diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
index 473416e79..a74f207cd 100644
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@@ -516,6 +516,10 @@ class PermissionConstants(Enum):
         group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.READ,
         role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
     )
+    WORKSPACE_USER_RESOURCE_PERMISSION_EDIT = Permission(
+        group=Group.WORKSPACE_USER_RESOURCE_PERMISSION, operate=Operate.EDIT,
+        role_list=[RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE]
+    )
     EMAIL_SETTING_READ = Permission(
         group=Group.EMAIL_SETTING, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SYSTEM_SETTING]
diff --git a/apps/system_manage/views/user_resource_permission.py b/apps/system_manage/views/user_resource_permission.py
index 088d1e532..86f2b5380 100644
--- a/apps/system_manage/views/user_resource_permission.py
+++ b/apps/system_manage/views/user_resource_permission.py
@@ -15,7 +15,7 @@ from rest_framework.views import APIView
 from common import result
 from common.auth import TokenAuth
 from common.auth.authentication import has_permissions
-from common.constants.permission_constants import PermissionConstants
+from common.constants.permission_constants import PermissionConstants, RoleConstants
 from common.log.log import log
 from common.result import DefaultResultSerializer
 from system_manage.api.user_resource_permission import UserResourcePermissionAPI, EditUserResourcePermissionAPI
@@ -31,6 +31,7 @@ def get_user_operation_object(user_id):
         }
     return {}
 
+
 class WorkSpaceUserResourcePermissionView(APIView):
     authentication_classes = [TokenAuth]
 
@@ -42,7 +43,8 @@ class WorkSpaceUserResourcePermissionView(APIView):
         responses=UserResourcePermissionAPI.get_response(),
         tags=[_('Resources authorization')]  # type: ignore
     )
-    @has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_READ.get_workspace_permission())
+    @has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_READ.get_workspace_permission(),
+                     RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
     def get(self, request: Request, workspace_id: str, user_id: str):
         return result.success(UserResourcePermissionSerializer(
             data={'workspace_id': workspace_id, 'user_id': user_id}
@@ -60,6 +62,8 @@ class WorkSpaceUserResourcePermissionView(APIView):
     @log(menu='System', operate='Modify the resource authorization list',
          get_operation_object=lambda r, k: get_user_operation_object(k.get('user_id'))
          )
+    @has_permissions(PermissionConstants.WORKSPACE_USER_RESOURCE_PERMISSION_EDIT.get_workspace_permission(),
+                     RoleConstants.ADMIN, RoleConstants.WORKSPACE_MANAGE.get_workspace_role())
     def put(self, request: Request, workspace_id: str, user_id: str):
         return result.success(UserResourcePermissionSerializer(
             data={'workspace_id': workspace_id, 'user_id': user_id}