diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
index b3562a743..9558cfc59 100644
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@@ -19,6 +19,7 @@ class Group(Enum):
     """
     权限组 一个组一般对应前端一个菜单
     """
+
     USER = "USER_MANAGEMENT"
     # 应用
     APPLICATION = "APPLICATION"
@@ -36,7 +37,7 @@ class Group(Enum):
     KNOWLEDGE = "KNOWLEDGE"
     SYSTEM_KNOWLEDGE = "SYSTEM_KNOWLEDGE"
     SYSTEM_RES_KNOWLEDGE = "SYSTEM_RESOURCE_KNOWLEDGE"
-
+    KNOWLEDGE_HIT_TEST = "KNOWLEDGE_HIT_TEST"
     KNOWLEDGE_DOCUMENT = "KNOWLEDGE_DOCUMENT"
     SYSTEM_KNOWLEDGE_DOCUMENT = "SYSTEM_KNOWLEDGE_DOCUMENT"
     SYSTEM_RES_KNOWLEDGE_DOCUMENT = "SYSTEM_RESOURCE_KNOWLEDGE_DOCUMENT"
@@ -44,6 +45,8 @@ class Group(Enum):
     KNOWLEDGE_PROBLEM = "KNOWLEDGE_PROBLEM"
     SYSTEM_KNOWLEDGE_PROBLEM = "SYSTEM_KNOWLEDGE_PROBLEM"
     SYSTEM_RES_KNOWLEDGE_PROBLEM = "SYSTEM_RESOURCE_KNOWLEDGE_PROBLEM"
+
+    SYSTEM_KNOWLEDGE_HIT_TEST = "SYSTEM_KNOWLEDGE_HIT_TEST"
     SYSTEM_KNOWLEDGE_CHAT_USER = "SYSTEM_KNOWLEDGE_CHAT_USER"
 
     MODEL = "MODEL"
@@ -158,7 +161,6 @@ class Operate(Enum):
     SETTING = "READ+SETTING"  # 管理
     DOWNLOAD = "READ+DOWNLOAD"  # 下载
 
-
 class RoleGroup(Enum):
     # 系统用户
     SYSTEM_USER = "SYSTEM_USER"
@@ -298,6 +300,7 @@ Permission_Label = {
     Group.KNOWLEDGE.value: _("Knowledge"),
     Group.KNOWLEDGE_DOCUMENT.value: _("Document"),
     Group.KNOWLEDGE_PROBLEM.value: _("Problem"),
+    Group.KNOWLEDGE_HIT_TEST.value: _("Hit-Test"),
     Operate.IMPORT.value: _("Import"),
     Operate.EXPORT.value: _("Export"),
     Operate.DEBUG.value: _("Debug"),
@@ -340,6 +343,7 @@ Permission_Label = {
     Group.SYSTEM_KNOWLEDGE.value: _("Knowledge"),
     Group.SYSTEM_KNOWLEDGE_DOCUMENT.value: _("Document"),
     Group.SYSTEM_KNOWLEDGE_PROBLEM.value: _("Problem"),
+    Group.SYSTEM_KNOWLEDGE_HIT_TEST.value: _("Hit-test"),
     Group.SYSTEM_KNOWLEDGE_CHAT_USER.value: _("Dialogue users"),
     Group.SYSTEM_RES_TOOL.value: _("Tool"),
     Group.SYSTEM_RES_MODEL.value: _("Model"),
@@ -579,7 +583,12 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
         parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
     )
-
+    KNOWLEDGE_HIT_TEST = Permission(
+        group=Group.KNOWLEDGE_HIT_TEST, operate=Operate.READ,
+        role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+    )
     KNOWLEDGE_PROBLEM_READ = Permission(
         group=Group.KNOWLEDGE_PROBLEM, operate=Operate.READ,
         role_list=[RoleConstants.ADMIN, RoleConstants.USER],
@@ -1146,6 +1155,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_KNOWLEDGE_PROBLEM, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE]
     )
+    SHARED_KNOWLEDGE_HIT_TEST = Permission(
+        group=Group.SYSTEM_KNOWLEDGE_HIT_TEST, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.SHARED_KNOWLEDGE]
+    )
     SHARED_KNOWLEDGE_CHAT_USER_READ = Permission(
         group=Group.SYSTEM_KNOWLEDGE_CHAT_USER, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE]
diff --git a/apps/knowledge/views/knowledge.py b/apps/knowledge/views/knowledge.py
index d90d1b8c8..57f73c82a 100644
--- a/apps/knowledge/views/knowledge.py
+++ b/apps/knowledge/views/knowledge.py
@@ -196,8 +196,8 @@ class KnowledgeView(APIView):
             tags=[_('Knowledge Base')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.KNOWLEDGE_EDIT.get_workspace_knowledge_permission(),
-            PermissionConstants.KNOWLEDGE_EDIT.get_workspace_permission_workspace_manage_role(),
+            PermissionConstants.KNOWLEDGE_HIT_TEST.get_workspace_knowledge_permission(),
+            PermissionConstants.KNOWLEDGE_HIT_TEST.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             RoleConstants.USER.get_workspace_role()
         )
diff --git a/ui/src/router/modules/document.ts b/ui/src/router/modules/document.ts
index b5a9f700d..d3d414a2c 100644
--- a/ui/src/router/modules/document.ts
+++ b/ui/src/router/modules/document.ts
@@ -85,14 +85,28 @@ const DocumentRouter = {
         group: 'KnowledgeDetail',
         permission: [
           RoleConst.ADMIN,
-          RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
           () => {
             const to: any = get_next_route()
-            return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getKnowledgeWorkspaceResourcePermission(
-              to ? to.params.id : '',
-            )
+            if (to.params.folderId == 'shared') {
+              return RoleConst.ADMIN
+            } else {
+              return RoleConst.WORKSPACE_MANAGE.getWorkspaceRole
+            }
+          },
+          () => {
+            const to: any = get_next_route()
+            if (to.params.folderId == 'shared') {
+              return PermissionConst.SHARED_KNOWLEDGE_CHAT_USER_READ
+            } else {
+              return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getKnowledgeWorkspaceResourcePermission(to ? to.params.id : '',)
+            }
+          },
+          () => {
+            const to: any = get_next_route()
+            if (to.params.folder_id == 'shared') {
+              return RoleConst.ADMIN
+            } else { return PermissionConst.KNOWLEDGE_CHAT_USER_READ.getWorkspacePermissionWorkspaceManageRole }
           },
-          PermissionConst.KNOWLEDGE_CHAT_USER_READ.getWorkspacePermissionWorkspaceManageRole,
         ],
       },
       component: () => import('@/views/chat-user/index.vue'),
diff --git a/ui/src/router/modules/system.ts b/ui/src/router/modules/system.ts
index e1a73b43b..4c4e44bb4 100644
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@@ -60,7 +60,7 @@ const systemRouter = {
           new ComplexPermission(
             [RoleConst.WORKSPACE_MANAGE, RoleConst.ADMIN],
             [PermissionConst.WORKSPACE_WORKSPACE_READ, PermissionConst.WORKSPACE_READ],
-            [EditionConst.IS_EE, EditionConst.IS_PE],
+            [EditionConst.IS_EE],
             'OR',
           ),
         ],
diff --git a/ui/src/views/chat-user/index.vue b/ui/src/views/chat-user/index.vue
index 2be6a7e7b..ccb6b1583 100644
--- a/ui/src/views/chat-user/index.vue
+++ b/ui/src/views/chat-user/index.vue
@@ -42,7 +42,7 @@
               </span>
             </div>
             <el-button type="primary" :disabled="current?.is_auth" @click="handleSave"
-              v-if="hasPermission(permissionObj[(route.meta?.resourceType as string)],'OR')"
+              v-if="hasPermission(permissionObj[route.path.includes('shared')?'SHAREDKNOWLEDGE':(route.meta?.resourceType as string)],'OR')"
             >
               {{ t('common.save') }}
             </el-button>
@@ -57,7 +57,7 @@
                 :placeholder="$t('common.inputPlaceholder')" style="width: 220px" clearable />
             </div>
             <div class="flex align-center"
-              v-if="hasPermission(permissionObj[(route.meta?.resourceType as string)],'OR')"
+              v-if="hasPermission(permissionObj[route.path.includes('shared')?'SHAREDKNOWLEDGE':(route.meta?.resourceType as string)],'OR')"
             >
               <div class="color-secondary mr-8">{{ $t('views.chatUser.autoAuthorization') }}</div>
               <el-switch size="small" :model-value="current?.is_auth" @click="changeAuth"
@@ -108,6 +108,7 @@
 <script lang="ts" setup>
 import { onMounted, ref, watch, reactive, computed } from 'vue'
 import ChatUserApi from '@/api/chat-user/chat-user'
+import SharedChatUserApi from "@/api/system-shared/knowledge-chat-user"
 import { t } from '@/locales'
 import type { ChatUserGroupItem, ChatUserGroupUserItem } from '@/api/type/workspaceChatUser'
 import { useRoute } from 'vue-router'
@@ -132,7 +133,7 @@ const permissionPrecise = computed(() => {
 const {
   params: { id },
 } = route as any
-
+ 
 const permissionObj=ref<any>({
   "APPLICATION": new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
                 [PermissionConst.APPLICATION_CHAT_USER_EDIT, 
@@ -140,6 +141,7 @@ const permissionObj=ref<any>({
   "KNOWLEDGE": new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
                 [PermissionConst.KNOWLEDGE_CHAT_USER_EDIT, 
                 PermissionConst.KNOWLEDGE_CHAT_USER_EDIT.getKnowledgeWorkspaceResourcePermission(id)],[],'OR'),
+  "SHAREDKNOWLEDGE": new ComplexPermission([RoleConst.ADMIN],[PermissionConst.SHARED_KNOWLEDGE_CHAT_USER_EDIT],[],'OR')
 })
 
 const resource = reactive({ resource_id: route.params.id as string, resource_type: route.meta.resourceType as string })
@@ -149,10 +151,17 @@ const loading = ref(false)
 const list = ref<ChatUserGroupItem[]>([])
 const filterList = ref<ChatUserGroupItem[]>([]) // 搜索过滤后列表
 const current = ref<ChatUserGroupItem>()
+const chatUserAuthAPI=computed(()=>{
+  if(route.path.includes('shared')){
+    return SharedChatUserApi
+  }else{
+    return ChatUserApi
+  }
+})
 
 async function getUserGroupList() {
   try {
-    const res = await ChatUserApi.getUserGroupList(resource, loading)
+    const res = await chatUserAuthAPI.value.getUserGroupList(resource, loading)
     list.value = res.data
     filterList.value = filter(list.value, filterText.value)
   } catch (error) {
@@ -185,7 +194,7 @@ function clickUserGroup(item: ChatUserGroupItem) {
 async function changeAuth() {
   const params = [{ user_group_id: current.value?.id as string, is_auth: !current.value?.is_auth }]
   try {
-    await ChatUserApi.editUserGroupList(resource, params, loading)
+    await chatUserAuthAPI.value.editUserGroupList(resource, params, loading)
     await getUserGroupList()
     current.value = { name: current.value?.name as string, id: current.value?.id as string, is_auth: !current.value?.is_auth }
     getList()
@@ -211,7 +220,7 @@ const tableData = ref<ChatUserGroupUserItem[]>([])
 async function getList() {
   if (!current.value?.id) return
   try {
-    const res = await ChatUserApi.getUserGroupUserList(resource, current.value?.id, paginationConfig, searchForm.value.name, rightLoading)
+    const res = await chatUserAuthAPI.value.getUserGroupUserList(resource, current.value?.id, paginationConfig, searchForm.value.name, rightLoading)
     tableData.value = res.data.records
     paginationConfig.total = res.data.total
   } catch (error) {
@@ -249,7 +258,7 @@ const handleRowChange = (value: boolean, row: ChatUserGroupUserItem) => {
 async function handleSave() {
   try {
     const params = tableData.value.map(item => ({ chat_user_id: item.id, is_auth: item.is_auth }))
-    await ChatUserApi.putUserGroupUser(resource, current.value?.id as string, params, rightLoading)
+    await chatUserAuthAPI.value.putUserGroupUser(resource, current.value?.id as string, params, rightLoading)
     MsgSuccess(t('common.saveSuccess'))
   } catch (error) {
     console.error(error)
diff --git a/ui/src/views/tool/ToolFormDrawer.vue b/ui/src/views/tool/ToolFormDrawer.vue
index 67ec313b2..5ab795b91 100644
--- a/ui/src/views/tool/ToolFormDrawer.vue
+++ b/ui/src/views/tool/ToolFormDrawer.vue
@@ -231,7 +231,7 @@
     <template #footer>
       <div>
         <el-button :loading="loading" @click="visible = false">{{ $t('common.cancel') }}</el-button>
-        <el-button :loading="loading" @click="openDebug" v-if="permissionPrecise.debug(id)">{{
+        <el-button :loading="loading" @click="openDebug" v-if="permissionPrecise.debug(form?.id||'or')">{{
           $t('common.debug')
         }}</el-button>
         <el-button type="primary" @click="submit(FormRef)" :loading="loading">
@@ -265,9 +265,6 @@ import permissionMap from '@/permission'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api'
 
 const route = useRoute()
-const {
-  params: { id, folderId }, // id为knowledgeID
-} = route as any
 
 const props = defineProps({
   title: String,