diff --git a/internal/biz/enum/const.go b/internal/biz/enum/const.go
index 2bd2aa94..e373a14c 100644
--- a/internal/biz/enum/const.go
+++ b/internal/biz/enum/const.go
@@ -2,43 +2,25 @@ package enum
 
 import "time"
 
-const CreateUser = "create_user"
-const UpdateUser = "update_user"
-const DeleteUser = "delete_user"
-const GetUser = "get_user"
-const SearchUser = "search_user"
+var UserRead = []string{"user::read"}
+var UserAll = []string{"user::read", "user::write"}
 
-const CreateRole = "create_role"
-const UpdateRole = "update_role"
-const DeleteRole = "delete_role"
-const GetRole = "get_role"
-const SearchRole = "search_role"
-const ListPermission = "list_permission"
+var RoleRead = []string{"role::read"}
+var RoleAll = []string{"role::read", "role::write"}
 
-const CreateRule = "create_rule"
-const UpdateRule = "update_rule"
-const DeleteRule = "delete_rule"
-const GetRule = "get_rule"
-const SearchRule = "search_rule"
+//const RuleRead = "rule::read"
+//const RuleAll = "rule::all"
+//
+//const InstanceRead = "instance::read"
+//const InstanceAll = "instance::all"
 
-const CreateInstance = "create_instance"
-const UpdateInstance = "update_instance"
-const DeleteInstance = "delete_instance"
-const GetInstance = "get_instance"
-const SearchInstance = "search_instance"
-const GetInstanceStatus = "get_instance_status"
-const ConnectInstance = "connect_instance"
-const InstanceProxy = "instance_proxy"
-
-var All = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole,
-	SearchRole, ListPermission, CreateRule, UpdateRule, DeleteRule, GetRule, SearchRule, CreateInstance, UpdateInstance, DeleteInstance,
-	GetInstance, SearchInstance, GetInstanceStatus, ConnectInstance, InstanceProxy}
-
-var Admin = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser, CreateRole, UpdateRole, DeleteRole, GetRole, SearchRole, ListPermission}
-var AdminUser = []string{CreateUser, UpdateUser, DeleteUser, GetUser, SearchUser}
+var Admin []string
 var BuildRoles = make(map[string]map[string]interface{}, 0)
+var Permission = make(map[string][]string)
 
 func init() {
+	Admin = append(Admin, UserAll...)
+	Admin = append(Admin, RoleAll...)
 	BuildRoles["admin"] = map[string]interface{}{
 		"id":          "admin",
 		"name":        "admin",
@@ -47,39 +29,14 @@ func init() {
 		"description": "is admin",
 		"created":     time.Now(),
 	}
-}
+	//自定义角色=》内置角色 =》权限列表
+	// userrole=> cluster；read =>  permissionList
+	// login=> userrole=> cluster:read =>permissionList
+	// search require = (search)
+	//Permission = map[string][]string{
+	//
+	//	UserRead : {UserRead},
+	//	UserAll: {UserRead, UserWrite},
+	//}
 
-// BuildRoles["admin"] = {
-//	"id":"admin",
-//	"name":"admin",
-//}
-//{
-//	"name":"admin",
-//	"id":"admin",
-//
-//},{
-//
-//}
-//	{
-//		"name": "admin",
-//		Name:        "admin",
-//		Description: "管理员",
-//		RoleType:    "console",
-//		Permission: rbac.ConsolePermission{
-//			ApiPermission: Admin,
-//		},
-//		BuiltIn: true,
-//	},
-//	{
-//		ORMObjectBase: orm.ORMObjectBase{
-//			ID: "admin_user",
-//		},
-//		Name:        "admin_user",
-//		Description: "用户模块管理员",
-//		RoleType:    "console",
-//		Permission: rbac.ConsolePermission{
-//			ApiPermission: AdminUser,
-//		},
-//		BuiltIn: true,
-//	},
-//}
+}
diff --git a/internal/biz/permission.go b/internal/biz/permission.go
index ec1b3c00..4f75967d 100644
--- a/internal/biz/permission.go
+++ b/internal/biz/permission.go
@@ -1,17 +1,12 @@
 package biz
 
-import (
-	"infini.sh/console/internal/biz/enum"
-)
-
 var ClusterApis = make(map[string][]string)
 var IndexApis = make([]string, 0)
 
 var RolePermission = make(map[string][]string)
 
 type ConsolePermisson struct {
-	Api  []string `json:"api"`
-	Menu []Menu   `json:"menu"`
+	Menu []Menu `json:"menu"`
 }
 type Menu struct {
 	Id        string   `json:"id"`
@@ -21,32 +16,24 @@ type Menu struct {
 }
 
 func (role ConsoleRole) ListPermission() interface{} {
-	menu := []Menu{
+	menu := []Menu{{
+		Id:        "cluster",
+		Name:      "平台管理",
+		Privilege: []string{"none", "read", "all"},
+	},
 		{
-			Id:   "cluster",
-			Name: "平台管理",
-			Children: []Menu{
-				{
-					Id:        "cluster_overview",
-					Name:      "平台概览",
-					Privilege: []string{"none", "write", "read"},
-				},
-				{
-
-					Id:        "cluster_elasticsearch",
-					Name:      "集群监控",
-					Privilege: []string{"none", "write", "read"},
-				}, {
-
-					Id:        "cluster_activities",
-					Name:      "集群动态",
-					Privilege: []string{"none", "write", "read"},
-				},
-			},
+			Id:        "role",
+			Name:      "角色管理",
+			Privilege: []string{"none", "read", "all"},
+		},
+		{
+			Id:        "user",
+			Name:      "用户管理",
+			Privilege: []string{"none", "read", "all"},
 		},
 	}
 	p := ConsolePermisson{
-		Api:  enum.All,
+
 		Menu: menu,
 	}
 
diff --git a/plugin/api/rbac/init.go b/plugin/api/rbac/init.go
index e87880f5..d1f9ba5f 100644
--- a/plugin/api/rbac/init.go
+++ b/plugin/api/rbac/init.go
@@ -17,19 +17,19 @@ type Rbac struct {
 
 func registerRouter() {
 	r := Rbac{}
-	api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.ListPermission))
-	api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.CreateRole))
-	api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.GetRole))
-	api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.DeleteRole))
-	api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.UpdateRole))
-	api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.SearchRole))
+	api.HandleAPIMethod(api.GET, "/permission/:type", m.PermissionRequired(r.ListPermission, enum.RoleRead...))
+	api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...))
+	api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...))
+	api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...))
+	api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.RoleAll...))
+	api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.RoleRead...))
 
-	api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.CreateUser))
-	api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.GetUser))
-	api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.DeleteUser))
-	api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UpdateUser))
-	api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UpdateUser))
-	api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.SearchUser))
+	api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.UserAll...))
+	api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.UserRead...))
+	api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.UserAll...))
+	api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...))
+	api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...))
+	api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...))
 
 }