diff --git a/user/api.go b/user/api.go
index fa37b5e8..fe24b28a 100644
--- a/user/api.go
+++ b/user/api.go
@@ -312,6 +312,16 @@ func (a *Api) CreateCustodialUser(res http.ResponseWriter, req *http.Request, va
 		return
 	} else {
 		permissions := clients.Permissions{"custodian": clients.Allowed, "view": clients.Allowed, "upload": clients.Allowed}
+		if custodianUserID != "" {
+			custodian, err := a.Store.WithContext(req.Context()).FindUser(&User{Id: custodianUserID})
+			if err != nil {
+				a.sendError(res, http.StatusNotFound, STATUS_USER_NOT_FOUND, err)
+				return
+			}
+			if custodian.HasRole(RoleCarePartner) {
+				permissions["care_partner"] = clients.Allowed
+			}
+		}
 		if _, err := a.perms.SetPermissions(custodianUserID, newCustodialUser.Id, permissions); err != nil {
 			a.sendError(res, http.StatusInternalServerError, STATUS_ERR_CREATING_USR, err)
 		} else {
diff --git a/user/user.go b/user/user.go
index 421bb8f3..1948dba5 100644
--- a/user/user.go
+++ b/user/user.go
@@ -16,6 +16,7 @@ import (
 const (
 	TimestampFormat      = "2006-01-02T15:04:05-07:00"
 	custodialEmailFormat = "unclaimed-custodial-automation+%020d@tidepool.org"
+	RoleCarePartner      = "care_partner"
 	RoleClinic           = "clinic"
 	RoleClinician        = "clinician"
 	RoleCustodialAccount = "custodial_account"
@@ -28,6 +29,7 @@ var custodialAccountRegexp = regexp.MustCompile("unclaimed-custodial-automation\
 
 var validRoles = map[string]struct{}{
 	RoleBrokered:         {},
+	RoleCarePartner:      {},
 	RoleClinic:           {},
 	RoleClinician:        {},
 	RoleCustodialAccount: {},