diff --git a/ui/src/router/modules/system.ts b/ui/src/router/modules/system.ts
index 55a122e41..55b0c9e46 100644
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@@ -35,7 +35,7 @@ const systemRouter = {
         permission: [
           new ComplexPermission(
             [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-            [PermissionConst.ROLE_READ],
+            [PermissionConst.ROLE_READ, PermissionConst.WORKSPACE_ROLE_READ],
             [EditionConst.IS_EE],
             'OR',
           ),
@@ -57,7 +57,7 @@ const systemRouter = {
           new ComplexPermission(
             [RoleConst.WORKSPACE_MANAGE, RoleConst.ADMIN],
             [
-              PermissionConst.WORKSPACE_READ.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.WORKSPACE_WORKSPACE_READ,
               PermissionConst.WORKSPACE_READ,
             ],
             [EditionConst.IS_EE],
diff --git a/ui/src/utils/dynamics-api/permission-api.ts b/ui/src/utils/dynamics-api/permission-api.ts
index 2375bd3d2..2e467275a 100644
--- a/ui/src/utils/dynamics-api/permission-api.ts
+++ b/ui/src/utils/dynamics-api/permission-api.ts
@@ -2,6 +2,7 @@ import { PermissionConst, EditionConst, RoleConst } from '@/utils/permission/dat
 import { hasPermission } from '@/utils/permission/index'
 import roleSystemApi from '@/api/system/role'
 import roleWorkspaceApi from '@/api/workspace/role'
+import { ComplexPermission } from '../permission/type'
 
 // 系统管理员 API
 const systemApiMap = {
@@ -19,11 +20,19 @@ const workspaceApiMap = {
 
 export function loadPermissionApi(type: string) {
   if (hasPermission(EditionConst.IS_EE, 'OR')) {
-    if (hasPermission([RoleConst.ADMIN], 'OR')) {
-      // 加载企业版工作空间管理员 API
-      return systemApiMap[type]
-    } else if (hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole], 'OR')) {
+    if (hasPermission(new ComplexPermission (
+      [RoleConst.ADMIN],
+      [PermissionConst.ROLE_READ],
+      [],
+      'OR'),'OR')) {
       // 加载系统管理员 API
+      return systemApiMap[type]
+    } if (hasPermission(new ComplexPermission (
+      [RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+      [PermissionConst.WORKSPACE_ROLE_READ.getWorkspacePermissionWorkspaceManageRole],
+      [],
+      'OR'),'OR' )) {
+      // 加载企业版工作空间管理员 API
       return workspaceApiMap[type]
     }
   }
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index a38a5646b..44a1d755e 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -75,11 +75,11 @@ const PermissionConst = {
 
 
   ROLE_READ: new Permission('ROLE:READ'),
-  ROLE_CREATE: new Permission('ROLE:READ'),
-  ROLE_EDIT: new Permission('ROLE:READ'),
-  ROLE_DELETE: new Permission('ROLE:READ'),
-  ROLE_ADD_MEMBER: new Permission('ROLE:READ'),
-  ROLE_REMOVE_MEMBER: new Permission('ROLE:READ'),
+  ROLE_CREATE: new Permission('ROLE:READ+CREATE'),
+  ROLE_EDIT: new Permission('ROLE:READ+EDIT'),
+  ROLE_DELETE: new Permission('ROLE:READ+DELETE'),
+  ROLE_ADD_MEMBER: new Permission('ROLE:READ+ADD_MEMBER'),
+  ROLE_REMOVE_MEMBER: new Permission('ROLE:READ+REMOVE_MEMBER'),
 
 
   KNOWLEDGE_READ: new Permission('KNOWLEDGE:READ'),
diff --git a/ui/src/views/system/role/component/Member.vue b/ui/src/views/system/role/component/Member.vue
index 485fb4bb2..64e47e214 100644
--- a/ui/src/views/system/role/component/Member.vue
+++ b/ui/src/views/system/role/component/Member.vue
@@ -6,12 +6,11 @@
         @click="handleAdd"
         v-hasPermission="
           new ComplexPermission(
-            [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-            [PermissionConst.ROLE_ADD_MEMBER.getWorkspacePermission],
+            [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+            [PermissionConst.WORKSPACE_ROLE_ADD_MEMBER, PermissionConst.ROLE_ADD_MEMBER],
             [],
             'OR',
-          )
-        "
+          )"
       >
         {{ $t('views.role.member.add') }}
       </el-button>
@@ -57,8 +56,8 @@
               @click.stop="handleDelete(row)"
               v-hasPermission="
                 new ComplexPermission(
-                  [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-                  [PermissionConst.ROLE_REMOVE_MEMBER.getWorkspacePermission],
+                  [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+                  [PermissionConst.ROLE_REMOVE_MEMBER, PermissionConst.WORKSPACE_ROLE_REMOVE_MEMBER],
                   [],
                   'OR',
                 )
diff --git a/ui/src/views/system/role/index.vue b/ui/src/views/system/role/index.vue
index e0f6df65e..027a7849b 100644
--- a/ui/src/views/system/role/index.vue
+++ b/ui/src/views/system/role/index.vue
@@ -2,9 +2,9 @@
   <div class="role-manage p-16-24">
     <h2 class="mb-16">{{ $t('views.role.title') }}</h2>
     <el-card style="--el-card-padding: 0">
-      <div class="flex main-calc-height">
-        <div class="role-left border-r p-16">
-          <div class="p-8 pb-0 mb-12">
+      <div class="flex h-full">
+        <div class="role-left border-r">
+          <div class="p-24 pb-0">
             <el-input
               v-model="filterText"
               :placeholder="$t('common.search')"
@@ -14,113 +14,145 @@
           </div>
           <div class="list-height-left">
             <el-scrollbar v-loading="loading">
-              <div class="color-secondary lighter ml-8 mb-8">
-                <span>{{ $t('views.role.internalRole') }}</span>
-              </div>
-              <common-list
-                :data="filterInternalRole"
-                @click="clickRole"
-                :default-active="currentRole?.id"
-                @mouseenter="mouseenter"
-                @mouseleave="mouseId = ''"
-              >
-                <template #default="{ row }">
-                  <div class="flex-between">
-                    <span class="mr-8">{{ row.role_name }}</span>
-                    <div @click.stop v-show="mouseId === row.id">
-                      <el-dropdown :teleported="false">
-                        <el-button text>
-                          <el-icon class="color-secondary">
-                            <MoreFilled />
-                          </el-icon>
-                        </el-button>
-                        <template #dropdown>
-                          <el-dropdown-menu style="min-width: 80px">
-                            <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8">
-                              <el-icon><EditPen /></el-icon>
-                              {{ $t('common.rename') }}
-                            </el-dropdown-item>
-                            <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8">
-                              <el-icon><Delete /></el-icon>
-                              {{ $t('common.delete') }}
-                            </el-dropdown-item>
-                          </el-dropdown-menu>
-                        </template>
-                      </el-dropdown>
-                    </div>
-                  </div>
-                </template>
-                <template #empty>
-                  <span></span>
-                </template>
-              </common-list>
-
-              <div class="ml-8 border-t flex-between mb-8" style="padding-top: 12px">
-                <span class="color-secondary lighter">{{ $t('views.role.customRole') }}</span>
-                <el-tooltip
-                  effect="dark"
-                  :content="`${$t('common.create')}${$t('views.role.customRole')}`"
-                  placement="top"
+              <div class="p-16">
+                <div class="color-secondary lighter ml-8 mb-8">
+                  <span>{{ $t('views.role.internalRole') }}</span>
+                </div>
+                <common-list
+                  :data="filterInternalRole"
+                  @click="clickRole"
+                  :default-active="currentRole?.id"
+                  @mouseenter="mouseenter"
+                  @mouseleave="mouseId = ''"
                 >
-                  <el-button
-                    type="primary"
-                    text
-                    @click="createOrUpdateRole()"
-                    v-hasPermission="
-                      new ComplexPermission(
-                        [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
-                        [PermissionConst.ROLE_CREATE.getWorkspacePermission],
-                        [],
-                        'OR',
-                      )
-                    "
-                  >
-                    <el-icon :size="18"><Plus /></el-icon>
-                  </el-button>
-                </el-tooltip>
-              </div>
-              <common-list
-                :data="filterCustomRole"
-                @click="clickRole"
-                :default-active="currentRole?.id"
-                @mouseenter="mouseenter"
-                @mouseleave="mouseId = ''"
-              >
-                <template #default="{ row }">
-                  <div class="flex-between">
-                    <span>
-                      {{ row.role_name }}
-                      <span class="color-input-placeholder ml-4"
-                        >({{ roleTypeMap[row.type as RoleTypeEnum] }})</span
-                      >
-                    </span>
-                    <div @click.stop v-show="mouseId === row.id">
-                      <el-dropdown :teleported="false">
-                        <el-button text>
-                          <el-icon class="color-secondary">
-                            <MoreFilled />
-                          </el-icon>
-                        </el-button>
-                        <template #dropdown>
-                          <el-dropdown-menu style="min-width: 80px">
-                            <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8">
-                              <el-icon><EditPen /></el-icon>
-                              {{ $t('common.rename') }}
-                            </el-dropdown-item>
-                            <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8">
-                              <el-icon><Delete /></el-icon>
-                              {{ $t('common.delete') }}
-                            </el-dropdown-item>
-                          </el-dropdown-menu>
-                        </template>
-                      </el-dropdown>
+                  <template #default="{ row }">
+                    <div class="flex-between">
+                      <span class="mr-8">{{ row.role_name }}</span>
+                      <div @click.stop v-show="mouseId === row.id">
+                        <el-dropdown :teleported="false">
+                          <el-button text>
+                            <el-icon class="color-secondary">
+                              <MoreFilled />
+                            </el-icon>
+                          </el-button>
+                          <template #dropdown>
+                            <el-dropdown-menu style="min-width: 80px">
+                              <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_EDIT],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><EditPen /></el-icon>
+                                {{ $t('common.rename') }}
+                              </el-dropdown-item>
+                              <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_DELETE],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><Delete /></el-icon>
+                                {{ $t('common.delete') }}
+                              </el-dropdown-item>
+                            </el-dropdown-menu>
+                          </template>
+                        </el-dropdown>
+                      </div>
                     </div>
-                  </div>
-                </template>
-                <template #empty>
-                  <span></span>
-                </template>
-              </common-list>
+                  </template>
+                  <template #empty>
+                    <span></span>
+                  </template>
+                </common-list>
+
+                <div class="ml-8 border-t flex-between mb-8" style="padding-top: 12px">
+                  <span class="color-secondary lighter">{{ $t('views.role.customRole') }}</span>
+                  <el-tooltip
+                    effect="dark"
+                    :content="`${$t('common.create')}${$t('views.role.customRole')}`"
+                    placement="top"
+                  >
+                    <el-button
+                      type="primary"
+                      text
+                      @click="createOrUpdateRole()"
+                      v-hasPermission="
+                        new ComplexPermission(
+                          [RoleConst.ADMIN],
+                          [PermissionConst.ROLE_CREATE],
+                          [],
+                          'OR',)"
+                    >
+                      <el-icon :size="18"><Plus /></el-icon>
+                    </el-button>
+                  </el-tooltip>
+                </div>
+                <common-list
+                  :data="filterCustomRole"
+                  @click="clickRole"
+                  :default-active="currentRole?.id"
+                  @mouseenter="mouseenter"
+                  @mouseleave="mouseId = ''"
+                >
+                  <template #default="{ row }">
+                    <div class="flex-between">
+                      <span>
+                        {{ row.role_name }}
+                        <span class="color-input-placeholder ml-4"
+                          >({{ roleTypeMap[row.type as RoleTypeEnum] }})</span
+                        >
+                      </span>
+                      <div @click.stop v-show="mouseId === row.id">
+                        <el-dropdown :teleported="false">
+                          <el-button text>
+                            <el-icon class="color-secondary">
+                              <MoreFilled />
+                            </el-icon>
+                          </el-button>
+                          <template #dropdown>
+                            <el-dropdown-menu style="min-width: 80px">
+                              <el-dropdown-item @click.stop="createOrUpdateRole(row)" class="p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_EDIT],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><EditPen /></el-icon>
+                                {{ $t('common.rename') }}
+                              </el-dropdown-item>
+                              <el-dropdown-item @click.stop="deleteRole(row)" class="border-t p-8"
+                                v-if="hasPermission(
+                                  new ComplexPermission(
+                                    [RoleConst.ADMIN],
+                                    [PermissionConst.ROLE_DELETE],
+                                    [],'OR'
+                                  ),'OR'
+                                  )"
+                              >
+                                <el-icon><Delete /></el-icon>
+                                {{ $t('common.delete') }}
+                              </el-dropdown-item>
+                            </el-dropdown-menu>
+                          </template>
+                        </el-dropdown>
+                      </div>
+                    </div>
+                  </template>
+                  <template #empty>
+                    <span></span>
+                  </template>
+                </common-list>
+              </div>
             </el-scrollbar>
           </div>
         </div>
@@ -176,6 +208,7 @@ import { MsgSuccess, MsgConfirm } from '@/utils/message'
 import { loadPermissionApi } from '@/utils/dynamics-api/permission-api'
 import { PermissionConst, RoleConst } from '@/utils/permission/data'
 import { ComplexPermission } from '@/utils/permission/type'
+import { hasPermission } from '@/utils/permission/index'
 
 const filterText = ref('')
 const loading = ref(false)
@@ -240,14 +273,12 @@ function deleteRole(item: RoleItem) {
     },
   )
     .then(() => {
-      loadPermissionApi('role')
-        .deleteRole(item.id, loading)
-        .then(async () => {
-          MsgSuccess(t('common.deleteSuccess'))
-          await getRole()
-          currentRole.value =
-            item.id === currentRole.value?.id ? internalRoleList.value[0] : currentRole.value
-        })
+      loadPermissionApi('role').deleteRole(item.id, loading).then(async () => {
+        MsgSuccess(t('common.deleteSuccess'))
+        await getRole()
+        currentRole.value =
+          item.id === currentRole.value?.id ? internalRoleList.value[0] : currentRole.value
+      })
     })
     .catch(() => {})
 }
@@ -289,3 +320,4 @@ function mouseenter(row: any) {
   }
 }
 </style>
+
diff --git a/ui/src/views/system/workspace/component/Member.vue b/ui/src/views/system/workspace/component/Member.vue
index 42f946468..c3af7189c 100644
--- a/ui/src/views/system/workspace/component/Member.vue
+++ b/ui/src/views/system/workspace/component/Member.vue
@@ -3,7 +3,12 @@
     <el-button
       type="primary"
       @click="handleAdd"
-      v-hasPermission="[RoleConst.ADMIN, PermissionConst.WORKSPACE_ADD_MEMBER]"
+      v-hasPermission="
+        new ComplexPermission(
+          [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+          [PermissionConst.WORKSPACE_ADD_MEMBER, PermissionConst.WORKSPACE_WORKSPACE_ADD_MEMBER],
+          [],
+            'OR',)"
     >
       {{ $t('views.role.member.add') }}
     </el-button>
@@ -42,7 +47,12 @@
             type="primary"
             text
             @click.stop="handleDelete(row)"
-            v-hasPermission="[RoleConst.ADMIN, PermissionConst.WORKSPACE_REMOVE_MEMBER]"
+            v-hasPermission="
+              new ComplexPermission(
+              [RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE],
+              [PermissionConst.WORKSPACE_REMOVE_MEMBER, PermissionConst.WORKSPACE_WORKSPACE_REMOVE_MEMBER],
+              [],
+                'OR',)"
           >
             <AppIcon iconName="app-delete-users"></AppIcon>
           </el-button>
@@ -65,6 +75,8 @@ import AddMemberDrawer from './AddMemberDrawer.vue'
 import WorkspaceApi from '@/api/workspace/workspace'
 import type { WorkspaceMemberItem, WorkspaceItem } from '@/api/type/workspace'
 import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
+
 
 const props = defineProps<{
   currentWorkspace?: WorkspaceItem