diff --git a/apps/folders/views/folder.py b/apps/folders/views/folder.py
index d57d080ee..3d66132cc 100644
--- a/apps/folders/views/folder.py
+++ b/apps/folders/views/folder.py
@@ -41,7 +41,7 @@ class FolderView(APIView):
         lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                      ),
         lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
                                          [Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
@@ -100,7 +100,7 @@ class FolderView(APIView):
         )
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
@@ -152,7 +152,7 @@ class FolderView(APIView):
         )
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py
index d231632ee..ba2c56252 100644
--- a/apps/system_manage/views/user_resource_permission.py
+++ b/apps/system_manage/views/user_resource_permission.py
@@ -117,7 +117,7 @@ class WorkspaceResourceUserPermissionView(APIView):
     @has_permissions(
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -151,7 +151,7 @@ class WorkspaceResourceUserPermissionView(APIView):
     @has_permissions(
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
-                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                     resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
@@ -181,7 +181,7 @@ class WorkspaceResourceUserPermissionView(APIView):
         @has_permissions(
             lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                          operate=Operate.AUTH,
-                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/ROLE/WORKSPACE_MANAGE"),
+                                         resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"),
         lambda r, kwargs: Permission(group=Group(kwargs.get('resource')),
                                      operate=Operate.AUTH,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('resource')}/{kwargs.get('target')}"),
diff --git a/ui/src/components/folder-tree/index.vue b/ui/src/components/folder-tree/index.vue
index c450d3eec..36ffa5636 100644
--- a/ui/src/components/folder-tree/index.vue
+++ b/ui/src/components/folder-tree/index.vue
@@ -48,7 +48,7 @@
               </div>
 
               <div
-                v-if="canOperation && permissionPrecise.folderManage(data.id)"
+                v-if="canOperation && MoreFilledPermission(node, data)"
                 @click.stop
                 v-show="hoverNodeId === data.id"
                 @mouseenter.stop="handleMouseEnter(data)"
@@ -56,28 +56,28 @@
                 class="mr-16"
               >
                 <el-dropdown trigger="click" :teleported="false">
-                  <el-button text class="w-full" v-if="permissionPrecise.folderManage(data.id)">
+                  <el-button text class="w-full" v-if="MoreFilledPermission(node, data)">
                     <AppIcon iconName="app-more"></AppIcon>
                   </el-button>
                   <template #dropdown>
                     <el-dropdown-menu>
                       <el-dropdown-item
                         @click.stop="openCreateFolder(data)"
-                        v-if="node.level !== 3 && permissionPrecise.folderManage(data.id)"
+                        v-if="node.level !== 3 && permissionPrecise.folderCreate(data.id)"
                       >
                         <AppIcon iconName="app-add-folder" class="color-secondary"></AppIcon>
                         {{ $t('components.folder.addChildFolder') }}
                       </el-dropdown-item>
                       <el-dropdown-item
                         @click.stop="openEditFolder(data)"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderEdit(data.id)"
                       >
                         <AppIcon iconName="app-edit" class="color-secondary"></AppIcon>
                         {{ $t('common.edit') }}
                       </el-dropdown-item>
                       <el-dropdown-item
                         @click.stop="openAuthorization(data)"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderAuth(data.id)"
                       > 
                         <AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
                         {{ $t('views.system.resourceAuthorization.title') }}
@@ -86,7 +86,7 @@
                         divided
                         @click.stop="deleteFolder(data)"
                         :disabled="!data.parent_id"
-                        v-if="permissionPrecise.folderManage(data.id)"
+                        v-if="permissionPrecise.folderDelete(data.id)"
                       >
                         <AppIcon iconName="app-delete" class="color-secondary"></AppIcon>
                         {{ $t('common.delete') }}
@@ -175,11 +175,12 @@ const permissionPrecise = computed(() => {
   return permissionMap[resourceType.value!]['workspace']
 })
 
-const MoreFilledPermission = (node: any) => {
+const MoreFilledPermission = (node: any, data: any) => {
   return (
-    (node.level !== 3 && permissionPrecise.value.folderCreate()) ||
-    permissionPrecise.value.folderEdit() ||
-    permissionPrecise.value.folderDelete()
+    (node.level !== 3 && permissionPrecise.value.folderCreate(data.id)) ||
+    permissionPrecise.value.folderEdit(data.id) ||
+    permissionPrecise.value.folderDelete(data.id) ||
+    permissionPrecise.value.folderAuth(data.id)
   )
 }
 
diff --git a/ui/src/components/resource-authorization-drawer/index.vue b/ui/src/components/resource-authorization-drawer/index.vue
index 954cffe0e..c4a16dd0b 100644
--- a/ui/src/components/resource-authorization-drawer/index.vue
+++ b/ui/src/components/resource-authorization-drawer/index.vue
@@ -190,6 +190,8 @@ import permissionMap from '@/permission'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
 const route = useRoute()
 import useStore from '@/stores'
+import { hasPermission } from '@/utils/permission/index'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
 
 const { user } = useStore()
 const props = defineProps<{
@@ -229,9 +231,30 @@ function getAllFolderIds(data: any) {
   return [data.id,...(data.children?.flatMap((child: any) => getAllFolderIds(child)) || [])]
 }
 
+const RESOURCE_PERMISSION_MAP = {
+  application: PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+  knowledge: PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+  tool: PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+} 
+
+const resourceAuthorizationOfManager = computed(() => {
+  return RESOURCE_PERMISSION_MAP[folderType.value]
+})
+
 // 过滤没有Manage权限的文件夹ID
 function filterHasPermissionFolderIds(folderIds: string[]) {
-  return folderIds.filter(id => permissionPrecise.value.folderManage(id))
+  if (hasPermission(
+    [
+      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+      resourceAuthorizationOfManager.value
+    ],'OR'
+  )) {
+    return folderIds
+  }
+  else {
+    return folderIds.filter(id => permissionPrecise.value.folderManage(id))
+  }
+  
 }
 
 function confirmSinglePermission() {
diff --git a/ui/src/permission/application/system-manage.ts b/ui/src/permission/application/system-manage.ts
index d5a538f6d..bce5f638c 100644
--- a/ui/src/permission/application/system-manage.ts
+++ b/ui/src/permission/application/system-manage.ts
@@ -15,6 +15,7 @@ const systemManage = {
     folderEdit: () => false,
     folderRead: () => false,
     folderManage: () => false,
+    folderAuth: () => false,
     export: () =>
         hasPermission(
             [
diff --git a/ui/src/permission/application/workspace.ts b/ui/src/permission/application/workspace.ts
index ac40a5bbb..7169ab369 100644
--- a/ui/src/permission/application/workspace.ts
+++ b/ui/src/permission/application/workspace.ts
@@ -13,12 +13,12 @@ const workspace = {
             ],
             'OR'
     ),
-    folderCreate: () => 
+    folderCreate: (folder_id: string) => 
         hasPermission(
             [
-              RoleConst.USER.getWorkspaceRole,
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_CREATE.getWorkspacePermission,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
               PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
@@ -29,7 +29,37 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+    folderEdit: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+            ],
+            'OR'
+    ),
+    folderAuth: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+    folderDelete: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
             ],
             'OR'
     ),
@@ -73,16 +103,6 @@ const workspace = {
             ],
             'OR'
     ),
-    folderEdit: () => 
-        hasPermission(
-            [
-              RoleConst.USER.getWorkspaceRole,
-              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermission
-            ],
-            'OR'
-    ),
     export: (source_id:string) => 
         hasPermission(
             [
@@ -103,16 +123,7 @@ const workspace = {
             ],
             'OR'
     ),
-    folderDelete: () => 
-        hasPermission(
-            [
-              RoleConst.USER.getWorkspaceRole,
-              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole,
-              PermissionConst.APPLICATION_DELETE.getWorkspacePermission
-            ],
-            'OR'
-    ),
+
     overview_embed: (source_id:string) => 
         hasPermission(
             [
diff --git a/ui/src/permission/knowledge/system-manage.ts b/ui/src/permission/knowledge/system-manage.ts
index b236f9871..0ec4ef06c 100644
--- a/ui/src/permission/knowledge/system-manage.ts
+++ b/ui/src/permission/knowledge/system-manage.ts
@@ -163,6 +163,7 @@ const systemManage = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => 
     hasPermission([
diff --git a/ui/src/permission/knowledge/system-share.ts b/ui/src/permission/knowledge/system-share.ts
index 3bfcd5242..5818212f1 100644
--- a/ui/src/permission/knowledge/system-share.ts
+++ b/ui/src/permission/knowledge/system-share.ts
@@ -189,6 +189,7 @@ const share = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => false,
 }
diff --git a/ui/src/permission/knowledge/workspace-share.ts b/ui/src/permission/knowledge/workspace-share.ts
index 804043b8c..8c5360939 100644
--- a/ui/src/permission/knowledge/workspace-share.ts
+++ b/ui/src/permission/knowledge/workspace-share.ts
@@ -37,6 +37,7 @@ const workspaceShare = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
   hit_test: () => false,
 }
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
index 8a222b8ea..065ee9544 100644
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@@ -20,17 +20,56 @@ const workspace = {
       ],
       'OR',
     ),
-  folderRead: () => true,
+  folderRead: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
   folderManage: () => true,
-  folderCreate: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
+  folderAuth: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderCreate: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderDelete: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderEdit: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
+              PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
     ),
   sync: (source_id:string) =>
     hasPermission(
@@ -82,16 +121,6 @@ const workspace = {
       ],
       'OR',
     ),
-  folderEdit: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
-    ),
   export: (source_id:string) =>
     hasPermission(
       [
@@ -112,16 +141,6 @@ const workspace = {
       ],
       'OR',
     ),
-  folderDelete: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermission,
-        PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
-      ],
-      'OR',
-    ),
   doc_read: () => false,  
   doc_create: (source_id:string) =>
     hasPermission(
diff --git a/ui/src/permission/model/system-manage.ts b/ui/src/permission/model/system-manage.ts
index 2497134c3..bdd12a368 100644
--- a/ui/src/permission/model/system-manage.ts
+++ b/ui/src/permission/model/system-manage.ts
@@ -27,6 +27,7 @@ const systemManage = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
 }
 
diff --git a/ui/src/permission/model/system-share.ts b/ui/src/permission/model/system-share.ts
index fc11e0905..1e556d4ed 100644
--- a/ui/src/permission/model/system-share.ts
+++ b/ui/src/permission/model/system-share.ts
@@ -40,6 +40,7 @@ const share = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
 }
 export default share
diff --git a/ui/src/permission/model/workspace.ts b/ui/src/permission/model/workspace.ts
index 4e40b4472..ad3b67610 100644
--- a/ui/src/permission/model/workspace.ts
+++ b/ui/src/permission/model/workspace.ts
@@ -22,6 +22,7 @@ const workspace = {
     ),
   folderRead: () => true,
   folderManage: () => true,
+  folderAuth: () => false,
   folderCreate: () =>
     hasPermission(
       [
diff --git a/ui/src/permission/tool/system-manage.ts b/ui/src/permission/tool/system-manage.ts
index b8f2d30c6..9c07d106e 100644
--- a/ui/src/permission/tool/system-manage.ts
+++ b/ui/src/permission/tool/system-manage.ts
@@ -78,6 +78,7 @@ const systemManage = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
 
 }
diff --git a/ui/src/permission/tool/system-share.ts b/ui/src/permission/tool/system-share.ts
index 380bff2f4..db9787961 100644
--- a/ui/src/permission/tool/system-share.ts
+++ b/ui/src/permission/tool/system-share.ts
@@ -82,6 +82,7 @@ const share = {
   folderManage: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
+  folderAuth: () => false,
   folderDelete: () => false,
 }
 export default share
diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts
index e1781f234..3a3aa8526 100644
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@@ -40,18 +40,57 @@ const workspace = {
       ],
       'OR'
     ),
-  folderRead: () => true,
-  folderManage: () => true,
-  folderCreate: () =>
-    hasPermission(
-      [
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        RoleConst.USER.getWorkspaceRole,
-        PermissionConst.TOOL_CREATE.getWorkspacePermission,
-        PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole
-      ],
-      'OR'
+  folderCreate: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
     ),
+  folderRead: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.TOOL_FOLDER_READ.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderEdit: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderAuth: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderDelete: (folder_id: string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+  folderManage: () => true,
   delete: (source_id:string) =>
     hasPermission(
       [
@@ -62,16 +101,6 @@ const workspace = {
       ],
       'OR',
     ),
-  folderDelete: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.TOOL_DELETE.getWorkspacePermission,
-        PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole
-      ],
-      'OR',
-    ),
   switch: (source_id:string) =>
     hasPermission(
       [
@@ -92,16 +121,6 @@ const workspace = {
       ],
       'OR'
     ),
-  folderEdit: () =>
-    hasPermission(
-      [
-        RoleConst.USER.getWorkspaceRole,
-        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.TOOL_EDIT.getWorkspacePermission,
-        PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole
-      ],
-      'OR',
-    ),
   copy: (source_id:string) =>
     hasPermission(
       [