diff --git a/src/spiffworkflow_backend/models/permission_target.py b/src/spiffworkflow_backend/models/permission_target.py
index 988a2be7..a9c738e6 100644
--- a/src/spiffworkflow_backend/models/permission_target.py
+++ b/src/spiffworkflow_backend/models/permission_target.py
@@ -19,7 +19,7 @@ class PermissionTargetModel(SpiffworkflowBaseDBModel):
 
     @validates("uri")
     def validate_uri(self, key: str, value: str) -> str:
-        if re.search(r"\*.", value):
+        if re.search(r"%.", value):
             raise InvalidPermissionTargetUri(
                 f"Invalid Permission Target Uri: {value}"
             )
diff --git a/src/spiffworkflow_backend/services/authorization_service.py b/src/spiffworkflow_backend/services/authorization_service.py
index a2167da5..5d0bc80b 100644
--- a/src/spiffworkflow_backend/services/authorization_service.py
+++ b/src/spiffworkflow_backend/services/authorization_service.py
@@ -65,7 +65,6 @@ class AuthorizationService:
             principals.append(group.principal)
 
         return cls.has_permission(principals, permission, target_uri)
-        # return False
 
     # def refresh_token(self, token: str) -> str:
     #     """Refresh_token."""
diff --git a/tests/spiffworkflow_backend/unit/test_permission_target.py b/tests/spiffworkflow_backend/unit/test_permission_target.py
index d21ac799..f8398bcb 100644
--- a/tests/spiffworkflow_backend/unit/test_permission_target.py
+++ b/tests/spiffworkflow_backend/unit/test_permission_target.py
@@ -12,7 +12,7 @@ class TestPermissionTarget(BaseTest):
     def test_asterisk_must_go_at_the_end_of_uri(
         self, app: Flask, with_db_and_bpmn_file_cleanup: None
     ) -> None:
-        permission_target = PermissionTargetModel(uri="/test_group/*")
+        permission_target = PermissionTargetModel(uri="/test_group/%")
         db.session.add(permission_target)
         db.session.commit()
 
@@ -21,7 +21,7 @@ class TestPermissionTarget(BaseTest):
         db.session.commit()
 
         with pytest.raises(InvalidPermissionTargetUri) as exception:
-            PermissionTargetModel(uri="/test_group/*/model")
+            PermissionTargetModel(uri="/test_group/%/model")
         assert (
-            str(exception.value) == "Invalid Permission Target Uri: /test_group/*/model"
+            str(exception.value) == "Invalid Permission Target Uri: /test_group/%/model"
         )