diff --git a/apps/backend/src/lib/config.tsx b/apps/backend/src/lib/config.tsx
index 1c13f1edf..e384091d2 100644
--- a/apps/backend/src/lib/config.tsx
+++ b/apps/backend/src/lib/config.tsx
@@ -321,7 +321,7 @@ export async function getEnvironmentConfigOverride(options: EnvironmentOptions):
     .sort((a, b) => stringCompare(a.id, b.id));
 
   for (const perm of projectPermissionDefinitions) {
-    configOverride[`teams.projectPermissionDefinitions.${perm.id}`] = filterUndefined({
+    configOverride[`users.userPermissionDefinitions.${perm.id}`] = filterUndefined({
       description: perm.description,
       containedPermissions: typedFromEntries(perm.contained_permission_ids.map(containedPerm => [containedPerm, {}]))
     });
diff --git a/packages/stack-shared/src/config/format.ts b/packages/stack-shared/src/config/format.ts
index d924339e0..b949f2e92 100644
--- a/packages/stack-shared/src/config/format.ts
+++ b/packages/stack-shared/src/config/format.ts
@@ -33,7 +33,7 @@ export function getInvalidConfigReason(c: unknown, options: { configName?: strin
   if (c === null || typeof c !== 'object') return `${configName} must be a non-null object`;
   for (const [key, value] of Object.entries(c)) {
     if (typeof key !== 'string') return `${configName} must have only string keys (found: ${typeof key})`;
-    if (!key.match(/^[a-zA-Z0-9_$][a-zA-Z_$0-9\-]*(?:\.[a-zA-Z0-9_$][a-zA-Z_$0-9\-]*)*$/)) return `All keys of ${configName} must consist of only alphanumeric characters, dots, underscores, dollar signs, or hyphens and start with a character other than a hyphen (found: ${key})`;
+    if (!key.match(/^[a-zA-Z0-9_:$][a-zA-Z_:$0-9\-]*(?:\.[a-zA-Z0-9_:$][a-zA-Z_:$0-9\-]*)*$/)) return `All keys of ${configName} must consist of only alphanumeric characters, dots, underscores, colons, dollar signs, or hyphens and start with a character other than a hyphen (found: ${key})`;
 
     const entryName = `${configName}.${key}`;
     const reason = getInvalidConfigValueReason(value, { valueName: entryName });