diff --git a/doc/api/cli.md b/doc/api/cli.md
index 038929e55aa69c..fafc6e42219e5b 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@@ -1129,11 +1129,9 @@ the [Permission Model][].
 
 Examples can be found in the [File System Permissions][] documentation.
 
-Special shell characters such as `;` must be escaped or quoted:
-
 ```bash
-node --experimental-permission --permission-fs-path-delimiter=\; \
---allow-fs-read=/path/to/index.js index.js
+node --experimental-permission --permission-fs-path-delimiter=";" \
+--allow-fs-read="/path/to/index.js;/path/with,comma" index.js
 ```
 
 ### `--policy-integrity=sri`
diff --git a/src/permission/child_process_permission.cc b/src/permission/child_process_permission.cc
index 6401a15380c448..1dd5e6fb1bf2d6 100644
--- a/src/permission/child_process_permission.cc
+++ b/src/permission/child_process_permission.cc
@@ -1,6 +1,7 @@
 #include "child_process_permission.h"
 
 #include <string>
+#include <unordered_map>
 #include <vector>
 
 namespace node {
diff --git a/src/permission/child_process_permission.h b/src/permission/child_process_permission.h
index ed333887658570..f9198aab0a3061 100644
--- a/src/permission/child_process_permission.h
+++ b/src/permission/child_process_permission.h
@@ -3,6 +3,7 @@
 
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
+#include <unordered_map>
 #include <vector>
 #include "permission/permission_base.h"
 
diff --git a/src/permission/fs_permission.cc b/src/permission/fs_permission.cc
index 9ccd03b6c81309..28a794d7599fe3 100644
--- a/src/permission/fs_permission.cc
+++ b/src/permission/fs_permission.cc
@@ -11,6 +11,7 @@
 #include <filesystem>
 #include <string>
 #include <string_view>
+#include <unordered_map>
 #include <vector>
 
 namespace {
diff --git a/src/permission/inspector_permission.cc b/src/permission/inspector_permission.cc
index 3e846c5d46aeec..fa2fbacd510662 100644
--- a/src/permission/inspector_permission.cc
+++ b/src/permission/inspector_permission.cc
@@ -1,6 +1,7 @@
 #include "inspector_permission.h"
 
 #include <string>
+#include <unordered_map>
 
 namespace node {
 
diff --git a/src/permission/inspector_permission.h b/src/permission/inspector_permission.h
index 0ed27a4a721d02..539c2b916f1f5c 100644
--- a/src/permission/inspector_permission.h
+++ b/src/permission/inspector_permission.h
@@ -4,6 +4,7 @@
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
 #include <string>
+#include <unordered_map>
 #include "permission/permission_base.h"
 
 namespace node {
diff --git a/src/permission/permission.cc b/src/permission/permission.cc
index 6c59705458851a..99449ba4e7487e 100644
--- a/src/permission/permission.cc
+++ b/src/permission/permission.cc
@@ -10,6 +10,7 @@
 
 #include <memory>
 #include <string>
+#include <unordered_map>
 #include <vector>
 
 namespace node {
diff --git a/src/permission/permission_base.h b/src/permission/permission_base.h
index efea8e222726c8..ead343c921deb1 100644
--- a/src/permission/permission_base.h
+++ b/src/permission/permission_base.h
@@ -6,6 +6,7 @@
 #include <map>
 #include <string>
 #include <string_view>
+#include <unordered_map>
 #include "v8.h"
 
 namespace node {
diff --git a/src/permission/worker_permission.cc b/src/permission/worker_permission.cc
index 7ea910ea39011b..957f369d30b21a 100644
--- a/src/permission/worker_permission.cc
+++ b/src/permission/worker_permission.cc
@@ -1,6 +1,7 @@
 #include "permission/worker_permission.h"
 
 #include <string>
+#include <unordered_map>
 #include <vector>
 
 namespace node {
diff --git a/src/permission/worker_permission.h b/src/permission/worker_permission.h
index 9690cf44e7f82d..bce7fcdd2cffa5 100644
--- a/src/permission/worker_permission.h
+++ b/src/permission/worker_permission.h
@@ -3,6 +3,7 @@
 
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
+#include <unordered_map>
 #include <vector>
 #include "permission/permission_base.h"
 
diff --git a/test/parallel/test-cli-permission-deny-fs.js b/test/parallel/test-cli-permission-deny-fs.js
index f26c330e6bd547..2544213cfff192 100644
--- a/test/parallel/test-cli-permission-deny-fs.js
+++ b/test/parallel/test-cli-permission-deny-fs.js
@@ -71,30 +71,6 @@ const path = require('path');
   assert.strictEqual(status, 0);
 }
 
-{
-  const tmpPath = path.resolve('/tmp/');
-  const pathWithComma = path.resolve('/other,path/');
-  const { status, stdout } = spawnSync(
-    process.execPath,
-    [
-      '--experimental-permission',
-      '--allow-fs-write', `${tmpPath};${pathWithComma}`, '--permission-fs-path-delimiter=;', '-e',
-      `console.log(process.permission.has("fs"));
-      console.log(process.permission.has("fs.read"));
-      console.log(process.permission.has("fs.write"));
-      console.log(process.permission.has("fs.write", "/tmp/"));
-      console.log(process.permission.has("fs.write", "/other,path/"));`,
-    ]
-  );
-  const [fs, fsIn, fsOut, fsOutAllowed1, fsOutAllowed2] = stdout.toString().split('\n');
-  assert.strictEqual(fs, 'false');
-  assert.strictEqual(fsIn, 'false');
-  assert.strictEqual(fsOut, 'false');
-  assert.strictEqual(fsOutAllowed1, 'true');
-  assert.strictEqual(fsOutAllowed2, 'true');
-  assert.strictEqual(status, 0);
-}
-
 {
   const { status, stdout } = spawnSync(
     process.execPath,
diff --git a/test/parallel/test-cli-permission-fs-path-delimiter.js b/test/parallel/test-cli-permission-fs-path-delimiter.js
new file mode 100644
index 00000000000000..6d726e1a7fb2ee
--- /dev/null
+++ b/test/parallel/test-cli-permission-fs-path-delimiter.js
@@ -0,0 +1,55 @@
+'use strict';
+
+const { spawnSync } = require('child_process');
+const assert = require('assert');
+const path = require('path');
+
+{
+  const tmpPath = path.resolve('/tmp/');
+  const pathWithComma = path.resolve('/other,path/');
+  const { status, stdout } = spawnSync(
+    process.execPath,
+    [
+      '--experimental-permission',
+      '--allow-fs-write',
+      `${tmpPath};${pathWithComma}`,
+      '--permission-fs-path-delimiter=;',
+      '-e',
+      `console.log(process.permission.has("fs"));
+      console.log(process.permission.has("fs.read"));
+      console.log(process.permission.has("fs.write"));
+      console.log(process.permission.has("fs.write", "/tmp/"));
+      console.log(process.permission.has("fs.write", "/other,path/"));`,
+    ]
+  );
+  const [fs, fsIn, fsOut, fsOutAllowed1, fsOutAllowed2] = stdout.toString().split('\n');
+  assert.strictEqual(fs, 'false');
+  assert.strictEqual(fsIn, 'false');
+  assert.strictEqual(fsOut, 'false');
+  assert.strictEqual(fsOutAllowed1, 'true');
+  assert.strictEqual(fsOutAllowed2, 'true');
+  assert.strictEqual(status, 0);
+}
+
+{
+  const { status, stdout } = spawnSync(
+    process.execPath,
+    [
+      '--experimental-permission',
+      '--allow-fs-read=*',
+      '--allow-fs-write=/tmp/file,with,comma.txt',
+      '--permission-fs-path-delimiter=;',
+      '-e',
+      `console.log(process.permission.has("fs"));
+      console.log(process.permission.has("fs.read"));
+      console.log(process.permission.has("fs.write"));
+      console.log(process.permission.has("fs.write", "/tmp/file,with,comma.txt"));`,
+    ]
+  );
+  const [fs, fsIn, fsOut, fsOutAllowed] = stdout.toString().split('\n');
+  assert.strictEqual(fs, 'false');
+  assert.strictEqual(fsIn, 'true');
+  assert.strictEqual(fsOut, 'false');
+  assert.strictEqual(fsOutAllowed, 'true');
+  assert.strictEqual(status, 0);
+}