diff --git a/spec/serializers/rest/account_serializer_spec.rb b/spec/serializers/rest/account_serializer_spec.rb
index 15939e484d8..a57b3105d95 100644
--- a/spec/serializers/rest/account_serializer_spec.rb
+++ b/spec/serializers/rest/account_serializer_spec.rb
@@ -25,6 +25,10 @@ describe REST::AccountSerializer do
     it 'returns the expected role' do
       expect(subject['roles'].first).to include({ 'name' => 'Role' })
     end
+
+    it 'does not expose the roles permissions' do
+      expect(subject['roles'].first).to_not include({ 'permissions' => role.computed_permissions.to_s })
+    end
   end
 
   context 'when the account has a non-highlighted role' do