diff --git a/packages/web-pkg/src/utils/types.ts b/packages/web-pkg/src/utils/types.ts
index ccc9e4f7410..778906ed484 100644
--- a/packages/web-pkg/src/utils/types.ts
+++ b/packages/web-pkg/src/utils/types.ts
@@ -5,7 +5,7 @@ export type ReadOnlyRef<T> = Readonly<Ref<T>>
 export type MaybeRef<T> = T | Ref<T>
 export type MaybeReadonlyRef<T> = MaybeRef<T> | ReadOnlyRef<T>
 
-export type Actions = 'create' | 'read' | 'update' | 'delete' | 'manage'
-export type Subjects = 'Space'
+export type Actions = 'create' | 'read' | 'update' | 'delete' | 'manage' | 'set-quota'
+export type Subjects = 'Setting' | 'Space' | 'User'
 
 export type Ability = MongoAbility<[Actions, Subjects]>
diff --git a/packages/web-runtime/src/services/auth/userManager.ts b/packages/web-runtime/src/services/auth/userManager.ts
index 54916041e75..67ae9fc91e8 100644
--- a/packages/web-runtime/src/services/auth/userManager.ts
+++ b/packages/web-runtime/src/services/auth/userManager.ts
@@ -276,11 +276,14 @@ export class UserManager extends OidcUserManager {
   private updateUserAbilities(user) {
     const rules: SubjectRawRule<Actions, Subjects, any>[] = []
 
-    // TODO: expand capabilities
     if (!!user.role?.settings.find((s) => s.name === 'create-space')) {
       rules.push({ action: 'create', subject: 'Space' })
     }
 
+    if (!!user.role?.settings.find((s) => s.name === 'set-space-quota')) {
+      rules.push({ action: 'set-quota', subject: 'Space' })
+    }
+
     this.$ability.update(rules)
   }
 }