diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp
index cf32e804dc..24334b5e2e 100644
--- a/domain-server/src/DomainGatekeeper.cpp
+++ b/domain-server/src/DomainGatekeeper.cpp
@@ -189,7 +189,7 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
     bool isLocalUser =
         (senderHostAddress == limitedNodeList->getLocalSockAddr().getAddress() || senderHostAddress == QHostAddress::LocalHost);
     if (isLocalUser) {
-        userPerms |= _server->_settingsManager.getPermissionsForName("localhost");
+        userPerms |= _server->_settingsManager.getPermissionsForName(AgentPermissions::standardNameLocalhost);
     }
 
     if (!username.isEmpty() && usernameSignature.isEmpty()) {
@@ -204,7 +204,7 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
 
     if (username.isEmpty()) {
         // they didn't tell us who they are
-        userPerms |= _server->_settingsManager.getPermissionsForName("anonymous");
+        userPerms |= _server->_settingsManager.getPermissionsForName(AgentPermissions::standardNameAnonymous);
     } else if (verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) {
         // they are sent us a username and the signature verifies it
         if (_server->_settingsManager.havePermissionsForName(username)) {
@@ -212,7 +212,7 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
             userPerms |= _server->_settingsManager.getPermissionsForName(username);
         } else {
             // they are logged into metaverse, but we don't have specific permissions for them.
-            userPerms |= _server->_settingsManager.getPermissionsForName("logged-in");
+            userPerms |= _server->_settingsManager.getPermissionsForName(AgentPermissions::standardNameLoggedIn);
         }
     } else {
         // they sent us a username, but it didn't check out
diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp
index 9d5da9deb9..36f030f249 100644
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@@ -206,15 +206,18 @@ void DomainServerSettingsManager::setupConfigMap(const QStringList& argumentList
             QStringList allowedEditors = valueOrDefaultValueForKeyPath(ALLOWED_EDITORS_SETTINGS_KEYPATH).toStringList();
             bool onlyEditorsAreRezzers = valueOrDefaultValueForKeyPath(EDITORS_ARE_REZZERS_KEYPATH).toBool();
 
-            _agentPermissions["localhost"].reset(new AgentPermissions("localhost"));
-            _agentPermissions["localhost"]->setAll(true);
-            _agentPermissions["anonymous"].reset(new AgentPermissions("anonymous"));
-            _agentPermissions["logged-in"].reset(new AgentPermissions("logged-in"));
+            _agentPermissions[AgentPermissions::standardNameLocalhost].reset(
+                new AgentPermissions(AgentPermissions::standardNameLocalhost));
+            _agentPermissions[AgentPermissions::standardNameLocalhost]->setAll(true);
+            _agentPermissions[AgentPermissions::standardNameAnonymous].reset(
+                new AgentPermissions(AgentPermissions::standardNameAnonymous));
+            _agentPermissions[AgentPermissions::standardNameLoggedIn].reset(
+                new AgentPermissions(AgentPermissions::standardNameLoggedIn));
 
             if (isRestrictedAccess) {
                 // only users in allow-users list can connect
-                _agentPermissions["anonymous"]->canConnectToDomain = false;
-                _agentPermissions["logged-in"]->canConnectToDomain = false;
+                _agentPermissions[AgentPermissions::standardNameAnonymous]->canConnectToDomain = false;
+                _agentPermissions[AgentPermissions::standardNameLoggedIn]->canConnectToDomain = false;
             } // else anonymous and logged-in retain default of canConnectToDomain = true
 
             foreach (QString allowedUser, allowedUsers) {
@@ -291,9 +294,9 @@ void DomainServerSettingsManager::unpackPermissions(const QStringList& argumentL
     foreach (QVariant permsHash, permissionsList) {
         AgentPermissionsPointer perms { new AgentPermissions(permsHash.toMap()) };
         QString id = perms->getID();
-        foundLocalhost |= (id == "localhost");
-        foundAnonymous |= (id == "anonymous");
-        foundLoggedIn |= (id == "logged-in");
+        foundLocalhost |= (id == AgentPermissions::standardNameLocalhost);
+        foundAnonymous |= (id == AgentPermissions::standardNameAnonymous);
+        foundLoggedIn |= (id == AgentPermissions::standardNameLoggedIn);
         if (_agentPermissions.contains(id)) {
             qDebug() << "duplicate name in permissions table: " << id;
             _agentPermissions[id] |= perms;
@@ -304,20 +307,17 @@ void DomainServerSettingsManager::unpackPermissions(const QStringList& argumentL
 
     // if any of the standard names are missing, add them
     if (!foundLocalhost) {
-        AgentPermissionsPointer perms { new AgentPermissions("localhost") };
+        AgentPermissionsPointer perms { new AgentPermissions(AgentPermissions::standardNameLocalhost) };
         perms->setAll(true);
-        _agentPermissions["localhost"] = perms;
-        // *permissionsList += perms->toVariant();
+        _agentPermissions[perms->getID()] = perms;
     }
     if (!foundAnonymous) {
-        AgentPermissionsPointer perms { new AgentPermissions("anonymous") };
-        _agentPermissions["anonymous"] = perms;
-        // *permissionsList += perms->toVariant();
+        AgentPermissionsPointer perms { new AgentPermissions(AgentPermissions::standardNameAnonymous) };
+        _agentPermissions[perms->getID()] = perms;
     }
     if (!foundLoggedIn) {
-        AgentPermissionsPointer perms { new AgentPermissions("logged-in") };
-        _agentPermissions["logged-in"] = perms;
-        // *permissionsList += perms->toVariant();
+        AgentPermissionsPointer perms { new AgentPermissions(AgentPermissions::standardNameLoggedIn) };
+        _agentPermissions[perms->getID()] = perms;
     }
     if (!foundLocalhost || !foundAnonymous || !foundLoggedIn) {
         packPermissions(argumentList);
diff --git a/libraries/networking/src/AgentPermissions.cpp b/libraries/networking/src/AgentPermissions.cpp
index afe523d15b..49c3e74eba 100644
--- a/libraries/networking/src/AgentPermissions.cpp
+++ b/libraries/networking/src/AgentPermissions.cpp
@@ -13,6 +13,11 @@
 #include <QtCore/QDebug>
 #include "AgentPermissions.h"
 
+QString AgentPermissions::standardNameLocalhost = QString("localhost");
+QString AgentPermissions::standardNameLoggedIn = QString("logged-in");
+QString AgentPermissions::standardNameAnonymous = QString("anonymous");
+
+
 AgentPermissions& AgentPermissions::operator|=(const AgentPermissions& rhs) {
     this->canConnectToDomain |= rhs.canConnectToDomain;
     this->canAdjustLocks |= rhs.canAdjustLocks;
diff --git a/libraries/networking/src/AgentPermissions.h b/libraries/networking/src/AgentPermissions.h
index 9cbda08d92..087c3c6fc8 100644
--- a/libraries/networking/src/AgentPermissions.h
+++ b/libraries/networking/src/AgentPermissions.h
@@ -37,6 +37,11 @@ public:
 
     QString getID() const { return _id; }
 
+    // these 3 names have special meaning.
+    static QString standardNameLocalhost;
+    static QString standardNameLoggedIn;
+    static QString standardNameAnonymous;
+
     // the initializations here should match the defaults in describe-settings.json
     bool canConnectToDomain { true };
     bool canAdjustLocks { false };