diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
index ac6ac4c52..80fbc627a 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@@ -575,21 +575,21 @@ class AuthorizationService:
         """
         permissions_to_assign: list[PermissionToAssign] = []
         if target.startswith("PG:"):
-            process_group_identifier = target.removeprefix("PG:").replace(":", "/")
+            process_group_identifier = target.removeprefix("PG:").replace(":", "/").removeprefix('/')
             process_related_path_segment = f"{process_group_identifier}/*"
-            target_uris = []
             if process_group_identifier == "ALL":
                 process_related_path_segment = "*"
-                target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
+            target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
             permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
 
         elif target.startswith("PM:"):
-            process_model_identifier = target.removeprefix("PM:").replace(":", "/")
+            process_model_identifier = target.removeprefix("PM:").replace(":", "/").removeprefix('/')
             process_related_path_segment = f"{process_model_identifier}/*"
-            target_uris = []
+
             if process_model_identifier == "ALL":
                 process_related_path_segment = "*"
-                target_uris = [f"/process-models/{process_related_path_segment}"]
+
+            target_uris = [f"/process-models/{process_related_path_segment}"]
             permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
 
         elif target.startswith("BASIC"):
diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
index f42746289..ee77a2425 100644
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@@ -144,3 +144,44 @@ class TestAuthorizationService(BaseTest):
         ProcessInstanceService.complete_form_task(
             processor, spiff_task, {}, finance_user, human_task
         )
+
+    def test_explode_permissions_all_on_process_model(
+        self,
+        app: Flask,
+        client: FlaskClient,
+        with_db_and_bpmn_file_cleanup: None,
+        with_super_admin_user: UserModel,
+    ) -> None:
+        expected_permissions = [
+            ('/logs/some-process-group/some-process-model/*', 'create'),
+            ('/logs/some-process-group/some-process-model/*', 'delete'),
+            ('/logs/some-process-group/some-process-model/*', 'read'),
+            ('/logs/some-process-group/some-process-model/*', 'update'),
+            ('/process-groups/some-process-group/some-process-model/*', 'create'),
+            ('/process-groups/some-process-group/some-process-model/*', 'delete'),
+            ('/process-groups/some-process-group/some-process-model/*', 'read'),
+            ('/process-groups/some-process-group/some-process-model/*', 'update'),
+            ('/process-instance-suspend/some-process-group/some-process-model/*', 'create'),
+            ('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'),
+            ('/process-instance-suspend/some-process-group/some-process-model/*', 'read'),
+            ('/process-instance-suspend/some-process-group/some-process-model/*', 'update'),
+            ('/process-instance-terminate/some-process-group/some-process-model/*', 'create'),
+            ('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'),
+            ('/process-instance-terminate/some-process-group/some-process-model/*', 'read'),
+            ('/process-instance-terminate/some-process-group/some-process-model/*', 'update'),
+            ('/process-instances/some-process-group/some-process-model/*', 'create'),
+            ('/process-instances/some-process-group/some-process-model/*', 'delete'),
+            ('/process-instances/some-process-group/some-process-model/*', 'read'),
+            ('/process-instances/some-process-group/some-process-model/*', 'update'),
+            ('/process-models/some-process-group/some-process-model/*', 'create'),
+            ('/process-models/some-process-group/some-process-model/*', 'delete'),
+            ('/process-models/some-process-group/some-process-model/*', 'read'),
+            ('/process-models/some-process-group/some-process-model/*', 'update'),
+            ('/task-data/some-process-group/some-process-model/*', 'create'),
+            ('/task-data/some-process-group/some-process-model/*', 'delete'),
+            ('/task-data/some-process-group/some-process-model/*', 'read'),
+            ('/task-data/some-process-group/some-process-model/*', 'update'),
+        ]
+        permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model')
+        permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
+        assert permissions_to_assign_tuples == expected_permissions