diff --git a/internal/model/model.go b/internal/model/model.go
index 5214c0b..cbc9be2 100644
--- a/internal/model/model.go
+++ b/internal/model/model.go
@@ -51,14 +51,22 @@ type Account struct {
 // valid roles requires a code change, ensuring that typos such as "admim"
 // are caught at grant time rather than silently creating a useless role.
 const (
-	RoleAdmin = "admin"
-	RoleUser  = "user"
+	RoleAdmin     = "admin"
+	RoleUser      = "user"
+	RoleGuest     = "guest"
+	RoleViewer    = "viewer"
+	RoleEditor    = "editor"
+	RoleCommenter = "commenter"
 )
 
 // allowedRoles is the compile-time set of recognised role names.
 var allowedRoles = map[string]struct{}{
-	RoleAdmin: {},
-	RoleUser:  {},
+	RoleAdmin:     {},
+	RoleUser:      {},
+	RoleGuest:     {},
+	RoleViewer:    {},
+	RoleEditor:    {},
+	RoleCommenter: {},
 }
 
 // ValidateRole returns nil if role is an allowlisted role name, or an error
@@ -68,7 +76,7 @@ var allowedRoles = map[string]struct{}{
 // roles (e.g. "admim") by enforcing a compile-time allowlist.
 func ValidateRole(role string) error {
 	if _, ok := allowedRoles[role]; !ok {
-		return fmt.Errorf("model: unknown role %q; allowed roles: admin, user", role)
+		return fmt.Errorf("model: unknown role %q; allowed roles: admin, user, guest, viewer, editor, commenter", role)
 	}
 	return nil
 }