diff --git a/sas/sasjs/macros/mpe_accesscheck.sas b/sas/sasjs/macros/mpe_accesscheck.sas
index 63f9ca2..9c4555c 100755
--- a/sas/sasjs/macros/mpe_accesscheck.sas
+++ b/sas/sasjs/macros/mpe_accesscheck.sas
@@ -14,7 +14,7 @@
       @li EDIT
       @li APPROVE
       @li VIEW
-  @param [in] cntl_lib= (MPELIB) The name of a global macro variable that
+  @param [in] cntl_lib_var= (MPELIB) The name of a global macro variable that
     contains the libref in which the MPE_SECURITY table is stored
   @param [out] outds= (MED_ACCESSCHECK) Output WORK table containing all the
     groups for which the user is granted the particular ACCESS_LEVEL.
@@ -41,7 +41,7 @@
     ,outds=med_accesscheck /* WORK table to contain access details */
     ,user= /* metadata user to check for */
     ,access_level=APPROVE
-    ,cntl_lib=MPELIB
+    ,cntl_lib_var=MPELIB
   );
 
   %if &user= %then %let user=%mf_getuser();
@@ -70,7 +70,7 @@
   proc sql;
   create table &tempds2 as
     select distinct sas_group
-    from &&&cntl_lib...mpe_security
+    from &&&cntl_lib_var...mpe_security
     where &dc_dttmtfmt. lt tx_to
     and access_level="&access_level"
     and (
diff --git a/sas/sasjs/macros/mpe_accesscheck.test.sas b/sas/sasjs/macros/mpe_accesscheck.test.sas
index 3b39845..7deaa72 100644
--- a/sas/sasjs/macros/mpe_accesscheck.test.sas
+++ b/sas/sasjs/macros/mpe_accesscheck.test.sas
@@ -30,7 +30,7 @@ run;
 /* create demo MPE_SECURITY table */
 data work.mpe_security;
   if 0 then set &dc_libref..mpe_security;
-  do access_level='EDIT','APPROVE','VIEW';
+  do access_level='EDIT','APPROVE','VIEW','SIGNOFF','AUDIT';
     LIBREF='SOMELIB';
     DSN='SOMEDS';
     sas_group="&groupname";
@@ -40,12 +40,13 @@ data work.mpe_security;
   end;
 run;
 
+%let WRK=WORK;
 
 %mpe_accesscheck(
   SOMELIB.SOMEDS
   ,outds=work.test1
   ,access_level=APPROVE
-  ,cntl_lib=WORK
+  ,cntl_lib_var=WRK
 )
 %mp_assertdsobs(work.test1,
   desc=Test 1 - One record returned,
@@ -57,9 +58,9 @@ run;
   SOMELIB.INVALID
   ,outds=work.test2
   ,access_level=APPROVE
-  ,cntl_lib=WORK
+  ,cntl_lib_var=WRK
 )
-%mp_assertdsobs(work.test1,
+%mp_assertdsobs(work.test2,
   desc=Test 12 - 0 records returned,
   test=EQUALS 0,
   outds=work.test_results
diff --git a/sas/sasjs/services/hooks/mpe_security_postedit.sas b/sas/sasjs/services/hooks/mpe_security_postedit.sas
index fce2cd8..7697bc4 100644
--- a/sas/sasjs/services/hooks/mpe_security_postedit.sas
+++ b/sas/sasjs/services/hooks/mpe_security_postedit.sas
@@ -13,17 +13,22 @@
 
 **/
 
-/* ensure upcase */
+/* ensure upcase and check access level values*/
+%let errval=0;
+%let errmsg=;
 data work.staging_ds;
   set work.staging_ds;
   LIBREF=upcase(LIBREF);
   DSN=upcase(DSN);
   ACCESS_LEVEL=upcase(ACCESS_LEVEL);
+  if ACCESS_LEVEL not in ('EDIT','APPROVE','VIEW','SIGNOFF','AUDIT') then do;
+    putlog "ERR" +(-1) "OR: invalid ACCESS_LEVEL - " access_level;
+    call symputx('errval',1);
+    call symputx('errmsg',"Invalid ACCESS_LEVEL: "!!access_level);
+  end;
 run;
 
-%mp_abort(iftrue=(&syscc ne 0)
+%mp_abort(iftrue=(&errval=1)
   ,mac=mpe_security_postedit.sas
-  ,msg=%superq(errmsg)
-)
-
-
+  ,msg=%str(&errmsg)
+)
\ No newline at end of file