diff --git a/drafts/macaroons_caveats.rst b/drafts/macaroons_caveats.rst
index a7c1b036..71c4784e 100644
--- a/drafts/macaroons_caveats.rst
+++ b/drafts/macaroons_caveats.rst
@@ -21,14 +21,17 @@ Specified caveats:
 
 +-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
 | Caveat name | Description                                      | Legal Values                                                                                   |
-+-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
++=============+==================================================+================================================================================================+
 | gen         | Generation of the macaroon caveat spec.          | 1                                                                                              |
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
 | user_id     | ID of the user for which this macaroon is valid. | Pure equality check. Operator must be =.                                                       |
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
 | type        | The purpose of this macaroon.                    | access - used to authorize any action except token refresh                                     |
 |             |                                                  | refresh - only used to authorize a token refresh                                               |
 |             |                                                  | login - issued as a very short-lived token by third party login flows; proves that             |
 |             |                                                  | authentication has happened but doesn't grant any privileges other than being able to be       |
 |             |                                                  | exchanged for other tokens.                                                                    |
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
 | time        | Time before/after which this macaroon is valid.  | A POSIX timestamp in milliseconds (in UTC).                                                    |
 |             |                                                  | Operator < means the macaroon is valid before the timestamp, as interpreted by the server.     |
 |             |                                                  | Operator > means the macaroon is valid after the timestamp, as interpreted by the server.      |