequest(CustomBaseModel):
-	service_id: int
+class IAMPostPermissionRequest(ServiceIDMixin):
 	resource: str
 	action: str
 
diff --git a/src/service/schemas.py b/src/service/schemas.py
index 2d89400..50e7c35 100644
--- a/src/service/schemas.py
+++ b/src/service/schemas.py
@@ -6,12 +6,12 @@ Models follow the nomenclature of:
 - Mixins: "<Attribute>Mixin"
 - Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "ServiceGetServiceResponse"
 """
-from pydantic import ConfigDict
+from pydantic import ConfigDict, Field
 
 from src.schemas import CustomBaseModel
 
 class ServiceIDMixin(CustomBaseModel):
-	service_id: int
+	service_id: int = Field(gt=0)
 
 class ServiceSchema(CustomBaseModel):
 	model_config = ConfigDict(from_attributes=True, extra="ignore")