diff --git a/packages/base/src/App.test.tsx b/packages/base/src/App.test.tsx
index b01430f44..8b27be1d1 100644
--- a/packages/base/src/App.test.tsx
+++ b/packages/base/src/App.test.tsx
@@ -297,8 +297,7 @@ describe('App', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.auditAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.auditAdministrator]: false
       }
     });
     baseSuperRender(<App />);
diff --git a/packages/base/src/components/SystemRoleTagList/__tests__/index.test.tsx b/packages/base/src/components/SystemRoleTagList/__tests__/index.test.tsx
index dec67983d..8f4a89684 100644
--- a/packages/base/src/components/SystemRoleTagList/__tests__/index.test.tsx
+++ b/packages/base/src/components/SystemRoleTagList/__tests__/index.test.tsx
@@ -16,10 +16,6 @@ describe('PermissionTagList', () => {
 
   it('should render permission tags with correct colors', () => {
     const roles = [
-      {
-        uid: OpPermissionTypeUid.project_director,
-        name: '项目总监'
-      },
       {
         uid: OpPermissionTypeUid.audit_administrator,
         name: '审计管理员'
@@ -36,7 +32,6 @@ describe('PermissionTagList', () => {
 
     superRender(<SystemRoleTagList roles={roles} />);
 
-    expect(screen.getByText('项目总监')).toBeInTheDocument();
     expect(screen.getByText('审计管理员')).toBeInTheDocument();
     expect(screen.getByText('系统管理员')).toBeInTheDocument();
     expect(screen.getByText('创建工单')).toBeInTheDocument();
diff --git a/packages/base/src/components/SystemRoleTagList/index.tsx b/packages/base/src/components/SystemRoleTagList/index.tsx
index 62c75f8a9..e38f6c243 100644
--- a/packages/base/src/components/SystemRoleTagList/index.tsx
+++ b/packages/base/src/components/SystemRoleTagList/index.tsx
@@ -17,8 +17,6 @@ const SystemRoleTagList: React.FC<SystemRoleTagListProps> = ({
   }
   const getPermissionTagColor = (uid: string): BasicTagProps['color'] => {
     switch (uid) {
-      case OpPermissionTypeUid.project_director:
-        return 'orange';
       case OpPermissionTypeUid.audit_administrator:
         return 'blue';
       case OpPermissionTypeUid.system_administrator:
diff --git a/packages/base/src/locale/en-US/dmsUserCenter.ts b/packages/base/src/locale/en-US/dmsUserCenter.ts
index 87c969a9a..54173680b 100644
--- a/packages/base/src/locale/en-US/dmsUserCenter.ts
+++ b/packages/base/src/locale/en-US/dmsUserCenter.ts
@@ -28,7 +28,10 @@ export default {
       opPermissions: 'Platform management permissions',
       isDisabled: 'Disabled',
       disabledTips:
-        'When the user is disabled, the user will not be able to log in'
+        'When the user is disabled, the user will not be able to log in',
+      businessWritePermission: 'Business write permission',
+      businessWritePermissionDesc:
+        'When disabled, this account retains only resource configuration and read-only access, and will no longer participate in business writes or notifications.'
     },
     createUser: {
       createSuccessTips: 'Add user "{{name}}" successfully'
diff --git a/packages/base/src/locale/zh-CN/dmsUserCenter.ts b/packages/base/src/locale/zh-CN/dmsUserCenter.ts
index 26fddd512..7e1c655bf 100644
--- a/packages/base/src/locale/zh-CN/dmsUserCenter.ts
+++ b/packages/base/src/locale/zh-CN/dmsUserCenter.ts
@@ -32,7 +32,10 @@ export default {
       userGroups: '所属用户组',
       opPermissions: '平台角色',
       isDisabled: '是否禁用',
-      disabledTips: '当用户被禁用，该用户将无法登录'
+      disabledTips: '当用户被禁用，该用户将无法登录',
+      businessWritePermission: '业务写权',
+      businessWritePermissionDesc:
+        '关闭后该账号仅保留资源配置与业务只读能力，不再参与业务写入与通知。'
     },
     createUser: {
       createSuccessTips: '添加用户 "{{name}}" 成功'
diff --git a/packages/base/src/page/CloudBeaver/List/index.test.tsx b/packages/base/src/page/CloudBeaver/List/index.test.tsx
index d4dedacf0..79f837506 100644
--- a/packages/base/src/page/CloudBeaver/List/index.test.tsx
+++ b/packages/base/src/page/CloudBeaver/List/index.test.tsx
@@ -250,8 +250,7 @@ describe('test base/CloudBeaver/List', () => {
           [SystemRole.admin]: false,
           [SystemRole.certainProjectManager]: false,
           [SystemRole.auditAdministrator]: false,
-          [SystemRole.systemAdministrator]: false,
-          [SystemRole.projectDirector]: false
+          [SystemRole.systemAdministrator]: false
         },
         bindProjects: [
           {
diff --git a/packages/base/src/page/CloudBeaver/index.ce.test.tsx b/packages/base/src/page/CloudBeaver/index.ce.test.tsx
index 3439aabde..7b6dce21c 100644
--- a/packages/base/src/page/CloudBeaver/index.ce.test.tsx
+++ b/packages/base/src/page/CloudBeaver/index.ce.test.tsx
@@ -8,12 +8,22 @@ import { createSpySuccessResponse } from '@actiontech/shared/lib/testUtil/mockAp
 import { enableSqlQueryUrlData } from '@actiontech/shared/lib/testUtil/mockApi/base/cloudBeaver/data';
 import { baseSuperRender } from '../../testUtils/superRender';
 import { OPEN_CLOUD_BEAVER_URL_PARAM_NAME } from '@actiontech/dms-kit';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil';
 
 describe('test base/page/CloudBeaver', () => {
   let getSqlQueryUrlSpy: jest.SpyInstance;
   beforeEach(() => {
     jest.useFakeTimers();
     getSqlQueryUrlSpy = cloudBeaver.getSqlQueryUrl();
+    mockUsePermission(
+      {
+        checkActionDisabledByBWP: jest.fn().mockReturnValue(false),
+        checkActionPermission: jest.fn().mockReturnValue(true)
+      },
+      {
+        useSpyOnMockHooks: true
+      }
+    );
   });
 
   afterEach(() => {
diff --git a/packages/base/src/page/CloudBeaver/index.test.tsx b/packages/base/src/page/CloudBeaver/index.test.tsx
index c56baccfa..07d26b1ab 100644
--- a/packages/base/src/page/CloudBeaver/index.test.tsx
+++ b/packages/base/src/page/CloudBeaver/index.test.tsx
@@ -12,6 +12,7 @@ import dbServices from '@actiontech/shared/lib/testUtil/mockApi/base/dbServices'
 import { useDispatch, useSelector } from 'react-redux';
 import { driverMeta } from 'sqle/src/hooks/useDatabaseType/index.test.data';
 import { OPEN_CLOUD_BEAVER_URL_PARAM_NAME } from '@actiontech/dms-kit';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
 
 jest.mock('react-redux', () => {
   return {
@@ -138,4 +139,143 @@ describe('test base/page/CloudBeaver', () => {
 
     expect(window.location.href).toBe(enableSqlQueryUrlData.sql_query_root_uri);
   });
+
+  it('should disable jump to cloud beaver button when business write permission is off', async () => {
+    mockUseCurrentUser({
+      businessWritePermission: false
+    });
+
+    getSqlQueryUrlSpy.mockImplementation(() =>
+      createSpySuccessResponse({
+        data: enableSqlQueryUrlData
+      })
+    );
+
+    superRender(<CloudBeaver />);
+
+    await act(async () => jest.advanceTimersByTime(3000));
+
+    const button = screen.getByText('打开SQL工作台').closest('button');
+    expect(button).toBeDisabled();
+  });
+
+  it('should not auto redirect when business write permission is off', async () => {
+    const savedHref = window.location.href;
+    window.location.href = '';
+
+    mockUseCurrentUser({
+      businessWritePermission: false
+    });
+
+    getSqlQueryUrlSpy.mockImplementation(() =>
+      createSpySuccessResponse({
+        data: enableSqlQueryUrlData
+      })
+    );
+
+    superRender(<CloudBeaver />, undefined, {
+      routerProps: {
+        initialEntries: [
+          `/cloudBeaver?${OPEN_CLOUD_BEAVER_URL_PARAM_NAME}=true`
+        ]
+      }
+    });
+
+    await act(async () => jest.advanceTimersByTime(3000));
+
+    expect(window.location.href).not.toBe(
+      enableSqlQueryUrlData.sql_query_root_uri
+    );
+
+    window.location.href = savedHref;
+  });
+
+  describe('usePermission OPEN_CLOUD_BEAVER', () => {
+    let usePermissionSpy: jest.SpyInstance | undefined;
+
+    afterEach(() => {
+      usePermissionSpy?.mockRestore();
+      usePermissionSpy = undefined;
+    });
+
+    it('should hide jump button in header when checkActionPermission returns false', async () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(false),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(false)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      getSqlQueryUrlSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: enableSqlQueryUrlData
+        })
+      );
+
+      superRender(<CloudBeaver />);
+
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      expect(screen.queryByText('打开SQL工作台')).not.toBeInTheDocument();
+    });
+
+    it('should render disabled jump button when checkActionDisabledByBWP returns true', async () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(true),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(true)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      getSqlQueryUrlSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: enableSqlQueryUrlData
+        })
+      );
+
+      superRender(<CloudBeaver />);
+
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      const button = screen.getByText('打开SQL工作台').closest('button');
+      expect(button).toBeDisabled();
+    });
+
+    it('should not auto redirect when checkActionDisabledByBWP returns true', async () => {
+      const savedHref = window.location.href;
+      window.location.href = '';
+
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(true),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(true)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      getSqlQueryUrlSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: enableSqlQueryUrlData
+        })
+      );
+
+      superRender(<CloudBeaver />, undefined, {
+        routerProps: {
+          initialEntries: [
+            `/cloudBeaver?${OPEN_CLOUD_BEAVER_URL_PARAM_NAME}=true`
+          ]
+        }
+      });
+
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      expect(window.location.href).not.toBe(
+        enableSqlQueryUrlData.sql_query_root_uri
+      );
+
+      window.location.href = savedHref;
+    });
+  });
 });
diff --git a/packages/base/src/page/CloudBeaver/index.tsx b/packages/base/src/page/CloudBeaver/index.tsx
index c6219bec8..e33154cb3 100644
--- a/packages/base/src/page/CloudBeaver/index.tsx
+++ b/packages/base/src/page/CloudBeaver/index.tsx
@@ -17,10 +17,19 @@ import {
 import CBOperationLogsList from './List/index';
 import { DownOutlined } from '@ant-design/icons';
 import { EnterpriseFeatureDisplay, useTypedQuery } from '@actiontech/shared';
+import { usePermission, PERMISSIONS } from '@actiontech/shared/lib/features';
 
 const CloudBeaver = () => {
   const { t } = useTranslation();
   const extractQueries = useTypedQuery();
+  const { checkActionDisabledByBWP, checkActionPermission } = usePermission();
+
+  const isBusinessWriteDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.OPEN_CLOUD_BEAVER
+  );
+  const allowOpenCloudBeaver = checkActionPermission(
+    PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.OPEN_CLOUD_BEAVER
+  );
   const [getOperationLogsLoading, setGetOperationLogsLoading] = useState(false);
 
   const {
@@ -47,7 +56,8 @@ const CloudBeaver = () => {
       extractQueries(ROUTE_PATHS.BASE.CLOUD_BEAVER.index)?.open_cloud_beaver ===
         String(true) &&
       !loading &&
-      data
+      data &&
+      !isBusinessWriteDisabled
     ) {
       let url = '';
 
@@ -61,9 +71,17 @@ const CloudBeaver = () => {
         window.location.href = url;
       }
     }
-  }, [extractQueries, loading, data]);
+  }, [extractQueries, loading, data, isBusinessWriteDisabled]);
 
   const renderActionButton = useMemo(() => {
+    if (isBusinessWriteDisabled) {
+      return (
+        <BasicButton disabled>
+          {t('dmsCloudBeaver.jumpToCloudBeaver')}
+        </BasicButton>
+      );
+    }
+
     if (loading) {
       return (
         <BasicButton loading type="primary">
@@ -126,7 +144,7 @@ const CloudBeaver = () => {
         </BasicButton>
       </Dropdown>
     );
-  }, [data, loading, t, handleMenuClick]);
+  }, [data, loading, t, handleMenuClick, isBusinessWriteDisabled]);
 
   // Determine if the main content should be displayed
   const isFeatureEnabled = useMemo(() => {
@@ -139,7 +157,11 @@ const CloudBeaver = () => {
     <>
       <PageHeader
         title={t('dmsCloudBeaver.pageTitle')}
-        extra={<EmptyBox if={!loading}>{renderActionButton}</EmptyBox>}
+        extra={
+          <EmptyBox if={!loading && allowOpenCloudBeaver}>
+            {renderActionButton}
+          </EmptyBox>
+        }
       />
       <Spin spinning={getOperationLogsLoading || loading}>
         <EmptyBox if={!isFeatureEnabled && !loading}>
diff --git a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/index.test.tsx b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/index.test.tsx
index 521c3bf14..8a4862b42 100644
--- a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/index.test.tsx
+++ b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/index.test.tsx
@@ -10,6 +10,7 @@ import {
   mockUseDataExportDetailReduxManage
 } from '../../../testUtils/mockUseDataExportDetailReduxManage';
 import { fireEvent, screen } from '@testing-library/react';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
 
 describe('test base/DataExport/Detail/PageHeaderAction', () => {
   beforeEach(() => {
@@ -76,4 +77,51 @@ describe('test base/DataExport/Detail/PageHeaderAction', () => {
       mockActionButtonStateData.executeExportButtonMeta.action
     ).toHaveBeenCalledTimes(1);
   });
+
+  describe('PermissionControl / usePermission', () => {
+    let usePermissionSpy: jest.SpyInstance | undefined;
+
+    afterEach(() => {
+      usePermissionSpy?.mockRestore();
+      usePermissionSpy = undefined;
+    });
+
+    it('should hide workflow action buttons when checkActionPermission returns false', () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(false),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(false)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      baseSuperRender(<ExportDetailPageHeaderAction />);
+
+      expect(screen.queryByText('关闭工单')).not.toBeInTheDocument();
+      expect(screen.queryByText('审核通过')).not.toBeInTheDocument();
+      expect(screen.queryByText('审核驳回')).not.toBeInTheDocument();
+      expect(screen.queryByText('执行导出')).not.toBeInTheDocument();
+      expect(screen.getByText('工单详情')).toBeInTheDocument();
+    });
+
+    it('should render approve button as disabled when workflow meta has disabled true', () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(true),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(false)
+        },
+        { useSpyOnMockHooks: true }
+      );
+      mockUseActionButtonState({
+        approveWorkflowButtonMeta: {
+          ...mockActionButtonStateData.approveWorkflowButtonMeta,
+          disabled: true
+        }
+      });
+
+      baseSuperRender(<ExportDetailPageHeaderAction />);
+
+      expect(screen.getByText('审核通过').closest('button')).toBeDisabled();
+    });
+  });
 });
diff --git a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/useActionButtonState.test.tsx b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/useActionButtonState.test.tsx
index 3745d2f62..59aae8c24 100644
--- a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/useActionButtonState.test.tsx
+++ b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/__tests__/useActionButtonState.test.tsx
@@ -12,6 +12,8 @@ import {
 import { IGetDataExportWorkflow } from '@actiontech/shared/lib/api/base/service/common';
 import { GetDataExportWorkflowResponseData } from '@actiontech/shared/lib/testUtil/mockApi/base/dataExport/data';
 import { WorkflowRecordStatusEnum } from '@actiontech/shared/lib/api/base/service/common.enum';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
 
 const notExistCurrentStepWorkflowInfo: IGetDataExportWorkflow = {
   ...GetDataExportWorkflowResponseData,
@@ -64,7 +66,17 @@ describe('test useActionButtonState', () => {
     destroy: jest.fn()
   };
 
+  let checkActionDisabledByBWPMock: jest.Mock;
+  let usePermissionSpy: jest.SpyInstance | undefined;
+
   beforeEach(() => {
+    checkActionDisabledByBWPMock = jest.fn().mockReturnValue(false);
+    usePermissionSpy = mockUsePermission(
+      {
+        checkActionDisabledByBWP: checkActionDisabledByBWPMock
+      },
+      { useSpyOnMockHooks: true }
+    );
     mockUseCurrentUser({
       userId: '700200'
     });
@@ -72,6 +84,8 @@ describe('test useActionButtonState', () => {
     mockUseDataExportDetailReduxManage();
   });
   afterEach(() => {
+    usePermissionSpy?.mockRestore();
+    usePermissionSpy = undefined;
     jest.clearAllMocks();
     jest.clearAllTimers();
   });
@@ -247,4 +261,57 @@ describe('test useActionButtonState', () => {
       workflowID
     );
   });
+
+  it('should set approveWorkflowButtonMeta.disabled when BWP blocks APPROVE permission', () => {
+    checkActionDisabledByBWPMock.mockImplementation(
+      (permission: string) =>
+        permission === PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.APPROVE
+    );
+    mockUseDataExportDetailReduxManage({
+      workflowInfo: waitForApproveStatusWorkflow
+    });
+    const { result } = renderHook(() => useActionButtonState(messageApiSpy));
+    expect(result.current.approveWorkflowButtonMeta.disabled).toBe(true);
+    expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(false);
+    expect(result.current.executeExportButtonMeta.disabled).toBe(false);
+  });
+
+  it('should set rejectWorkflowButtonMeta.disabled when BWP blocks REJECT permission', () => {
+    checkActionDisabledByBWPMock.mockImplementation(
+      (permission: string) =>
+        permission === PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT
+    );
+    mockUseDataExportDetailReduxManage({
+      workflowInfo: waitForApproveStatusWorkflow
+    });
+    const { result } = renderHook(() => useActionButtonState(messageApiSpy));
+    expect(result.current.approveWorkflowButtonMeta.disabled).toBe(false);
+    expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(true);
+    expect(result.current.executeExportButtonMeta.disabled).toBe(false);
+  });
+
+  it('should set executeExportButtonMeta.disabled when BWP blocks EXECUTE permission', () => {
+    checkActionDisabledByBWPMock.mockImplementation(
+      (permission: string) =>
+        permission === PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.EXECUTE
+    );
+    mockUseDataExportDetailReduxManage({
+      workflowInfo: waitForExportStatusWorkflow
+    });
+    const { result } = renderHook(() => useActionButtonState(messageApiSpy));
+    expect(result.current.approveWorkflowButtonMeta.disabled).toBe(false);
+    expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(false);
+    expect(result.current.executeExportButtonMeta.disabled).toBe(true);
+  });
+
+  it('should set disabled on approve, reject and execute metas when checkActionDisabledByBWP always returns true', () => {
+    checkActionDisabledByBWPMock.mockReturnValue(true);
+    mockUseDataExportDetailReduxManage({
+      workflowInfo: waitForApproveStatusWorkflow
+    });
+    const { result } = renderHook(() => useActionButtonState(messageApiSpy));
+    expect(result.current.approveWorkflowButtonMeta.disabled).toBe(true);
+    expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(true);
+    expect(result.current.executeExportButtonMeta.disabled).toBe(true);
+  });
 });
diff --git a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/actions.tsx b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/actions.tsx
index 36cd5e51f..c1ebb3e2a 100644
--- a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/actions.tsx
+++ b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/actions.tsx
@@ -27,10 +27,14 @@ export const CloseWorkflowAction = (closeWorkflowButtonMeta: ActionMeta) => {
 };
 export const RejectWorkflowAction = (rejectWorkflowButtonMeta: ActionMeta) => {
   return (
-    <PermissionControl permission={PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT}>
+    <PermissionControl
+      permission={PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT}
+      skipBWPCheck
+    >
       <ActionButton
         text={t('dmsDataExport.detail.action.reject.text')}
         hidden={rejectWorkflowButtonMeta.hidden}
+        disabled={rejectWorkflowButtonMeta.disabled}
         onClick={rejectWorkflowButtonMeta.action}
       />
     </PermissionControl>
@@ -42,10 +46,12 @@ export const ApproveWorkflowAction = (
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.APPROVE}
+      skipBWPCheck
     >
       <ActionButton
         text={t('dmsDataExport.detail.action.approve.text')}
         hidden={approveWorkflowButtonMeta.hidden}
+        disabled={approveWorkflowButtonMeta.disabled}
         onClick={approveWorkflowButtonMeta.action}
         loading={approveWorkflowButtonMeta.loading}
         type="primary"
@@ -57,10 +63,13 @@ export const ExecuteWorkflowAction = (executeExportButtonMeta: ActionMeta) => {
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.EXECUTE}
+      skipBWPCheck
     >
       <ActionButton
         text={t('dmsDataExport.detail.action.execute.text')}
-        disabled={executeExportButtonMeta.loading}
+        disabled={
+          executeExportButtonMeta.loading || executeExportButtonMeta.disabled
+        }
         loading={executeExportButtonMeta.loading}
         type="primary"
         actionType="confirm"
diff --git a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/index.type.ts b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/index.type.ts
index a443da811..5134abf02 100644
--- a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/index.type.ts
+++ b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/index.type.ts
@@ -2,4 +2,5 @@ export type ActionMeta = {
   action: () => void;
   loading: boolean;
   hidden: boolean;
+  disabled?: boolean;
 };
diff --git a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/useActionButtonState.ts b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/useActionButtonState.ts
index 7ff2d839b..59032523e 100644
--- a/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/useActionButtonState.ts
+++ b/packages/base/src/page/DataExportManagement/Detail/components/PageHeaderAction/useActionButtonState.ts
@@ -2,7 +2,11 @@ import useDataExportDetailReduxManage from '../../hooks/index.redux';
 import useExportDetailAction from '../../hooks/useExportDetailAction';
 import { useMemo } from 'react';
 import { WorkflowRecordStatusEnum } from '@actiontech/shared/lib/api/base/service/common.enum';
-import { useCurrentUser } from '@actiontech/shared/lib/features';
+import {
+  useCurrentUser,
+  usePermission,
+  PERMISSIONS
+} from '@actiontech/shared/lib/features';
 import { MessageInstance } from 'antd/es/message/interface';
 import { ActionMeta } from './index.type';
 
@@ -13,6 +17,16 @@ const useActionButtonState: (messageApi: MessageInstance) => {
   executeExportButtonMeta: ActionMeta;
 } = (messageApi) => {
   const { userId } = useCurrentUser();
+  const { checkActionDisabledByBWP } = usePermission();
+  const isExportApproveBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.APPROVE
+  );
+  const isExportRejectBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT
+  );
+  const isExportExecuteBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.EXECUTE
+  );
   const { workflowInfo, updateWorkflowRejectOpen } =
     useDataExportDetailReduxManage();
 
@@ -95,17 +109,20 @@ const useActionButtonState: (messageApi: MessageInstance) => {
     approveWorkflowButtonMeta: {
       action: () => approveWorkflow(workflowID),
       hidden: !approveWorkflowButtonVisibility,
-      loading: approveWorkflowLoading
+      loading: approveWorkflowLoading,
+      disabled: isExportApproveBWPDisabled
     },
     rejectWorkflowButtonMeta: {
       action: () => updateWorkflowRejectOpen(true),
       hidden: !rejectWorkflowButtonVisibility,
-      loading: false
+      loading: false,
+      disabled: isExportRejectBWPDisabled
     },
     executeExportButtonMeta: {
       action: () => executeExport(workflowID),
       hidden: !executingButtonVisibility,
-      loading: executeExportLoading
+      loading: executeExportLoading,
+      disabled: isExportExecuteBWPDisabled
     }
   };
 };
diff --git a/packages/base/src/page/DataExportManagement/Detail/testUtils/mockUseActionButtonState.ts b/packages/base/src/page/DataExportManagement/Detail/testUtils/mockUseActionButtonState.ts
index 482e2f481..aaf5b0075 100644
--- a/packages/base/src/page/DataExportManagement/Detail/testUtils/mockUseActionButtonState.ts
+++ b/packages/base/src/page/DataExportManagement/Detail/testUtils/mockUseActionButtonState.ts
@@ -4,22 +4,26 @@ export const mockActionButtonStateData = {
   closeWorkflowButtonMeta: {
     action: jest.fn(),
     loading: false,
-    hidden: false
+    hidden: false,
+    disabled: false
   },
   approveWorkflowButtonMeta: {
     action: jest.fn(),
     loading: false,
-    hidden: false
+    hidden: false,
+    disabled: false
   },
   rejectWorkflowButtonMeta: {
     action: jest.fn(),
     loading: false,
-    hidden: false
+    hidden: false,
+    disabled: false
   },
   executeExportButtonMeta: {
     action: jest.fn(),
     loading: false,
-    hidden: false
+    hidden: false,
+    disabled: false
   }
 };
 
diff --git a/packages/base/src/page/Home/DefaultScene/__tests__/index.ce.test.tsx b/packages/base/src/page/Home/DefaultScene/__tests__/index.ce.test.tsx
index b79e0a5f0..0f050adc8 100644
--- a/packages/base/src/page/Home/DefaultScene/__tests__/index.ce.test.tsx
+++ b/packages/base/src/page/Home/DefaultScene/__tests__/index.ce.test.tsx
@@ -20,8 +20,7 @@ describe('test base/home/CEDefaultScene', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.auditAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.auditAdministrator]: false
       }
     });
 
diff --git a/packages/base/src/page/Home/DefaultScene/__tests__/index.test.tsx b/packages/base/src/page/Home/DefaultScene/__tests__/index.test.tsx
index 62407a414..7580f2b4d 100644
--- a/packages/base/src/page/Home/DefaultScene/__tests__/index.test.tsx
+++ b/packages/base/src/page/Home/DefaultScene/__tests__/index.test.tsx
@@ -39,8 +39,7 @@ describe('test base/home/DefaultScene', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.auditAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.auditAdministrator]: false
       }
     });
 
diff --git a/packages/base/src/page/Nav/SideMenu/UserMenu/Modal/CompanyNoticeModal/index.test.tsx b/packages/base/src/page/Nav/SideMenu/UserMenu/Modal/CompanyNoticeModal/index.test.tsx
index 7280f7364..9b370e972 100644
--- a/packages/base/src/page/Nav/SideMenu/UserMenu/Modal/CompanyNoticeModal/index.test.tsx
+++ b/packages/base/src/page/Nav/SideMenu/UserMenu/Modal/CompanyNoticeModal/index.test.tsx
@@ -181,8 +181,7 @@ describe('base/page/Nav/SideMenu/UserMenu/CompanyNoticeModal', () => {
           [SystemRole.admin]: false,
           [SystemRole.systemAdministrator]: false,
           [SystemRole.auditAdministrator]: false,
-          [SystemRole.certainProjectManager]: false,
-          [SystemRole.projectDirector]: false
+          [SystemRole.certainProjectManager]: false
         }
       });
     });
diff --git a/packages/base/src/page/Project/List/index.test.tsx b/packages/base/src/page/Project/List/index.test.tsx
index 185119447..ffb2fc8ae 100644
--- a/packages/base/src/page/Project/List/index.test.tsx
+++ b/packages/base/src/page/Project/List/index.test.tsx
@@ -201,7 +201,6 @@ describe('test base/project/list', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
diff --git a/packages/base/src/page/Project/index.test.tsx b/packages/base/src/page/Project/index.test.tsx
index f42bb4b74..ab1fe7c41 100644
--- a/packages/base/src/page/Project/index.test.tsx
+++ b/packages/base/src/page/Project/index.test.tsx
@@ -78,8 +78,7 @@ describe('test base/page/project', () => {
       userRoles: {
         ...mockCurrentUserReturn.userRoles,
         [SystemRole.admin]: true,
-        [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.systemAdministrator]: false
       }
     });
     baseSuperRender(<Project />);
@@ -102,8 +101,7 @@ describe('test base/page/project', () => {
       userRoles: {
         ...mockCurrentUserReturn.userRoles,
         [SystemRole.admin]: false,
-        [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: true
+        [SystemRole.systemAdministrator]: true
       }
     });
     baseSuperRender(<Project />);
@@ -123,8 +121,7 @@ describe('test base/page/project', () => {
       userRoles: {
         ...mockCurrentUserReturn.userRoles,
         [SystemRole.admin]: false,
-        [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.systemAdministrator]: false
       }
     });
     baseSuperRender(<Project />);
@@ -167,8 +164,7 @@ describe('test base/page/project', () => {
       userRoles: {
         ...mockCurrentUserReturn.userRoles,
         [SystemRole.admin]: true,
-        [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false
+        [SystemRole.systemAdministrator]: false
       }
     });
     baseSuperRender(<Project />);
diff --git a/packages/base/src/page/SyncDataSource/List/index.test.tsx b/packages/base/src/page/SyncDataSource/List/index.test.tsx
index 93c778999..51ca0a27b 100644
--- a/packages/base/src/page/SyncDataSource/List/index.test.tsx
+++ b/packages/base/src/page/SyncDataSource/List/index.test.tsx
@@ -110,7 +110,6 @@ describe('page/SyncDataSource/SyncTaskList', () => {
         [SystemRole.admin]: false,
         [SystemRole.systemAdministrator]: false,
         [SystemRole.auditAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.certainProjectManager]: true
       }
     });
diff --git a/packages/base/src/page/System/LoginConnection/SMSSetting/__tests__/index.test.tsx b/packages/base/src/page/System/LoginConnection/SMSSetting/__tests__/index.test.tsx
index 1642f6d93..c5f090236 100644
--- a/packages/base/src/page/System/LoginConnection/SMSSetting/__tests__/index.test.tsx
+++ b/packages/base/src/page/System/LoginConnection/SMSSetting/__tests__/index.test.tsx
@@ -47,8 +47,7 @@ describe('base/System/GlobalSetting/SMSSetting', () => {
         [SystemRole.admin]: false,
         [SystemRole.systemAdministrator]: false,
         [SystemRole.certainProjectManager]: true,
-        [SystemRole.auditAdministrator]: true,
-        [SystemRole.projectDirector]: true
+        [SystemRole.auditAdministrator]: true
       }
     });
     customRender();
diff --git a/packages/base/src/page/System/PersonalizeSetting/index.test.tsx b/packages/base/src/page/System/PersonalizeSetting/index.test.tsx
index c73f528a7..55dd2c022 100644
--- a/packages/base/src/page/System/PersonalizeSetting/index.test.tsx
+++ b/packages/base/src/page/System/PersonalizeSetting/index.test.tsx
@@ -49,7 +49,6 @@ describe('base/System/PersonalizeSetting', () => {
         [SystemRole.admin]: false,
         [SystemRole.systemAdministrator]: false,
         [SystemRole.auditAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.certainProjectManager]: false
       }
     });
diff --git a/packages/base/src/page/System/ProcessConnection/CodingSetting/__tests__/index.test.tsx b/packages/base/src/page/System/ProcessConnection/CodingSetting/__tests__/index.test.tsx
index 974145d86..7d80c7236 100644
--- a/packages/base/src/page/System/ProcessConnection/CodingSetting/__tests__/index.test.tsx
+++ b/packages/base/src/page/System/ProcessConnection/CodingSetting/__tests__/index.test.tsx
@@ -48,8 +48,7 @@ describe('base/System/ProcessConnection/CodingSetting', () => {
         [SystemRole.admin]: false,
         [SystemRole.systemAdministrator]: false,
         [SystemRole.certainProjectManager]: true,
-        [SystemRole.auditAdministrator]: true,
-        [SystemRole.projectDirector]: true
+        [SystemRole.auditAdministrator]: true
       }
     });
     const { baseElement } = customRender();
diff --git a/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.test.tsx b/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.test.tsx
index c7f4ab071..10c2c049c 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.test.tsx
+++ b/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.test.tsx
@@ -93,7 +93,8 @@ describe('base/UserCenter/Drawer/AddUser', () => {
         phone: '13312341234',
         wxid: 'qwe',
         op_permission_uids: ['700001'],
-        uid: `${currentTime.format('YYYYMMDDHHmmssSSS')}`
+        uid: `${currentTime.format('YYYYMMDDHHmmssSSS')}`,
+        business_write_permission: undefined
       }
     });
     expect(dispatchSpy).toHaveBeenCalledTimes(1);
diff --git a/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.tsx b/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.tsx
index 33ee4a899..a53c7a4fb 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.tsx
+++ b/packages/base/src/page/UserCenter/Drawer/User/AddUser/index.tsx
@@ -11,7 +11,11 @@ import EmitterKey from '../../../../../data/EmitterKey';
 import UserForm from '../UserForm';
 import { IUserFormFields } from '../UserForm/index.type';
 import EventEmitter from '../../../../../utils/EventEmitter';
-import { BasicDrawer, BasicButton } from '@actiontech/dms-kit';
+import {
+  BasicDrawer,
+  BasicButton,
+  OpPermissionTypeUid
+} from '@actiontech/dms-kit';
 import User from '@actiontech/shared/lib/api/base/service/User';
 import dayjs from 'dayjs';
 const AddUser = () => {
@@ -34,6 +38,8 @@ const AddUser = () => {
   }, [dispatch, form]);
   const addUser = useCallback(async () => {
     const values = await form.validateFields();
+    const isRoleSysAdmin =
+      values.opPermissionUid === OpPermissionTypeUid.system_administrator;
     setTrue();
     User.AddUser({
       user: {
@@ -45,7 +51,10 @@ const AddUser = () => {
         op_permission_uids: values.opPermissionUid
           ? [values.opPermissionUid]
           : [],
-        uid: dayjs().format('YYYYMMDDHHmmssSSS')
+        uid: dayjs().format('YYYYMMDDHHmmssSSS'),
+        business_write_permission: isRoleSysAdmin
+          ? !!values.businessWritePermission
+          : undefined
       }
     })
       .then((res) => {
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/__snapshots__/index.test.tsx.snap b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/__snapshots__/index.test.tsx.snap
index 9d95e5098..55de334b1 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/__snapshots__/index.test.tsx.snap
+++ b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/__snapshots__/index.test.tsx.snap
@@ -141,7 +141,7 @@ exports[`base/UserCenter/Drawer/UpdateUser should send update user request when
                         >
                           <button
                             aria-checked="false"
-                            class="ant-switch"
+                            class="ant-switch basic-switch-wrapper css-g6dhbn"
                             id="needUpdatePassWord"
                             role="switch"
                             type="button"
@@ -437,7 +437,7 @@ exports[`base/UserCenter/Drawer/UpdateUser should send update user request when
                         >
                           <button
                             aria-checked="false"
-                            class="ant-switch"
+                            class="ant-switch basic-switch-wrapper css-g6dhbn"
                             id="isDisabled"
                             role="switch"
                             type="button"
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.test.tsx b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.test.tsx
index f17553747..9957ced2b 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.test.tsx
+++ b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.test.tsx
@@ -7,10 +7,7 @@ import { screen, act, cleanup, fireEvent } from '@testing-library/react';
 import { useDispatch, useSelector } from 'react-redux';
 import { ModalName } from '../../../../../data/ModalName';
 import EmitterKey from '../../../../../data/EmitterKey';
-import {
-  getAllBySelector,
-  queryBySelector
-} from '@actiontech/shared/lib/testUtil/customQuery';
+import { queryBySelector } from '@actiontech/shared/lib/testUtil/customQuery';
 
 jest.mock('react-redux', () => ({
   ...jest.requireActual('react-redux'),
@@ -28,8 +25,9 @@ describe('base/UserCenter/Drawer/UpdateUser', () => {
     updateUserSpy = userCenter.updateUser();
     opPermissionListSpy = userCenter.getOpPermissionsList();
 
-    (useSelector as jest.Mock).mockImplementation((e) =>
-      e({
+    (useSelector as jest.Mock).mockImplementation((selector) =>
+      selector({
+        user: { uid: 'session-user-not-editing-self' },
         userCenter: {
           modalStatus: { [ModalName.DMS_Update_User]: true },
           selectUser: userList[0]
@@ -74,7 +72,8 @@ describe('base/UserCenter/Drawer/UpdateUser', () => {
         phone: '',
         wxid: '',
         op_permission_uids: ['700001'],
-        is_disabled: true
+        is_disabled: true,
+        business_write_permission: undefined
       },
       user_uid: mockUserData.uid
     });
@@ -129,15 +128,17 @@ describe('base/UserCenter/Drawer/UpdateUser', () => {
         phone: '',
         wxid: '',
         op_permission_uids: ['700001'],
-        is_disabled: false
+        is_disabled: false,
+        business_write_permission: undefined
       },
       user_uid: mockUserData.uid
     });
   });
 
   it('should disable field in document when user name is admin', async () => {
-    (useSelector as jest.Mock).mockImplementation((e) =>
-      e({
+    (useSelector as jest.Mock).mockImplementation((selector) =>
+      selector({
+        user: { uid: 'session-user-not-editing-self' },
         userCenter: {
           modalStatus: { [ModalName.DMS_Update_User]: true },
           selectUser: userList[2]
@@ -151,10 +152,6 @@ describe('base/UserCenter/Drawer/UpdateUser', () => {
       target: { value: 'test@163.com' }
     });
     await act(async () => jest.advanceTimersByTime(0));
-    fireEvent.mouseDown(screen.getByLabelText('平台角色'));
-    fireEvent.click(
-      getAllBySelector('.ant-select-item-option-content', baseElement)[0]
-    );
     fireEvent.click(screen.getByText('提 交'));
     await act(async () => jest.advanceTimersByTime(0));
     expect(updateUserSpy).toHaveBeenCalledTimes(1);
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.tsx b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.tsx
index 125c28322..6d16c2777 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.tsx
+++ b/packages/base/src/page/UserCenter/Drawer/User/UpdateUser/index.tsx
@@ -18,7 +18,8 @@ import {
 import User from '@actiontech/shared/lib/api/base/service/User';
 import { ListUserStatEnum } from '@actiontech/shared/lib/api/base/service/common.enum';
 import { BasicDrawer, BasicButton } from '@actiontech/dms-kit';
-import { SystemRole } from '@actiontech/dms-kit';
+import { SystemRole, OpPermissionTypeUid } from '@actiontech/dms-kit';
+import useUserInfo from '@actiontech/shared/lib/features/useUserInfo';
 const UpdateUser = () => {
   const [form] = Form.useForm<IUserFormFields>();
   const { t } = useTranslation();
@@ -30,7 +31,12 @@ const UpdateUser = () => {
   const currentUser = useSelector<IReduxState, IListUser | null>(
     (state) => state.userCenter.selectUser
   );
+  // Current logged-in user's UID (from Redux store)
+  const currentLoginUserId = useSelector<IReduxState, string>(
+    (state) => state.user.uid
+  );
   const [messageApi, contextHolder] = message.useMessage();
+  const { updateUserInfo } = useUserInfo();
   const onClose = useCallback(() => {
     form.resetFields();
     dispatch(
@@ -40,8 +46,13 @@ const UpdateUser = () => {
       })
     );
   }, [dispatch, form]);
+  const isEditingAdmin = currentUser?.name === SystemRole.admin;
+
   const updateUser = async () => {
     const values = await form.validateFields();
+    const isRoleSysAdmin =
+      values.opPermissionUid === OpPermissionTypeUid.system_administrator;
+    const shouldSendBWP = isRoleSysAdmin || isEditingAdmin;
     const userParams: IUpdateUser = {
       password: values.passwordConfirm,
       email: values.email ?? '',
@@ -50,7 +61,10 @@ const UpdateUser = () => {
       op_permission_uids: values.opPermissionUid
         ? [values.opPermissionUid]
         : [],
-      is_disabled: values.username !== 'admin' ? !!values.isDisabled : false
+      is_disabled: values.username !== 'admin' ? !!values.isDisabled : false,
+      business_write_permission: shouldSendBWP
+        ? !!values.businessWritePermission
+        : undefined
     };
     setTrue();
     User.UpdateUser({
@@ -66,6 +80,12 @@ const UpdateUser = () => {
             })
           );
           EventEmitter.emit(EmitterKey.DMS_Refresh_User_Center_List);
+          // If the updated user is the currently logged-in user, refresh user
+          // info in the Redux store so changes (e.g. BWP toggle) take effect
+          // immediately without requiring a full page reload.
+          if (currentUser?.uid && currentUser.uid === currentLoginUserId) {
+            updateUserInfo();
+          }
         }
       })
       .finally(() => {
@@ -82,9 +102,8 @@ const UpdateUser = () => {
         opPermissionUid: currentUser?.op_permissions?.map(
           (v) => v.uid ?? ''
         )?.[0],
-        isDisabled:
-          (currentUser?.stat ?? ListUserStatEnum.未知) ===
-          ListUserStatEnum.被禁用
+        isDisabled: currentUser?.stat === ListUserStatEnum.被禁用,
+        businessWritePermission: !!currentUser?.business_write_permission
       });
     }
   }, [visible, currentUser, form]);
@@ -114,7 +133,8 @@ const UpdateUser = () => {
         form={form}
         visible={visible}
         isUpdate={true}
-        isAdmin={currentUser?.name === SystemRole.admin}
+        isAdmin={isEditingAdmin}
+        isEditingAdmin={isEditingAdmin}
       />
     </BasicDrawer>
   );
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UserForm/__snapshots__/index.test.tsx.snap b/packages/base/src/page/UserCenter/Drawer/User/UserForm/__snapshots__/index.test.tsx.snap
index 688c943cd..f71ad1550 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UserForm/__snapshots__/index.test.tsx.snap
+++ b/packages/base/src/page/UserCenter/Drawer/User/UserForm/__snapshots__/index.test.tsx.snap
@@ -75,7 +75,7 @@ exports[`base/UserCenter/Drawer/UserForm should match snapshot when isAdmin is t
               >
                 <button
                   aria-checked="false"
-                  class="ant-switch"
+                  class="ant-switch basic-switch-wrapper css-g6dhbn"
                   id="needUpdatePassWord"
                   role="switch"
                   type="button"
@@ -784,7 +784,7 @@ exports[`base/UserCenter/Drawer/UserForm should match snapshot when isUpdate is
               >
                 <button
                   aria-checked="false"
-                  class="ant-switch"
+                  class="ant-switch basic-switch-wrapper css-g6dhbn"
                   id="needUpdatePassWord"
                   role="switch"
                   type="button"
@@ -1078,7 +1078,7 @@ exports[`base/UserCenter/Drawer/UserForm should match snapshot when isUpdate is
               >
                 <button
                   aria-checked="false"
-                  class="ant-switch"
+                  class="ant-switch basic-switch-wrapper css-g6dhbn"
                   id="isDisabled"
                   role="switch"
                   type="button"
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UserForm/__tests__/index.test.tsx b/packages/base/src/page/UserCenter/Drawer/User/UserForm/__tests__/index.test.tsx
new file mode 100644
index 000000000..75b145b2f
--- /dev/null
+++ b/packages/base/src/page/UserCenter/Drawer/User/UserForm/__tests__/index.test.tsx
@@ -0,0 +1,156 @@
+import { superRender } from '@actiontech/shared/lib/testUtil/superRender';
+import { Form } from 'antd';
+import UserForm from '../index';
+import { IUserFormFields } from '../index.type';
+import { act, screen, fireEvent } from '@testing-library/react';
+import { OpPermissionTypeUid } from '@actiontech/dms-kit';
+import userCenter from '@actiontech/shared/lib/testUtil/mockApi/base/userCenter';
+
+describe('UserForm business write permission switch', () => {
+  let getOpPermissionsListSpy: jest.SpyInstance;
+
+  beforeEach(() => {
+    jest.useFakeTimers();
+    getOpPermissionsListSpy = userCenter.getOpPermissionsList();
+  });
+
+  afterEach(() => {
+    jest.useRealTimers();
+    jest.clearAllMocks();
+  });
+
+  const renderUserForm = (
+    overrideProps: Partial<{
+      isUpdate: boolean;
+      isAdmin: boolean;
+      isEditingAdmin: boolean;
+      visible: boolean;
+    }> = {},
+    initialValues?: Partial<IUserFormFields>
+  ) => {
+    const Wrapper = () => {
+      const [form] = Form.useForm<IUserFormFields>();
+
+      if (initialValues) {
+        setTimeout(() => {
+          form.setFieldsValue(initialValues);
+        }, 0);
+      }
+
+      return (
+        <UserForm
+          form={form}
+          visible={overrideProps.visible ?? true}
+          isUpdate={overrideProps.isUpdate}
+          isAdmin={overrideProps.isAdmin}
+          isEditingAdmin={overrideProps.isEditingAdmin}
+        />
+      );
+    };
+
+    return superRender(<Wrapper />);
+  };
+
+  it('should show BWP switch when role is system administrator', async () => {
+    renderUserForm(
+      {},
+      { opPermissionUid: OpPermissionTypeUid.system_administrator }
+    );
+
+    await act(async () => jest.advanceTimersByTime(0));
+
+    expect(screen.getByText('业务写权')).toBeInTheDocument();
+  });
+
+  it('should hide BWP switch when role is normal user', async () => {
+    renderUserForm(
+      {},
+      { opPermissionUid: OpPermissionTypeUid.audit_administrator }
+    );
+
+    await act(async () => jest.advanceTimersByTime(0));
+
+    expect(screen.queryByText('业务写权')).not.toBeInTheDocument();
+  });
+
+  it('should always show BWP switch when editing admin account', async () => {
+    renderUserForm(
+      { isEditingAdmin: true, isUpdate: true },
+      { opPermissionUid: undefined }
+    );
+
+    await act(async () => jest.advanceTimersByTime(0));
+
+    expect(screen.getByText('业务写权')).toBeInTheDocument();
+  });
+
+  it('should reset BWP switch to checked when switching to system administrator role', async () => {
+    const Wrapper = () => {
+      const [form] = Form.useForm<IUserFormFields>();
+
+      return (
+        <div>
+          <UserForm form={form} visible={true} />
+          <button
+            data-testid="set-sysadmin"
+            onClick={() => {
+              form.setFieldsValue({
+                opPermissionUid: OpPermissionTypeUid.system_administrator,
+                businessWritePermission: true
+              });
+            }}
+          />
+          <button
+            data-testid="set-audit"
+            onClick={() => {
+              form.setFieldsValue({
+                opPermissionUid: OpPermissionTypeUid.audit_administrator
+              });
+            }}
+          />
+          <button
+            data-testid="set-sysadmin-again"
+            onClick={() => {
+              form.setFieldsValue({
+                opPermissionUid: OpPermissionTypeUid.system_administrator
+              });
+            }}
+          />
+        </div>
+      );
+    };
+
+    superRender(<Wrapper />);
+    await act(async () => jest.advanceTimersByTime(3000));
+
+    // Set to sysadmin first
+    fireEvent.click(screen.getByTestId('set-sysadmin'));
+    await act(async () => jest.advanceTimersByTime(0));
+    expect(screen.getByText('业务写权')).toBeInTheDocument();
+
+    // Switch to audit admin
+    fireEvent.click(screen.getByTestId('set-audit'));
+    await act(async () => jest.advanceTimersByTime(0));
+    expect(screen.queryByText('业务写权')).not.toBeInTheDocument();
+
+    // Switch back to sysadmin - should reset to checked
+    fireEvent.click(screen.getByTestId('set-sysadmin-again'));
+    await act(async () => jest.advanceTimersByTime(0));
+    expect(screen.getByText('业务写权')).toBeInTheDocument();
+  });
+
+  it('should default BWP switch to on for new system administrator', async () => {
+    renderUserForm(
+      {},
+      { opPermissionUid: OpPermissionTypeUid.system_administrator }
+    );
+
+    await act(async () => jest.advanceTimersByTime(0));
+
+    const switchEl = screen
+      .getByText('业务写权')
+      .closest('.ant-form-item')
+      ?.querySelector('.ant-switch');
+    expect(switchEl).not.toBeNull();
+  });
+});
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.tsx b/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.tsx
index feda7bc98..72da2696d 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.tsx
+++ b/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.tsx
@@ -1,11 +1,17 @@
 import { IUserFormProps } from './index.type';
-import { Form, Switch } from 'antd';
+import { Form } from 'antd';
 import type { Rule } from 'antd/es/form';
-import { BasicInput, BasicSelect, EmptyBox } from '@actiontech/dms-kit';
+import {
+  BasicInput,
+  BasicSelect,
+  BasicSwitch,
+  EmptyBox
+} from '@actiontech/dms-kit';
 import React, { useEffect } from 'react';
 import { useTranslation } from 'react-i18next';
 import { phoneRule } from '@actiontech/dms-kit';
 import { BasicToolTip } from '@actiontech/dms-kit';
+import { OpPermissionTypeUid } from '@actiontech/dms-kit';
 import useOpPermission from '../../../../../hooks/useOpPermission';
 import { ListOpPermissionsFilterByTargetEnum } from '@actiontech/shared/lib/api/base/service/OpPermission/index.enum';
 const UserForm: React.FC<IUserFormProps> = (props) => {
@@ -16,6 +22,8 @@ const UserForm: React.FC<IUserFormProps> = (props) => {
     updateOpPermissionList
   } = useOpPermission();
 
+  const currentOpPermissionUid = Form.useWatch('opPermissionUid', props.form);
+
   const getUsernameRules = (): Rule[] => {
     const rules: Rule[] = [
       {
@@ -41,6 +49,20 @@ const UserForm: React.FC<IUserFormProps> = (props) => {
       updateOpPermissionList(ListOpPermissionsFilterByTargetEnum.user);
     }
   }, [updateOpPermissionList, props.visible]);
+
+  const isSystemAdministrator = (uid: string | undefined): boolean => {
+    return uid === OpPermissionTypeUid.system_administrator;
+  };
+
+  const shouldShowBWP =
+    isSystemAdministrator(currentOpPermissionUid) || !!props.isEditingAdmin;
+
+  const handleSelectOpPermission = (value: string) => {
+    if (isSystemAdministrator(value)) {
+      props.form.setFieldValue('businessWritePermission', true);
+    }
+  };
+
   return (
     <Form form={props.form} layout="vertical">
       <Form.Item
@@ -62,7 +84,7 @@ const UserForm: React.FC<IUserFormProps> = (props) => {
           label={t('dmsUserCenter.user.userForm.needUpdatePassWord')}
           valuePropName="checked"
         >
-          <Switch />
+          <BasicSwitch />
         </Form.Item>
       </EmptyBox>
       <Form.Item
@@ -163,26 +185,41 @@ const UserForm: React.FC<IUserFormProps> = (props) => {
           })}
         />
       </Form.Item>
-      <Form.Item
-        name="opPermissionUid"
-        label={t('dmsUserCenter.user.userForm.opPermissions')}
-        rules={[
-          {
-            required: true,
-            message: t('common.form.placeholder.select', {
+      <EmptyBox if={!props.isEditingAdmin}>
+        <Form.Item
+          name="opPermissionUid"
+          label={t('dmsUserCenter.user.userForm.opPermissions')}
+          rules={[
+            {
+              required: !props.isEditingAdmin,
+              message: t('common.form.placeholder.select', {
+                name: t('dmsUserCenter.user.userForm.opPermissions')
+              })
+            }
+          ]}
+        >
+          <BasicSelect
+            loading={getOpPermissionListLoading}
+            placeholder={t('common.form.placeholder.select', {
               name: t('dmsUserCenter.user.userForm.opPermissions')
-            })
-          }
-        ]}
-      >
-        <BasicSelect
-          loading={getOpPermissionListLoading}
-          placeholder={t('common.form.placeholder.select', {
-            name: t('dmsUserCenter.user.userForm.opPermissions')
-          })}
-          options={opPermissionOptions}
-          optionFilterProp="label"
-        />
+            })}
+            options={opPermissionOptions}
+            optionFilterProp="label"
+            onChange={handleSelectOpPermission}
+          />
+        </Form.Item>
+      </EmptyBox>
+      <Form.Item noStyle>
+        <EmptyBox if={shouldShowBWP}>
+          <Form.Item
+            name="businessWritePermission"
+            label={t('dmsUserCenter.user.userForm.businessWritePermission')}
+            valuePropName="checked"
+            extra={t('dmsUserCenter.user.userForm.businessWritePermissionDesc')}
+          >
+            <BasicSwitch />
+          </Form.Item>
+        </EmptyBox>
       </Form.Item>
       <EmptyBox if={props.isUpdate && !props.isAdmin}>
         <Form.Item
@@ -198,7 +235,7 @@ const UserForm: React.FC<IUserFormProps> = (props) => {
           }
           valuePropName="checked"
         >
-          <Switch />
+          <BasicSwitch />
         </Form.Item>
       </EmptyBox>
     </Form>
diff --git a/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.type.ts b/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.type.ts
index 7b8c7770e..50d411082 100644
--- a/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.type.ts
+++ b/packages/base/src/page/UserCenter/Drawer/User/UserForm/index.type.ts
@@ -10,6 +10,7 @@ export interface IUserFormFields {
   wxid?: string;
   opPermissionUid?: string;
   isDisabled: boolean;
+  businessWritePermission?: boolean;
 }
 
 export interface IUserFormProps {
@@ -17,4 +18,5 @@ export interface IUserFormProps {
   visible: boolean;
   isUpdate?: boolean;
   isAdmin?: boolean;
+  isEditingAdmin?: boolean;
 }
diff --git a/packages/base/src/page/UserCenter/__tests__/__snapshots__/index.test.tsx.snap b/packages/base/src/page/UserCenter/__tests__/__snapshots__/index.test.tsx.snap
index 99ff0d9a5..cc70ab7f8 100644
--- a/packages/base/src/page/UserCenter/__tests__/__snapshots__/index.test.tsx.snap
+++ b/packages/base/src/page/UserCenter/__tests__/__snapshots__/index.test.tsx.snap
@@ -303,9 +303,7 @@ exports[`base/UserCenter should hidden action when user is not admin 1`] = `
                           <col />
                           <col />
                           <col />
-                          <col
-                            style="width: 35%;"
-                          />
+                          <col />
                           <col
                             style="width: 164px;"
                           />
@@ -520,7 +518,7 @@ exports[`base/UserCenter should hidden action when user is not admin 1`] = `
                                   style="padding-bottom: 4px;"
                                 >
                                   <span
-                                    class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                                    class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                                     style="height: 28px;"
                                   >
                                     创建项目
@@ -1804,9 +1802,7 @@ exports[`base/UserCenter should render user list when it first entered the user
                           <col />
                           <col />
                           <col />
-                          <col
-                            style="width: 35%;"
-                          />
+                          <col />
                           <col
                             style="width: 164px;"
                           />
@@ -2021,7 +2017,7 @@ exports[`base/UserCenter should render user list when it first entered the user
                                   style="padding-bottom: 4px;"
                                 >
                                   <span
-                                    class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                                    class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                                     style="height: 28px;"
                                   >
                                     创建项目
@@ -3457,9 +3453,7 @@ exports[`base/UserCenter switch to operate permission list 1`] = `
                           <col />
                           <col />
                           <col />
-                          <col
-                            style="width: 35%;"
-                          />
+                          <col />
                           <col
                             style="width: 164px;"
                           />
@@ -3674,7 +3668,7 @@ exports[`base/UserCenter switch to operate permission list 1`] = `
                                   style="padding-bottom: 4px;"
                                 >
                                   <span
-                                    class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                                    class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                                     style="height: 28px;"
                                   >
                                     创建项目
@@ -5414,9 +5408,7 @@ exports[`base/UserCenter switch to role list 1`] = `
                           <col />
                           <col />
                           <col />
-                          <col
-                            style="width: 35%;"
-                          />
+                          <col />
                           <col
                             style="width: 164px;"
                           />
@@ -5631,7 +5623,7 @@ exports[`base/UserCenter switch to role list 1`] = `
                                   style="padding-bottom: 4px;"
                                 >
                                   <span
-                                    class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                                    class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                                     style="height: 28px;"
                                   >
                                     创建项目
diff --git a/packages/base/src/page/UserCenter/__tests__/index.test.tsx b/packages/base/src/page/UserCenter/__tests__/index.test.tsx
index eb9aa04fc..1965767b9 100644
--- a/packages/base/src/page/UserCenter/__tests__/index.test.tsx
+++ b/packages/base/src/page/UserCenter/__tests__/index.test.tsx
@@ -7,6 +7,8 @@ import { useDispatch } from 'react-redux';
 import { ModalName } from '../../../data/ModalName';
 import { mockUseCurrentUser } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentUser';
 import { SystemRole } from '@actiontech/dms-kit';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
 
 jest.mock('react-redux', () => {
   return {
@@ -138,7 +140,6 @@ describe('base/UserCenter', () => {
         [SystemRole.admin]: false,
         [SystemRole.systemAdministrator]: false,
         [SystemRole.auditAdministrator]: true,
-        [SystemRole.projectDirector]: true,
         [SystemRole.certainProjectManager]: true
       }
     });
@@ -149,4 +150,64 @@ describe('base/UserCenter', () => {
     expect(screen.queryByText('添加角色')).not.toBeInTheDocument();
     expect(baseElement).toMatchSnapshot();
   });
+
+  describe('PermissionControl / usePermission', () => {
+    let usePermissionSpy: jest.SpyInstance | undefined;
+
+    afterEach(() => {
+      usePermissionSpy?.mockRestore();
+      usePermissionSpy = undefined;
+    });
+
+    it('should hide add user and add role header actions when checkActionPermission returns false', async () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(false),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(false)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      superRender(<UserCenter />);
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      expect(screen.queryByText('添加用户')).not.toBeInTheDocument();
+      expect(screen.queryByText('添加角色')).not.toBeInTheDocument();
+    });
+
+    it('should show add user on user tab when checkActionPermission returns true', async () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(true),
+          checkActionDisabledByBWP: jest.fn().mockReturnValue(false)
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      superRender(<UserCenter />);
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      expect(screen.getByText('添加用户')).toBeInTheDocument();
+    });
+
+    it('should disable add user header button when PermissionControl BWP blocks USER.ADD', async () => {
+      usePermissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn().mockReturnValue(true),
+          checkActionDisabledByBWP: jest
+            .fn()
+            .mockImplementation(
+              (permission: string) =>
+                permission === PERMISSIONS.ACTIONS.BASE.USER_CENTER.USER.ADD
+            )
+        },
+        { useSpyOnMockHooks: true }
+      );
+
+      superRender(<UserCenter />);
+      await act(async () => jest.advanceTimersByTime(3000));
+
+      expect(screen.getByText('添加用户').closest('button')).toBeDisabled();
+    });
+  });
 });
diff --git a/packages/base/src/page/UserCenter/components/UserList/List.tsx b/packages/base/src/page/UserCenter/components/UserList/List.tsx
index 3644b92ac..2aeb32019 100644
--- a/packages/base/src/page/UserCenter/components/UserList/List.tsx
+++ b/packages/base/src/page/UserCenter/components/UserList/List.tsx
@@ -22,12 +22,12 @@ import {
   updateSelectUser,
   updateUserManageModalStatus
 } from '../../../../store/userCenter';
-import { UserListColumns } from './column';
+import { userListColumns } from './column';
 import { ModalName } from '../../../../data/ModalName';
 import EventEmitter from '../../../../utils/EventEmitter';
 import EmitterKey from '../../../../data/EmitterKey';
 import { useCurrentUser, usePermission } from '@actiontech/shared/lib/features';
-import { UserListActions } from './action';
+import { userListActions } from './action';
 import {
   ListUsersFilterByStatEnum,
   ListUsersFilterByAuthenticationTypeEnum
@@ -112,7 +112,7 @@ const UserList: React.FC<{ activePage: UserCenterListEnum }> = ({
 
   const actions = useMemo(() => {
     return parse2TableActionPermissions(
-      UserListActions(onEditUser, onDeleteUser, username)
+      userListActions(onEditUser, onDeleteUser, username)
     );
   }, [parse2TableActionPermissions, onEditUser, onDeleteUser, username]);
 
@@ -125,7 +125,7 @@ const UserList: React.FC<{ activePage: UserCenterListEnum }> = ({
   );
 
   const columns = useMemo(() => {
-    return UserListColumns();
+    return userListColumns();
   }, []);
 
   const filterCustomProps = useMemo(() => {
diff --git a/packages/base/src/page/UserCenter/components/UserList/__tests__/UserList.test.tsx b/packages/base/src/page/UserCenter/components/UserList/__tests__/UserList.test.tsx
index aad7deed5..59fbed5ae 100644
--- a/packages/base/src/page/UserCenter/components/UserList/__tests__/UserList.test.tsx
+++ b/packages/base/src/page/UserCenter/components/UserList/__tests__/UserList.test.tsx
@@ -179,7 +179,6 @@ describe('base/UserCenter/UserList', () => {
         [SystemRole.admin]: false,
         [SystemRole.auditAdministrator]: true,
         [SystemRole.systemAdministrator]: true,
-        [SystemRole.projectDirector]: true,
         [SystemRole.certainProjectManager]: true
       }
     });
@@ -199,7 +198,6 @@ describe('base/UserCenter/UserList', () => {
         [SystemRole.admin]: false,
         [SystemRole.auditAdministrator]: true,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.certainProjectManager]: true
       }
     });
diff --git a/packages/base/src/page/UserCenter/components/UserList/__tests__/__snapshots__/UserList.test.tsx.snap b/packages/base/src/page/UserCenter/components/UserList/__tests__/__snapshots__/UserList.test.tsx.snap
index 0729437e3..e9b54024a 100644
--- a/packages/base/src/page/UserCenter/components/UserList/__tests__/__snapshots__/UserList.test.tsx.snap
+++ b/packages/base/src/page/UserCenter/components/UserList/__tests__/__snapshots__/UserList.test.tsx.snap
@@ -195,9 +195,7 @@ exports[`base/UserCenter/UserList render user table 1`] = `
                     <col />
                     <col />
                     <col />
-                    <col
-                      style="width: 35%;"
-                    />
+                    <col />
                     <col
                       style="width: 164px;"
                     />
@@ -412,7 +410,7 @@ exports[`base/UserCenter/UserList render user table 1`] = `
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -1679,9 +1677,7 @@ exports[`base/UserCenter/UserList should disabled action when current role is no
                   <col />
                   <col />
                   <col />
-                  <col
-                    style="width: 35%;"
-                  />
+                  <col />
                   <col
                     style="width: 164px;"
                   />
@@ -1896,7 +1892,7 @@ exports[`base/UserCenter/UserList should disabled action when current role is no
                           style="padding-bottom: 4px;"
                         >
                           <span
-                            class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                            class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                             style="height: 28px;"
                           >
                             创建项目
@@ -3011,9 +3007,7 @@ exports[`base/UserCenter/UserList should hidden action column when is not admin
                   <col />
                   <col />
                   <col />
-                  <col
-                    style="width: 35%;"
-                  />
+                  <col />
                   <col
                     style="width: 164px;"
                   />
@@ -3228,7 +3222,7 @@ exports[`base/UserCenter/UserList should hidden action column when is not admin
                           style="padding-bottom: 4px;"
                         >
                           <span
-                            class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                            class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                             style="height: 28px;"
                           >
                             创建项目
@@ -4495,9 +4489,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                     <col />
                     <col />
                     <col />
-                    <col
-                      style="width: 35%;"
-                    />
+                    <col />
                     <col
                       style="width: 164px;"
                     />
@@ -4708,7 +4700,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -4902,7 +4894,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -5096,7 +5088,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -5290,7 +5282,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -5484,7 +5476,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -5678,7 +5670,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -5872,7 +5864,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -6066,7 +6058,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -6260,7 +6252,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -6454,7 +6446,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -6648,7 +6640,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -6842,7 +6834,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -7036,7 +7028,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -7230,7 +7222,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -7424,7 +7416,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -7618,7 +7610,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -7812,7 +7804,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -8006,7 +7998,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -8200,7 +8192,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -8394,7 +8386,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -8814,9 +8806,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                     <col />
                     <col />
                     <col />
-                    <col
-                      style="width: 35%;"
-                    />
+                    <col />
                     <col
                       style="width: 164px;"
                     />
@@ -9027,7 +9017,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -9221,7 +9211,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -9415,7 +9405,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -9609,7 +9599,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -9803,7 +9793,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -9997,7 +9987,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -10191,7 +10181,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -10385,7 +10375,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -10579,7 +10569,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -10773,7 +10763,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -10967,7 +10957,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -11161,7 +11151,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -11355,7 +11345,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -11549,7 +11539,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -11743,7 +11733,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -11937,7 +11927,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -12131,7 +12121,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -12325,7 +12315,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -12519,7 +12509,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -12713,7 +12703,7 @@ exports[`base/UserCenter/UserList should refresh user table when change current
                             style="padding-bottom: 4px;"
                           >
                             <span
-                              class="ant-tag ant-tag-orange basic-tag-wrapper basic-small-tag-wrapper css-1h1nm3c"
+                              class="ant-tag ant-tag-default basic-tag-wrapper basic-small-tag-wrapper css-d31ub5"
                               style="height: 28px;"
                             >
                               创建项目
@@ -13133,9 +13123,7 @@ exports[`base/UserCenter/UserList should render empty tips when request not succ
                     <col />
                     <col />
                     <col />
-                    <col
-                      style="width: 35%;"
-                    />
+                    <col />
                     <col
                       style="width: 164px;"
                     />
diff --git a/packages/base/src/page/UserCenter/components/UserList/action.ts b/packages/base/src/page/UserCenter/components/UserList/action.ts
index 84f86db2f..e6784bab8 100644
--- a/packages/base/src/page/UserCenter/components/UserList/action.ts
+++ b/packages/base/src/page/UserCenter/components/UserList/action.ts
@@ -6,7 +6,7 @@ import {
 import { t } from '../../../../locale';
 import { OpPermissionTypeUid, SystemRole } from '@actiontech/dms-kit';
 
-export const UserListActions = (
+export const userListActions = (
   onEditUser: (record?: IListUser) => void,
   onDeleteUser: (record?: IListUser) => void,
   username: string
@@ -15,7 +15,7 @@ export const UserListActions = (
    * 用户列表操作列编辑按钮特殊权限控制：
    * 前置权限判断：当前登陆用户为 admin 或拥有 全局管理 权限。
    * 1. admin 用户仅 admin 能进行编辑
-   * 2. 若被操作列用户拥有全局管理权限，admin 用户以及自身用户能进行编辑
+   * 2. 若被操作列用户拥有全局管理权限，admin 用户以及自身用户且business_write_permission为true时能进行编辑
    */
   const calculateEditActionEnabled = (record?: IListUser) => {
     if (record?.name === SystemRole.admin) {
@@ -26,7 +26,10 @@ export const UserListActions = (
         (v) => v.uid === OpPermissionTypeUid.system_administrator
       )
     ) {
-      return username === SystemRole.admin || username === record.name;
+      if (username === record.name) {
+        return record.business_write_permission;
+      }
+      return username === SystemRole.admin;
     }
     return true;
   };
diff --git a/packages/base/src/page/UserCenter/components/UserList/column.tsx b/packages/base/src/page/UserCenter/components/UserList/column.tsx
index bc07b7ebc..7909727dd 100644
--- a/packages/base/src/page/UserCenter/components/UserList/column.tsx
+++ b/packages/base/src/page/UserCenter/components/UserList/column.tsx
@@ -1,21 +1,17 @@
 import { IListUser } from '@actiontech/shared/lib/api/base/service/common';
-import {
-  ActiontechTableColumn,
-  ActiontechTableActionMeta
-} from '@actiontech/dms-kit/es/components/ActiontechTable/index.type';
+import { ActiontechTableColumn } from '@actiontech/dms-kit/es/components/ActiontechTable/index.type';
 import { ListUserStatEnum } from '@actiontech/shared/lib/api/base/service/common.enum';
 import { t } from '../../../../locale';
 import {
   BasicTypographyEllipsis,
   TableColumnWithIconStyleWrapper
 } from '@actiontech/dms-kit';
-import { OpPermissionTypeUid, SystemRole } from '@actiontech/dms-kit';
 import { CheckHexagonOutlined, CloseHexagonOutlined } from '@actiontech/icons';
 import SystemRoleTagList from '../../../../components/SystemRoleTagList';
 import ProjectTagList from '../../../../components/ProjectTagList';
 import { IListUsersParams } from '@actiontech/shared/lib/api/base/service/User/index.d';
 
-export const UserListColumns: () => ActiontechTableColumn<
+export const userListColumns: () => ActiontechTableColumn<
   IListUser,
   IListUsersParams
 > = () => [
@@ -78,60 +74,6 @@ export const UserListColumns: () => ActiontechTableColumn<
   {
     dataIndex: 'projects',
     title: () => t('dmsUserCenter.user.userList.columns.projects'),
-    width: '35%',
     render: (list) => <ProjectTagList projectList={list} />
   }
 ];
-
-export const UserListActions = (
-  onEditUser: (record?: IListUser) => void,
-  onDeleteUser: (record?: IListUser) => void,
-  role: SystemRole | ''
-): ActiontechTableActionMeta<IListUser>[] => {
-  const calculateActionDisabled = (record?: IListUser) => {
-    if (
-      record?.op_permissions?.some(
-        (v) => v.uid === OpPermissionTypeUid.system_administrator
-      ) ||
-      record?.name === SystemRole.admin
-    ) {
-      return role !== SystemRole.admin;
-    }
-    return false;
-  };
-  return [
-    {
-      text: t('common.manage'),
-      key: 'userManage',
-      buttonProps: (record) => {
-        return {
-          onClick: () => {
-            onEditUser(record);
-          },
-          disabled: calculateActionDisabled(record)
-        };
-      }
-    },
-    {
-      text: t('common.delete'),
-      buttonProps: (record) => ({
-        danger: true,
-        disabled: calculateActionDisabled(record)
-      }),
-      key: 'userDelete',
-      confirm: (record) => {
-        return {
-          title: t('dmsUserCenter.user.deleteUser.confirmTitle', {
-            username: record?.name ?? ''
-          }),
-          onConfirm: () => {
-            onDeleteUser(record);
-          }
-        };
-      },
-      permissions: (record) => {
-        return record?.name !== SystemRole.admin;
-      }
-    }
-  ];
-};
diff --git a/packages/base/src/store/user/index.test.ts b/packages/base/src/store/user/index.test.ts
index ef96c401d..0d18ebfa9 100644
--- a/packages/base/src/store/user/index.test.ts
+++ b/packages/base/src/store/user/index.test.ts
@@ -8,7 +8,8 @@ import reducers, {
   updateManagementPermissions,
   updateLanguage,
   updateSystemPreference,
-  updateIsLoggingIn
+  updateIsLoggingIn,
+  updateBusinessWritePermission
 } from '.';
 import { IReduxState } from '..';
 import { LocalStorageWrapper } from '@actiontech/dms-kit';
@@ -35,7 +36,8 @@ describe('store user', () => {
     isUserInfoFetched: false,
     language: SupportLanguage.zhCN,
     systemPreference: undefined,
-    isLoggingIn: false
+    isLoggingIn: false,
+    businessWritePermission: true
   };
 
   it('should update token when dispatch updateToken action', () => {
@@ -57,7 +59,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -80,7 +83,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -104,7 +108,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -128,7 +133,8 @@ describe('store user', () => {
       role: SystemRole.admin,
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -151,7 +157,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -169,7 +176,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: true,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -200,7 +208,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -224,7 +233,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -247,7 +257,8 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: GetUserSystemEnum.MANAGEMENT,
-      isLoggingIn: false
+      isLoggingIn: false,
+      businessWritePermission: true
     });
   });
 
@@ -265,7 +276,27 @@ describe('store user', () => {
       role: '',
       isUserInfoFetched: false,
       systemPreference: undefined,
-      isLoggingIn: true
+      isLoggingIn: true,
+      businessWritePermission: true
+    });
+  });
+
+  it('should update businessWritePermission when dispatch updateBusinessWritePermission action', () => {
+    const newState = reducers(state, updateBusinessWritePermission(false));
+    expect(newState).not.toBe(state);
+    expect(newState).toEqual({
+      username: '',
+      uid: '',
+      token: '',
+      theme: SupportTheme.LIGHT,
+      language: SupportLanguage.zhCN,
+      bindProjects: [],
+      managementPermissions: [],
+      role: '',
+      isUserInfoFetched: false,
+      systemPreference: undefined,
+      isLoggingIn: false,
+      businessWritePermission: false
     });
   });
 });
diff --git a/packages/base/src/store/user/index.ts b/packages/base/src/store/user/index.ts
index 7042e9953..af92c9a06 100644
--- a/packages/base/src/store/user/index.ts
+++ b/packages/base/src/store/user/index.ts
@@ -27,6 +27,7 @@ type UserReduxState = {
   language: SupportLanguage;
   systemPreference?: GetUserSystemEnum;
   isLoggingIn: boolean;
+  businessWritePermission: boolean;
 };
 
 const initialState: UserReduxState = {
@@ -46,7 +47,8 @@ const initialState: UserReduxState = {
     DEFAULT_LANGUAGE
   ) as SupportLanguage,
   systemPreference: undefined,
-  isLoggingIn: false
+  isLoggingIn: false,
+  businessWritePermission: true
 };
 
 const user = createSlice({
@@ -123,6 +125,12 @@ const user = createSlice({
     },
     updateIsLoggingIn: (state, { payload }: PayloadAction<boolean>) => {
       state.isLoggingIn = payload;
+    },
+    updateBusinessWritePermission: (
+      state,
+      { payload }: PayloadAction<boolean>
+    ) => {
+      state.businessWritePermission = payload;
     }
   }
 });
@@ -137,7 +145,8 @@ export const {
   updateUserUid,
   updateUserInfoFetchStatus,
   updateSystemPreference,
-  updateIsLoggingIn
+  updateIsLoggingIn,
+  updateBusinessWritePermission
 } = user.actions;
 
 export default user.reducer;
diff --git a/packages/dms-kit/src/enum/index.ts b/packages/dms-kit/src/enum/index.ts
index e830d1228..ad8faa839 100644
--- a/packages/dms-kit/src/enum/index.ts
+++ b/packages/dms-kit/src/enum/index.ts
@@ -30,8 +30,7 @@ export enum SystemRole {
   admin = 'admin',
   certainProjectManager = 'certainProjectManager',
   auditAdministrator = 'auditAdministrator',
-  systemAdministrator = 'systemAdministrator',
-  projectDirector = 'projectDirector'
+  systemAdministrator = 'systemAdministrator'
 }
 
 export type UserRolesType = {
@@ -74,7 +73,6 @@ export enum StorageKey {
  * 后端暂时无法在swagger中暴露OpPermissionType的映射，但权限对应的uid一般不会变化，因此前端先保存一份。
  */
 export enum OpPermissionTypeUid {
-  'project_director' = '700001', // 项目总监；创建项目的用户自动拥有该项目管理权限 700001
   'project_admin' = '700002', // 项目管理；拥有该权限的用户可以管理项目下的所有资源 700002
   'create_workflow' = '700003', // 创建/编辑工单；拥有该权限的用户可以创建/编辑工单 700003
   'audit_workflow' = '700004', // 审核/驳回工单；拥有该权限的用户可以审核/驳回工单 700004
diff --git a/packages/shared/lib/api/base/service/common.d.ts b/packages/shared/lib/api/base/service/common.d.ts
index 6d4a5091c..a9312bbad 100644
--- a/packages/shared/lib/api/base/service/common.d.ts
+++ b/packages/shared/lib/api/base/service/common.d.ts
@@ -1200,6 +1200,8 @@ export interface IGetUser {
 
   authentication_type?: GetUserAuthenticationTypeEnum;
 
+  business_write_permission?: boolean;
+
   email?: string;
 
   is_admin?: boolean;
@@ -1245,6 +1247,8 @@ export interface IGetUserOpPermissionReply {
   code?: number;
 
   data?: {
+    business_write_permission?: boolean;
+
     is_admin?: boolean;
 
     op_permission_list?: IOpPermissionItem[];
@@ -2244,6 +2248,8 @@ export interface IListSensitiveDataDiscoveryTasksReply {
 export interface IListUser {
   authentication_type?: ListUserAuthenticationTypeEnum;
 
+  business_write_permission?: boolean;
+
   email?: string;
 
   is_deleted?: boolean;
@@ -3368,6 +3374,8 @@ export interface IUpdateSystemVariablesReqV1 {
 }
 
 export interface IUpdateUser {
+  business_write_permission?: boolean;
+
   email?: string;
 
   is_disabled?: boolean;
@@ -3432,6 +3440,8 @@ export interface IUpdateWebHookConfigurationReq {
 }
 
 export interface IUser {
+  business_write_permission?: boolean;
+
   desc?: string;
 
   email?: string;
diff --git a/packages/shared/lib/features/PermissionControl/index.tsx b/packages/shared/lib/features/PermissionControl/index.tsx
index 0fbef6bab..b4df0c763 100644
--- a/packages/shared/lib/features/PermissionControl/index.tsx
+++ b/packages/shared/lib/features/PermissionControl/index.tsx
@@ -1,3 +1,4 @@
+import React from 'react';
 import usePermission from '../usePermission/usePermission';
 import { PermissionControlProps } from './index.type';
 
@@ -5,9 +6,10 @@ const PermissionControl: React.FC<PermissionControlProps> = ({
   permission,
   children,
   projectID,
-  authDataSourceId
+  authDataSourceId,
+  skipBWPCheck
 }) => {
-  const { checkActionPermission } = usePermission();
+  const { checkActionPermission, checkActionDisabledByBWP } = usePermission();
 
   if (
     checkActionPermission(permission, {
@@ -15,6 +17,22 @@ const PermissionControl: React.FC<PermissionControlProps> = ({
       authDataSourceId
     })
   ) {
+    const bwpDisabled = !skipBWPCheck && checkActionDisabledByBWP(permission);
+    if (bwpDisabled) {
+      return (
+        <>
+          {React.Children.map(children, (child) => {
+            if (React.isValidElement(child)) {
+              return React.cloneElement(
+                child as React.ReactElement<Record<string, unknown>>,
+                { disabled: true }
+              );
+            }
+            return child;
+          })}
+        </>
+      );
+    }
     return <>{children}</>;
   }
 
diff --git a/packages/shared/lib/features/PermissionControl/index.type.ts b/packages/shared/lib/features/PermissionControl/index.type.ts
index b786b867e..44a51dc71 100644
--- a/packages/shared/lib/features/PermissionControl/index.type.ts
+++ b/packages/shared/lib/features/PermissionControl/index.type.ts
@@ -6,4 +6,11 @@ export type PermissionControlProps = {
   children: ReactNode;
   projectID?: string;
   authDataSourceId?: string;
+  /**
+   * When true, skip the BWP (Business Write Permission) disabled check
+   * inside PermissionControl. Use this when the caller already handles
+   * BWP logic with additional context (e.g., workflow assignee membership)
+   * and passes the correct `disabled` prop directly to the child.
+   */
+  skipBWPCheck?: boolean;
 };
diff --git a/packages/shared/lib/features/index.ts b/packages/shared/lib/features/index.ts
index facfc12a7..37fd85fdc 100644
--- a/packages/shared/lib/features/index.ts
+++ b/packages/shared/lib/features/index.ts
@@ -4,5 +4,6 @@ export { default as useCurrentProject } from './useCurrentProject';
 export { default as useDbServiceDriver } from './useDbServiceDriver';
 export { default as PermissionControl } from './PermissionControl';
 export { default as useChangeTheme } from './useChangeTheme';
+export { default as useBusinessWritePermission } from './useBusinessWritePermission';
 
 export * from './usePermission';
diff --git a/packages/shared/lib/features/useBusinessWritePermission/__tests__/enum_removal.test.ts b/packages/shared/lib/features/useBusinessWritePermission/__tests__/enum_removal.test.ts
new file mode 100644
index 000000000..b09f0492c
--- /dev/null
+++ b/packages/shared/lib/features/useBusinessWritePermission/__tests__/enum_removal.test.ts
@@ -0,0 +1,41 @@
+import { SystemRole } from '@actiontech/dms-kit';
+import { PERMISSION_MANIFEST } from '../../usePermission/permissionManifest';
+import { PERMISSIONS } from '../../usePermission/permissions';
+
+describe('project director enum removal', () => {
+  it('should not have projectDirector in SystemRole enum', () => {
+    const roleValues = Object.values(SystemRole);
+    expect(roleValues).not.toContain('projectDirector');
+    expect(roleValues).not.toContain('project_director');
+    expect(
+      (SystemRole as Record<string, string>).projectDirector
+    ).toBeUndefined();
+  });
+
+  it('should not have projectDirector in PROJECT_MANAGER permission manifest roles', () => {
+    const importManifest =
+      PERMISSION_MANIFEST[PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.IMPORT];
+    const exportManifest =
+      PERMISSION_MANIFEST[PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.EXPORT];
+    const createManifest =
+      PERMISSION_MANIFEST[PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.CREATE];
+
+    expect(importManifest.role).not.toContain('projectDirector');
+    expect(exportManifest.role).not.toContain('projectDirector');
+    expect(createManifest.role).not.toContain('projectDirector');
+
+    // Verify only admin and systemAdministrator remain
+    expect(importManifest.role).toEqual([
+      SystemRole.admin,
+      SystemRole.systemAdministrator
+    ]);
+    expect(exportManifest.role).toEqual([
+      SystemRole.admin,
+      SystemRole.systemAdministrator
+    ]);
+    expect(createManifest.role).toEqual([
+      SystemRole.admin,
+      SystemRole.systemAdministrator
+    ]);
+  });
+});
diff --git a/packages/shared/lib/features/useBusinessWritePermission/__tests__/index.test.ts b/packages/shared/lib/features/useBusinessWritePermission/__tests__/index.test.ts
new file mode 100644
index 000000000..01f23aa25
--- /dev/null
+++ b/packages/shared/lib/features/useBusinessWritePermission/__tests__/index.test.ts
@@ -0,0 +1,350 @@
+import { superRenderHook } from '../../../testUtil/superRender';
+import useBusinessWritePermission from '../index';
+import { mockUseCurrentUser } from '../../../testUtil/mockHook/mockUseCurrentUser';
+import { mockUseCurrentProject } from '../../../testUtil/mockHook/mockUseCurrentProject';
+import { SystemRole } from '@actiontech/dms-kit';
+
+const PROJECT_ID = 'proj-001';
+
+describe('useBusinessWritePermission', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  const testCases = [
+    {
+      name: 'should return isBusinessWriteDisabled=false when admin has BWP=true',
+      mockData: {
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: true
+      },
+      expected: {
+        isBusinessWriteDisabled: false,
+        businessWritePermission: true
+      }
+    },
+    {
+      name: 'should return isBusinessWriteDisabled=true when admin has BWP=false (no project context)',
+      mockData: {
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false
+      },
+      expected: {
+        isBusinessWriteDisabled: true,
+        businessWritePermission: false
+      }
+    },
+    {
+      name: 'should return isBusinessWriteDisabled=true when systemAdministrator has BWP=false (no project context)',
+      mockData: {
+        isAdmin: false,
+        userRoles: {
+          [SystemRole.admin]: false,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: true,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false
+      },
+      expected: {
+        isBusinessWriteDisabled: true,
+        businessWritePermission: false
+      }
+    },
+    {
+      name: 'should return isBusinessWriteDisabled=false when normal user has BWP=false',
+      mockData: {
+        isAdmin: false,
+        userRoles: {
+          [SystemRole.admin]: false,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false
+      },
+      expected: {
+        isBusinessWriteDisabled: false,
+        businessWritePermission: false
+      }
+    },
+    {
+      name: 'should return isBusinessWriteDisabled=false when systemAdministrator has BWP=true',
+      mockData: {
+        isAdmin: false,
+        userRoles: {
+          [SystemRole.admin]: false,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: true,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: true
+      },
+      expected: {
+        isBusinessWriteDisabled: false,
+        businessWritePermission: true
+      }
+    }
+  ];
+
+  testCases.forEach(({ name, mockData, expected }) => {
+    it(name, () => {
+      mockUseCurrentUser(mockData);
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(
+        expected.isBusinessWriteDisabled
+      );
+      expect(result.current.businessWritePermission).toBe(
+        expected.businessWritePermission
+      );
+    });
+  });
+
+  describe('project-level permission overrides BWP=off', () => {
+    it('should return isBusinessWriteDisabled=false when admin has BWP=false but is project manager in current project', () => {
+      mockUseCurrentUser({
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: true,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: true,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=true when admin has BWP=false and is NOT project manager and has NO project permissions in current project', () => {
+      mockUseCurrentUser({
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: false,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(true);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=false when admin has BWP=false but has data-source-level permissions in current project', () => {
+      mockUseCurrentUser({
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: false,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(
+        () => useBusinessWritePermission(),
+        undefined,
+        {
+          initStore: {
+            permission: {
+              moduleFeatureSupport: {
+                sqlOptimization: false,
+                knowledge: false
+              },
+              userOperationPermissions: {
+                is_admin: false,
+                op_permission_list: [
+                  {
+                    op_permission_type: 'create_workflow',
+                    range_type: 'db_service',
+                    range_uids: ['ds-001']
+                  }
+                ]
+              }
+            }
+          }
+        }
+      );
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=false when sysAdmin has BWP=false but has db_service permissions in current project', () => {
+      mockUseCurrentUser({
+        isAdmin: false,
+        userRoles: {
+          [SystemRole.admin]: false,
+          [SystemRole.certainProjectManager]: false,
+          [SystemRole.systemAdministrator]: true,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: false,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(
+        () => useBusinessWritePermission(),
+        undefined,
+        {
+          initStore: {
+            permission: {
+              moduleFeatureSupport: {
+                sqlOptimization: false,
+                knowledge: false
+              },
+              userOperationPermissions: {
+                is_admin: false,
+                op_permission_list: [
+                  {
+                    op_permission_type: 'create_workflow',
+                    range_type: 'db_service',
+                    range_uids: ['ds-001']
+                  },
+                  {
+                    op_permission_type: 'sql_query',
+                    range_type: 'db_service',
+                    range_uids: ['ds-001']
+                  }
+                ]
+              }
+            }
+          }
+        }
+      );
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=false when sysAdmin has BWP=false but is project manager in current project', () => {
+      mockUseCurrentUser({
+        isAdmin: false,
+        userRoles: {
+          [SystemRole.admin]: false,
+          [SystemRole.certainProjectManager]: true,
+          [SystemRole.systemAdministrator]: true,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: true,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=false when BWP=false and projectID from URL matches project_name (name-based routing)', () => {
+      mockUseCurrentUser({
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: true,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: false,
+        bindProjects: [
+          {
+            project_id: '700300',
+            project_name: 'default',
+            is_manager: true,
+            archived: false
+          }
+        ]
+      });
+      // Simulate URL param being project name instead of UID
+      mockUseCurrentProject({ projectID: 'default', projectName: 'default' });
+
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(false);
+    });
+
+    it('should return isBusinessWriteDisabled=true when in project context with is_manager=true but BWP=true (normal flow)', () => {
+      mockUseCurrentUser({
+        isAdmin: true,
+        userRoles: {
+          [SystemRole.admin]: true,
+          [SystemRole.certainProjectManager]: true,
+          [SystemRole.systemAdministrator]: false,
+          [SystemRole.auditAdministrator]: false
+        },
+        businessWritePermission: true,
+        bindProjects: [
+          {
+            project_id: PROJECT_ID,
+            project_name: 'proj',
+            is_manager: true,
+            archived: false
+          }
+        ]
+      });
+      mockUseCurrentProject({ projectID: PROJECT_ID, projectName: 'proj' });
+
+      const { result } = superRenderHook(() => useBusinessWritePermission());
+      expect(result.current.isBusinessWriteDisabled).toBe(false);
+      expect(result.current.businessWritePermission).toBe(true);
+    });
+  });
+});
diff --git a/packages/shared/lib/features/useBusinessWritePermission/index.ts b/packages/shared/lib/features/useBusinessWritePermission/index.ts
new file mode 100644
index 000000000..d794f7f4d
--- /dev/null
+++ b/packages/shared/lib/features/useBusinessWritePermission/index.ts
@@ -0,0 +1,111 @@
+import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
+import { IReduxState } from '../../../../base/src/store';
+import useCurrentUser from '../useCurrentUser';
+import useCurrentProject from '../useCurrentProject';
+
+/**
+ * Hook to check if business write actions should be disabled for the current user.
+ *
+ * When a system administrator (or admin) has businessWritePermission=false,
+ * business write operations should be disabled in the UI, UNLESS the user
+ * has project-level authorization in the current project. Project-level
+ * authorization includes:
+ * - Being a project manager (is_manager=true in bindProjects)
+ * - Having any explicit operation permission in the current project
+ *   (e.g., data-source-level roles like "development engineer" that grant
+ *   create_workflow, sql_query, pipeline permissions, etc.)
+ *
+ * This implements AC-1.4.3 / AC-1.8.5: BWP=off users with project-level
+ * authorization can still perform business write operations within the
+ * authorized project scope.
+ *
+ * This hook is safe to use both inside and outside a project route context:
+ * - Inside a project route: projectID is non-empty, project-level check is performed.
+ * - Outside a project route (global pages): projectID is empty, BWP=off always disables.
+ *
+ * @returns {object}
+ * - isBusinessWriteDisabled: true when BWP=false and user has no project-level override
+ * - businessWritePermission: raw BWP value from user info
+ */
+const useBusinessWritePermission = () => {
+  const { isAdmin, userRoles, businessWritePermission, bindProjects } =
+    useCurrentUser();
+  const { projectID } = useCurrentProject();
+  const { userOperationPermissions } = useSelector((state: IReduxState) => ({
+    userOperationPermissions: state.permission.userOperationPermissions
+  }));
+
+  // Determine if the user has any project-level authorization in the current project.
+  // This includes being a project manager (is_manager=true) OR having any explicit
+  // operation permission (e.g., data-source-level create_workflow, sql_query, etc.).
+  // If we are not in a project context (projectID empty), this is always false.
+  // Note: projectID from URL params may be either the numeric UID (e.g. "700300")
+  // or the project name (e.g. "default"), so we match against both project_id and
+  // project_name to handle both navigation patterns robustly.
+  const hasProjectLevelAuthorizationInCurrentProject = useMemo(() => {
+    if (!projectID) return false;
+
+    // Check 1: is_manager in bindProjects (project admin)
+    const project = bindProjects.find(
+      (v) => v.project_id === projectID || v.project_name === projectID
+    );
+    if (project?.is_manager) {
+      return true;
+    }
+
+    // Check 2: any explicit operation permission in the current project
+    // (e.g., data-source-level roles granted via project member config)
+    if (userOperationPermissions?.op_permission_list?.length) {
+      return userOperationPermissions.op_permission_list.some(
+        (permission) =>
+          // db_service-level permission means user has specific data source access
+          // in this project (the op_permission_list is already scoped to current project)
+          permission.range_uids?.length
+      );
+    }
+
+    return false;
+  }, [projectID, bindProjects, userOperationPermissions]);
+
+  const isBusinessWriteDisabled = useMemo(() => {
+    if (
+      (isAdmin || userRoles.systemAdministrator) &&
+      !businessWritePermission
+    ) {
+      // Project-level authorization overrides the global BWP=off flag.
+      // Only applies when we are inside a project context.
+      if (projectID && hasProjectLevelAuthorizationInCurrentProject) {
+        return false;
+      }
+      return true;
+    }
+    return false;
+  }, [
+    isAdmin,
+    userRoles.systemAdministrator,
+    businessWritePermission,
+    projectID,
+    hasProjectLevelAuthorizationInCurrentProject
+  ]);
+
+  /**
+   * isBWPOff: true when the user is an admin/systemAdministrator AND has
+   * businessWritePermission=false. This is the raw BWP-off flag regardless
+   * of project-level overrides. Used by checkActionDisabledByBWP to apply
+   * per-action permission checks when the user has partial project roles.
+   */
+  const isBWPOff = useMemo(() => {
+    return (
+      (isAdmin || userRoles.systemAdministrator) && !businessWritePermission
+    );
+  }, [isAdmin, userRoles.systemAdministrator, businessWritePermission]);
+
+  return {
+    isBusinessWriteDisabled,
+    isBWPOff,
+    businessWritePermission
+  };
+};
+
+export default useBusinessWritePermission;
diff --git a/packages/shared/lib/features/useCurrentUser/index.test.ts b/packages/shared/lib/features/useCurrentUser/index.test.ts
index db4addd34..6637a11b7 100644
--- a/packages/shared/lib/features/useCurrentUser/index.test.ts
+++ b/packages/shared/lib/features/useCurrentUser/index.test.ts
@@ -90,7 +90,6 @@ describe('hooks/useCurrentUser', () => {
       [SystemRole.admin]: true,
       [SystemRole.certainProjectManager]: true,
       [SystemRole.auditAdministrator]: false,
-      [SystemRole.projectDirector]: true,
       [SystemRole.systemAdministrator]: false
     });
     expect(result.current.systemPreference).toBe(GetUserSystemEnum.MANAGEMENT);
@@ -127,7 +126,6 @@ describe('hooks/useCurrentUser', () => {
       [SystemRole.admin]: false,
       [SystemRole.certainProjectManager]: false,
       [SystemRole.auditAdministrator]: true,
-      [SystemRole.projectDirector]: false,
       [SystemRole.systemAdministrator]: false
     });
   });
diff --git a/packages/shared/lib/features/useCurrentUser/index.ts b/packages/shared/lib/features/useCurrentUser/index.ts
index 918ef21fc..3d86ac34b 100644
--- a/packages/shared/lib/features/useCurrentUser/index.ts
+++ b/packages/shared/lib/features/useCurrentUser/index.ts
@@ -24,7 +24,8 @@ const useCurrentUser = () => {
     isUserInfoFetched,
     userId,
     language,
-    systemPreference
+    systemPreference,
+    businessWritePermission
   } = useSelector((state: IReduxState) => {
     return {
       username: state.user.username,
@@ -35,7 +36,8 @@ const useCurrentUser = () => {
       isUserInfoFetched: state.user.isUserInfoFetched,
       userId: state.user.uid,
       language: state.user.language,
-      systemPreference: state.user.systemPreference
+      systemPreference: state.user.systemPreference,
+      businessWritePermission: state.user.businessWritePermission
     };
   });
 
@@ -76,9 +78,6 @@ const useCurrentUser = () => {
       ),
       [SystemRole.systemAdministrator]: managementPermissions.some(
         (v) => v.uid === OpPermissionTypeUid.system_administrator
-      ),
-      [SystemRole.projectDirector]: managementPermissions.some(
-        (v) => v.uid === OpPermissionTypeUid.project_director
       )
     };
   }, [isAdmin, isCertainProjectManager, managementPermissions]);
@@ -98,7 +97,8 @@ const useCurrentUser = () => {
     userRoles,
     language,
     updateLanguage,
-    systemPreference
+    systemPreference,
+    businessWritePermission
   };
 };
 export default useCurrentUser;
diff --git a/packages/shared/lib/features/usePermission/__tests__/__snapshots__/index.test.ts.snap b/packages/shared/lib/features/usePermission/__tests__/__snapshots__/index.test.ts.snap
index 4243cfc17..cb8aeacfc 100644
--- a/packages/shared/lib/features/usePermission/__tests__/__snapshots__/index.test.ts.snap
+++ b/packages/shared/lib/features/usePermission/__tests__/__snapshots__/index.test.ts.snap
@@ -12,6 +12,7 @@ exports[`usePermission should match snapshot 1`] = `
       "CLOUD_BEAVER": {
         "CREATE_WHITE_LIST": "action:cb_create_white_list",
         "EXPORT": "action:export_cb_operation_log",
+        "OPEN_CLOUD_BEAVER": "action:open_cloud_beaver",
       },
       "DATA_EXPORT": {
         "APPROVE": "action:approve_data_export",
@@ -358,11 +359,13 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:approve_data_export": {
+    "businessWrite": true,
     "id": "action:approve_data_export",
     "projectArchived": false,
     "type": "action",
   },
   "action:approve_workflow": {
+    "businessWrite": true,
     "id": "action:approve_workflow",
     "projectArchived": false,
     "type": "action",
@@ -392,6 +395,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:batch_close_workflow": {
+    "businessWrite": true,
     "id": "action:batch_close_workflow",
     "role": [
       "admin",
@@ -400,11 +404,16 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:batch_exec_workflow": {
+    "businessWrite": true,
     "id": "action:batch_exec_workflow",
     "projectArchived": false,
     "type": "action",
   },
   "action:batch_ignore": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:batch_ignore",
     "projectArchived": false,
     "projectManager": true,
@@ -435,11 +444,16 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:batch_reject_workflow": {
+    "businessWrite": true,
     "id": "action:batch_reject_workflow",
     "projectArchived": false,
     "type": "action",
   },
   "action:batch_resolve": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:batch_resolve",
     "projectArchived": false,
     "projectManager": true,
@@ -450,6 +464,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:batch_sql_assignment": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:batch_sql_assignment",
     "projectArchived": false,
     "projectManager": true,
@@ -479,11 +497,13 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:cancel_schedule_time_exec_task": {
+    "businessWrite": true,
     "id": "action:cancel_schedule_time_exec_task",
     "projectArchived": false,
     "type": "action",
   },
   "action:cb_create_white_list": {
+    "businessWrite": true,
     "id": "action:cb_create_white_list",
     "projectArchived": false,
     "projectManager": true,
@@ -529,6 +549,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:clone_workflow": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_workflow",
     },
@@ -541,11 +562,13 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:close_data_export": {
+    "businessWrite": true,
     "id": "action:close_data_export",
     "projectArchived": false,
     "type": "action",
   },
   "action:close_workflow": {
+    "businessWrite": true,
     "id": "action:close_workflow",
     "projectArchived": false,
     "type": "action",
@@ -559,6 +582,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_SQL_exception": {
+    "businessWrite": true,
     "id": "action:create_SQL_exception",
     "projectArchived": false,
     "projectManager": true,
@@ -578,6 +602,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_data_export": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_export_task",
     },
@@ -591,6 +616,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_modified_sql_workflow": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_workflow",
     },
@@ -603,6 +629,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_pipeline_configuration": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_pipeline",
     },
@@ -627,6 +654,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_sql_audit": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_workflow",
     },
@@ -651,6 +679,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_sql_optimization": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_optimization",
     },
@@ -664,6 +693,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:create_workflow": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_workflow",
     },
@@ -677,6 +707,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:data_export_batch_close": {
+    "businessWrite": true,
     "id": "action:data_export_batch_close",
     "projectManager": true,
     "role": [
@@ -686,6 +717,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:data_export_create_whitelist": {
+    "businessWrite": true,
     "id": "action:data_export_create_whitelist",
     "projectArchived": false,
     "projectManager": true,
@@ -697,6 +729,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:db_service_create_audit_plan": {
+    "businessWrite": true,
     "dbServicePermission": {
       "fieldName": "uid",
       "opType": "save_audit_plan",
@@ -761,6 +794,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:delete_pipeline_configuration": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_pipeline",
     },
@@ -889,6 +923,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:edit_pipeline_configuration": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_pipeline",
     },
@@ -948,6 +983,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:edit_sql_remark": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:sql_management_action_layout",
     "projectArchived": false,
     "projectManager": true,
@@ -1065,16 +1104,22 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:exec_task": {
+    "businessWrite": true,
     "id": "action:exec_task",
     "projectArchived": false,
     "type": "action",
   },
   "action:execute_data_export": {
+    "businessWrite": true,
     "id": "action:execute_data_export",
     "projectArchived": false,
     "type": "action",
   },
   "action:export_cb_operation_log": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "sql_query",
+    },
     "id": "action:export_cb_operation_log",
     "type": "action",
   },
@@ -1151,11 +1196,13 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:manually_exec_workflow": {
+    "businessWrite": true,
     "id": "action:manually_exec_workflow",
     "projectArchived": false,
     "type": "action",
   },
   "action:masking_overview_configure_rule": {
+    "businessWrite": true,
     "id": "action:masking_overview_configure_rule",
     "projectPermission": "desensitization",
     "role": [
@@ -1166,6 +1213,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_task_create": {
+    "businessWrite": true,
     "id": "action:masking_task_create",
     "projectPermission": "desensitization",
     "role": [
@@ -1176,6 +1224,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_task_edit": {
+    "businessWrite": true,
     "id": "action:masking_task_edit",
     "projectPermission": "desensitization",
     "role": [
@@ -1186,6 +1235,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_task_view_history": {
+    "businessWrite": true,
     "id": "action:masking_task_view_history",
     "projectPermission": "desensitization",
     "role": [
@@ -1196,6 +1246,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_template_create": {
+    "businessWrite": true,
     "id": "action:masking_template_create",
     "projectPermission": "desensitization",
     "role": [
@@ -1206,6 +1257,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_template_delete": {
+    "businessWrite": true,
     "id": "action:masking_template_delete",
     "projectPermission": "desensitization",
     "role": [
@@ -1216,6 +1268,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:masking_template_edit": {
+    "businessWrite": true,
     "id": "action:masking_template_edit",
     "projectPermission": "desensitization",
     "role": [
@@ -1225,6 +1278,20 @@ exports[`usePermission should match snapshot 2`] = `
     ],
     "type": "action",
   },
+  "action:open_cloud_beaver": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "sql_query",
+    },
+    "id": "action:open_cloud_beaver",
+    "projectArchived": false,
+    "projectManager": true,
+    "role": [
+      "admin",
+      "systemAdministrator",
+    ],
+    "type": "action",
+  },
   "action:operation_log_expired_hours": {
     "id": "action:operation_log_expired_hours",
     "role": [
@@ -1250,6 +1317,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:plugin_audit_create_whitelist": {
+    "businessWrite": true,
     "id": "action:plugin_audit_create_whitelist",
     "projectArchived": false,
     "projectManager": true,
@@ -1291,7 +1359,6 @@ exports[`usePermission should match snapshot 2`] = `
     "role": [
       "admin",
       "systemAdministrator",
-      "projectDirector",
     ],
     "type": "action",
   },
@@ -1318,7 +1385,6 @@ exports[`usePermission should match snapshot 2`] = `
     "role": [
       "admin",
       "systemAdministrator",
-      "projectDirector",
     ],
     "type": "action",
   },
@@ -1337,7 +1403,6 @@ exports[`usePermission should match snapshot 2`] = `
     "role": [
       "admin",
       "systemAdministrator",
-      "projectDirector",
     ],
     "type": "action",
   },
@@ -1351,6 +1416,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:push_to_coding": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:push_to_coding",
     "projectArchived": false,
     "projectManager": true,
@@ -1361,6 +1430,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:reject_data_export": {
+    "businessWrite": true,
     "id": "action:reject_data_export",
     "projectArchived": false,
     "type": "action",
@@ -1375,16 +1445,19 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:retry_workflow": {
+    "businessWrite": true,
     "id": "action:retry_workflow",
     "projectArchived": false,
     "type": "action",
   },
   "action:rollback_workflow": {
+    "businessWrite": true,
     "id": "action:rollback_workflow",
     "projectArchived": false,
     "type": "action",
   },
   "action:rule_create_rule_template": {
+    "businessWrite": true,
     "id": "action:rule_create_rule_template",
     "projectArchived": false,
     "projectManager": true,
@@ -1395,6 +1468,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:schedule_time_exec_task": {
+    "businessWrite": true,
     "id": "action:schedule_time_exec_task",
     "projectArchived": false,
     "type": "action",
@@ -1408,6 +1482,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_assignment": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:sql_assignment",
     "projectArchived": false,
     "projectManager": true,
@@ -1418,6 +1496,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_action_layout": {
+    "businessWrite": true,
     "id": "action:sql_management_action_layout",
     "projectArchived": false,
     "projectManager": true,
@@ -1429,6 +1508,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_create_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1442,6 +1522,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_delete_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "fieldName": "instance_id",
       "opType": "save_audit_plan",
@@ -1456,6 +1537,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_detail_audit_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1469,6 +1551,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_detail_delete_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1482,6 +1565,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_detail_enable_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1495,6 +1579,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_detail_stop_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1508,6 +1593,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_edit_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "fieldName": "instance_id",
       "opType": "save_audit_plan",
@@ -1522,6 +1608,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_enable_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "fieldName": "instance_id",
       "opType": "save_audit_plan",
@@ -1536,6 +1623,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_reset_token": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "save_audit_plan",
     },
@@ -1549,6 +1637,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_conf_stop_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "fieldName": "instance_id",
       "opType": "save_audit_plan",
@@ -1563,6 +1652,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:sql_management_create_white_list": {
+    "businessWrite": true,
     "id": "action:sql_management_create_white_list",
     "projectArchived": false,
     "projectManager": true,
@@ -1601,11 +1691,13 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:terminate_exec_task": {
+    "businessWrite": true,
     "id": "action:terminate_exec_task",
     "projectArchived": false,
     "type": "action",
   },
   "action:terminate_exec_workflow": {
+    "businessWrite": true,
     "id": "action:terminate_exec_workflow",
     "projectArchived": false,
     "type": "action",
@@ -1625,6 +1717,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:update_sql_priority": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:update_sql_priority",
     "projectArchived": false,
     "projectManager": true,
@@ -1635,6 +1731,10 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:update_sql_status": {
+    "businessWrite": true,
+    "dbServicePermission": {
+      "opType": "save_audit_plan",
+    },
     "id": "action:update_sql_status",
     "projectArchived": false,
     "projectManager": true,
@@ -1664,6 +1764,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:version_management_add_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "version_manage",
     },
@@ -1677,6 +1778,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:version_management_delete_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "version_manage",
     },
@@ -1690,6 +1792,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:version_management_deploy_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "create_workflow",
     },
@@ -1703,6 +1806,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:version_management_edit_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "version_manage",
     },
@@ -1716,6 +1820,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:version_management_lock_operator": {
+    "businessWrite": true,
     "dbServicePermission": {
       "opType": "version_manage",
     },
@@ -1750,6 +1855,7 @@ exports[`usePermission should match snapshot 2`] = `
     "type": "action",
   },
   "action:workflow_sql_audit_result_create_white_list": {
+    "businessWrite": true,
     "id": "action:workflow_sql_audit_result_create_white_list",
     "projectArchived": false,
     "projectManager": true,
diff --git a/packages/shared/lib/features/usePermission/__tests__/index.test.ts b/packages/shared/lib/features/usePermission/__tests__/index.test.ts
index a1d3a7d55..7e0ec435f 100644
--- a/packages/shared/lib/features/usePermission/__tests__/index.test.ts
+++ b/packages/shared/lib/features/usePermission/__tests__/index.test.ts
@@ -32,6 +32,9 @@ describe('usePermission', () => {
   };
 
   beforeEach(() => {
+    mockState.permission.moduleFeatureSupport.sqlOptimization = true;
+    mockState.permission.userOperationPermissions.is_admin = false;
+    mockState.permission.userOperationPermissions.op_permission_list = [];
     (useSelector as jest.Mock).mockImplementation((selector) =>
       selector(mockState)
     );
@@ -87,16 +90,31 @@ describe('usePermission', () => {
       )
     ).toBeFalsy();
 
-    // Case 2: User is admin
+    // Case 2: is_admin alone does not grant db service permissions (must match
+    // project_admin or explicit db_service-scoped op_permission_list entries).
     mockState.permission.userOperationPermissions.is_admin = true;
     expect(
       result.current.checkDbServicePermission(
         OpPermissionItemOpPermissionTypeEnum.save_audit_plan,
         'dbService1'
       )
+    ).toBeFalsy();
+
+    // Case 2b: Admin with project_admin on current project can access db ops
+    mockState.permission.userOperationPermissions.op_permission_list = [
+      {
+        range_type: OpPermissionItemRangeTypeEnum.project,
+        range_uids: [mockProjectInfo.projectID, '2233'],
+        op_permission_type: OpPermissionItemOpPermissionTypeEnum.project_admin
+      }
+    ];
+    expect(
+      result.current.checkDbServicePermission(
+        OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+      )
     ).toBeTruthy();
 
-    // Case 3: User has project admin permission
+    // Case 3: User has project admin permission (non-admin flag)
     mockState.permission.userOperationPermissions.is_admin = false;
     mockState.permission.userOperationPermissions.op_permission_list = [
       {
@@ -155,7 +173,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: true,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
@@ -191,7 +208,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
@@ -236,7 +252,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: true,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
@@ -277,7 +292,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       },
       bindProjects: [
@@ -316,7 +330,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
@@ -352,7 +365,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
@@ -382,7 +394,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       },
       bindProjects: [
@@ -419,7 +430,6 @@ describe('usePermission', () => {
         [SystemRole.admin]: false,
         [SystemRole.certainProjectManager]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.auditAdministrator]: false
       }
     });
diff --git a/packages/shared/lib/features/usePermission/permissionManifest.ts b/packages/shared/lib/features/usePermission/permissionManifest.ts
index dc8caf4d0..9f80c4922 100644
--- a/packages/shared/lib/features/usePermission/permissionManifest.ts
+++ b/packages/shared/lib/features/usePermission/permissionManifest.ts
@@ -14,6 +14,7 @@ export type PermissionDetail = {
     opType: OpPermissionItemOpPermissionTypeEnum;
   };
   projectPermission?: OpPermissionItemOpPermissionTypeEnum;
+  businessWrite?: boolean;
 };
 
 export const PERMISSION_MANIFEST: Record<
@@ -88,7 +89,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TASK.EDIT]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TASK.EDIT,
@@ -98,7 +100,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TASK.VIEW_HISTORY]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TASK.VIEW_HISTORY,
@@ -108,7 +111,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.CREATE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.CREATE,
@@ -118,7 +122,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.EDIT]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.EDIT,
@@ -128,7 +133,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.DELETE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.TEMPLATE.DELETE,
@@ -138,7 +144,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_MASKING.OVERVIEW.CONFIGURE_RULE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_MASKING.OVERVIEW.CONFIGURE_RULE,
@@ -148,7 +155,8 @@ export const PERMISSION_MANIFEST: Record<
       SystemRole.systemAdministrator,
       SystemRole.auditAdministrator
     ],
-    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization
+    projectPermission: OpPermissionItemOpPermissionTypeEnum.desensitization,
+    businessWrite: true
   },
   [PERMISSIONS.PAGES.SQLE.REPORT_STATISTICS]: {
     id: PERMISSIONS.PAGES.SQLE.REPORT_STATISTICS,
@@ -276,7 +284,11 @@ export const PERMISSION_MANIFEST: Record<
   //cloud beaver
   [PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.EXPORT]: {
     id: PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.EXPORT,
-    type: 'action'
+    type: 'action',
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.sql_query
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.CREATE_WHITE_LIST]: {
     id: PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.CREATE_WHITE_LIST,
@@ -285,7 +297,19 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
+  },
+  [PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.OPEN_CLOUD_BEAVER]: {
+    id: PERMISSIONS.ACTIONS.BASE.CLOUD_BEAVER.OPEN_CLOUD_BEAVER,
+    type: 'action',
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.sql_query
+    },
+    projectManager: true,
+    projectArchived: false,
+    businessWrite: true
   },
 
   //数据源
@@ -316,7 +340,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       fieldName: 'uid',
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DB_SERVICE.EDIT]: {
     id: PERMISSIONS.ACTIONS.BASE.DB_SERVICE.EDIT,
@@ -689,7 +714,8 @@ export const PERMISSION_MANIFEST: Record<
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.BATCH_CLOSE,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
-    projectManager: true
+    projectManager: true,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CREATE_WHITELIST]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CREATE_WHITELIST,
@@ -698,7 +724,8 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CREATE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CREATE,
@@ -708,27 +735,32 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_export_task
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CLOSE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.CLOSE,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.REJECT,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.APPROVE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.APPROVE,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.EXECUTE]: {
     id: PERMISSIONS.ACTIONS.BASE.DATA_EXPORT.EXECUTE,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
 
   // SQL 工单
@@ -740,7 +772,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_workflow
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.EXPORT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.EXPORT,
@@ -749,7 +782,8 @@ export const PERMISSION_MANIFEST: Record<
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CLOSE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CLOSE,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CLONE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CLONE,
@@ -758,53 +792,63 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_workflow
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_REJECT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_REJECT,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.APPROVE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.APPROVE,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_EXEC]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_EXEC,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.MANUALLY_EXEC]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.MANUALLY_EXEC,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.TERMINATE_EXEC]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.TERMINATE_EXEC,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.TERMINATE_EXEC_TASK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.TERMINATE_EXEC_TASK,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.EXEC_TASK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.EXEC_TASK,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.SCHEDULE_TIME_EXEC_TASK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.SCHEDULE_TIME_EXEC_TASK,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CANCEL_SCHEDULE_TIME_EXEC_TASK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW
       .CANCEL_SCHEDULE_TIME_EXEC_TASK,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CREATE_WHITE_LIST]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CREATE_WHITE_LIST,
@@ -813,22 +857,26 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_CLOSE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_CLOSE,
     type: 'action',
-    role: [SystemRole.admin, SystemRole.systemAdministrator]
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.RETRY]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.RETRY,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.ROLLBACK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.ROLLBACK,
     type: 'action',
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
 
   // SQL 管控
@@ -837,21 +885,33 @@ export const PERMISSION_MANIFEST: Record<
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_STATUS]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_STATUS,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_PRIORITY]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_PRIORITY,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.CREATE_SQL_EXCEPTION]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.CREATE_SQL_EXCEPTION,
@@ -860,7 +920,8 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_sql_mange_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_sql_mange_white_list,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.CREATE_WHITE_LIST]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.CREATE_WHITE_LIST,
@@ -869,28 +930,41 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_ASSIGNMENT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_ASSIGNMENT,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_RESOLVE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_RESOLVE,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_IGNORE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.BATCH_IGNORE,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.ACTION_LAYOUT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.ACTION_LAYOUT,
@@ -899,21 +973,30 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.EDIT_REMARK]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.ACTION_LAYOUT,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.PUSH_TO_CODING]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.PUSH_TO_CODING,
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    dbServicePermission: {
+      opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
+    },
+    businessWrite: true
   },
 
   // SQL 管控例外
@@ -1072,7 +1155,8 @@ export const PERMISSION_MANIFEST: Record<
     type: 'action',
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     projectManager: true,
-    projectArchived: false
+    projectArchived: false,
+    businessWrite: true
   },
 
   //IDE审核
@@ -1083,7 +1167,8 @@ export const PERMISSION_MANIFEST: Record<
     projectManager: true,
     projectArchived: false,
     projectPermission:
-      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list
+      OpPermissionItemOpPermissionTypeEnum.manage_audit_sql_white_list,
+    businessWrite: true
   },
 
   // 数据源结构对比
@@ -1096,7 +1181,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_workflow
-    }
+    },
+    businessWrite: true
   },
 
   // 项目管理
@@ -1108,29 +1194,17 @@ export const PERMISSION_MANIFEST: Record<
   [PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.IMPORT]: {
     id: PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.IMPORT,
     type: 'action',
-    role: [
-      SystemRole.admin,
-      SystemRole.systemAdministrator,
-      SystemRole.projectDirector
-    ]
+    role: [SystemRole.admin, SystemRole.systemAdministrator]
   },
   [PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.EXPORT]: {
     id: PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.EXPORT,
     type: 'action',
-    role: [
-      SystemRole.admin,
-      SystemRole.systemAdministrator,
-      SystemRole.projectDirector
-    ]
+    role: [SystemRole.admin, SystemRole.systemAdministrator]
   },
   [PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.CREATE]: {
     id: PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.CREATE,
     type: 'action',
-    role: [
-      SystemRole.admin,
-      SystemRole.systemAdministrator,
-      SystemRole.projectDirector
-    ]
+    role: [SystemRole.admin, SystemRole.systemAdministrator]
   },
   [PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.EDIT]: {
     id: PERMISSIONS.ACTIONS.BASE.PROJECT_MANAGER.EDIT,
@@ -1209,7 +1283,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.version_manage
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT]: {
     id: PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT,
@@ -1219,7 +1294,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.version_manage
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DELETE]: {
     id: PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DELETE,
@@ -1229,7 +1305,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.version_manage
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.LOCK]: {
     id: PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.LOCK,
@@ -1239,7 +1316,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.version_manage
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DEPLOY]: {
     id: PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DEPLOY,
@@ -1249,7 +1327,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_workflow
     },
-    role: [SystemRole.admin, SystemRole.systemAdministrator]
+    role: [SystemRole.admin, SystemRole.systemAdministrator],
+    businessWrite: true
   },
 
   //SQL管控配置
@@ -1261,7 +1340,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.EDIT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.EDIT,
@@ -1272,7 +1352,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       fieldName: 'instance_id',
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.STOP]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.STOP,
@@ -1283,7 +1364,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       fieldName: 'instance_id',
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.ENABLE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.ENABLE,
@@ -1294,7 +1376,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       fieldName: 'instance_id',
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DELETE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DELETE,
@@ -1305,7 +1388,8 @@ export const PERMISSION_MANIFEST: Record<
     dbServicePermission: {
       fieldName: 'instance_id',
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_AUDIT]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_AUDIT,
@@ -1315,7 +1399,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_STOP]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_STOP,
@@ -1325,7 +1410,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_ENABLE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_ENABLE,
@@ -1335,7 +1421,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_DELETE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.DETAIL_DELETE,
@@ -1345,7 +1432,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.RESET_TOKEN]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF.RESET_TOKEN,
@@ -1355,7 +1443,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.save_audit_plan
-    }
+    },
+    businessWrite: true
   },
 
   // 快捷审核
@@ -1367,9 +1456,10 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_workflow
-    }
+    },
+    businessWrite: true
   },
-  // 快捷审核
+  // SQL 优化
   [PERMISSIONS.ACTIONS.SQLE.SQL_OPTIMIZATION.CREATE]: {
     id: PERMISSIONS.ACTIONS.SQLE.SQL_OPTIMIZATION.CREATE,
     type: 'action',
@@ -1378,7 +1468,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_optimization
-    }
+    },
+    businessWrite: true
   },
 
   // 流水线配置
@@ -1390,7 +1481,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_pipeline
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.PIPELINE_CONFIGURATION.EDIT]: {
     id: PERMISSIONS.ACTIONS.SQLE.PIPELINE_CONFIGURATION.EDIT,
@@ -1400,7 +1492,8 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_pipeline
-    }
+    },
+    businessWrite: true
   },
   [PERMISSIONS.ACTIONS.SQLE.PIPELINE_CONFIGURATION.DELETE]: {
     id: PERMISSIONS.ACTIONS.SQLE.PIPELINE_CONFIGURATION.DELETE,
@@ -1410,6 +1503,7 @@ export const PERMISSION_MANIFEST: Record<
     role: [SystemRole.admin, SystemRole.systemAdministrator],
     dbServicePermission: {
       opType: OpPermissionItemOpPermissionTypeEnum.create_pipeline
-    }
+    },
+    businessWrite: true
   }
 } as const;
diff --git a/packages/shared/lib/features/usePermission/permissions.ts b/packages/shared/lib/features/usePermission/permissions.ts
index 0344dc327..af725c8b5 100644
--- a/packages/shared/lib/features/usePermission/permissions.ts
+++ b/packages/shared/lib/features/usePermission/permissions.ts
@@ -97,6 +97,7 @@ export const PERMISSIONS = {
         }
       },
       CLOUD_BEAVER: {
+        OPEN_CLOUD_BEAVER: 'action:open_cloud_beaver',
         EXPORT: 'action:export_cb_operation_log',
         CREATE_WHITE_LIST: 'action:cb_create_white_list'
       },
diff --git a/packages/shared/lib/features/usePermission/usePermission.ts b/packages/shared/lib/features/usePermission/usePermission.ts
index 300f54ff3..8991b30e2 100644
--- a/packages/shared/lib/features/usePermission/usePermission.ts
+++ b/packages/shared/lib/features/usePermission/usePermission.ts
@@ -19,9 +19,11 @@ import {
 } from '../../api/base/service/common.enum';
 import { useSelector } from 'react-redux';
 import { IReduxState } from '../../../../base/src/store';
+import useBusinessWritePermission from '../useBusinessWritePermission';
 
 const usePermission = () => {
   const { userRoles, bindProjects } = useCurrentUser();
+  const { isBusinessWriteDisabled, isBWPOff } = useBusinessWritePermission();
   const { moduleFeatureSupport, userOperationPermissions } = useSelector(
     (state: IReduxState) => ({
       moduleFeatureSupport: state.permission.moduleFeatureSupport,
@@ -51,7 +53,7 @@ const usePermission = () => {
       authDataSourceId?: string
     ) => {
       if (userOperationPermissions) {
-        const { is_admin, op_permission_list } = userOperationPermissions;
+        const { op_permission_list } = userOperationPermissions;
         const isProjctAdmin = op_permission_list?.some((permission) => {
           if (
             permission.range_type === OpPermissionItemRangeTypeEnum.project &&
@@ -77,7 +79,7 @@ const usePermission = () => {
           }
           return false;
         });
-        if (is_admin || isProjctAdmin || hasServicePermission) {
+        if (isProjctAdmin || hasServicePermission) {
           return true;
         }
 
@@ -207,6 +209,125 @@ const usePermission = () => {
     ]
   );
 
+  const checkActionDisabledByBWP = useCallback(
+    (
+      requiredPermission: PermissionsConstantType,
+      otherValues?: {
+        record?: Record<string, string>;
+        authDataSourceId?: string;
+      }
+    ): boolean => {
+      const permissionDetails = PERMISSION_MANIFEST[requiredPermission];
+      // Non-businessWrite actions are never disabled by BWP
+      if (permissionDetails.businessWrite !== true) {
+        return false;
+      }
+      // BWP is on, or user is not admin/systemAdministrator => no BWP restriction
+      if (!isBWPOff) {
+        return false;
+      }
+      // BWP=off and user has NO project-level authorization at all => disabled
+      if (isBusinessWriteDisabled) {
+        return true;
+      }
+
+      // BWP=off but user has project-level authorization (isBusinessWriteDisabled=false).
+      // In this case, we must check whether the user actually has the SPECIFIC
+      // permission for this particular action. If the action requires a
+      // dbServicePermission or projectPermission that the user doesn't have,
+      // the button should remain disabled.
+      //
+      // This fixes the bug where having ANY project role (e.g., "development
+      // engineer" with create_workflow) would enable ALL businessWrite buttons
+      // (including data export, data masking, etc.).
+
+      // Check project-level permission (e.g., desensitization, manage_role_mange)
+      if (permissionDetails.projectPermission) {
+        if (checkProjectPermission(permissionDetails.projectPermission)) {
+          return false; // User has this specific project permission => not disabled
+        }
+      }
+
+      // Check db-service-level permission (e.g., create_workflow, version_manage)
+      if (permissionDetails.dbServicePermission) {
+        const { fieldName, opType } = permissionDetails.dbServicePermission;
+        const recordTyped = otherValues?.record as
+          | Record<string, string>
+          | undefined;
+        if (
+          checkDbServicePermission(
+            opType,
+            fieldName ? recordTyped?.[fieldName] : otherValues?.authDataSourceId
+          )
+        ) {
+          return false; // User has this specific db-service permission => not disabled
+        }
+      }
+
+      // Check if user is project manager (project managers can do everything)
+      if (permissionDetails.projectManager === true) {
+        const { isManager } = getProjectAttributesStatus();
+        if (isManager) {
+          return false;
+        }
+      }
+
+      // If the action has no specific dbServicePermission and no projectPermission
+      // requirement, it is a generic businessWrite action (like workflow approve,
+      // batch close, etc.). Since the user already has project-level authorization
+      // (isBusinessWriteDisabled=false), these generic actions should be enabled.
+      // Their access control is handled by other mechanisms (e.g., assignee checks).
+      if (
+        !permissionDetails.dbServicePermission &&
+        !permissionDetails.projectPermission
+      ) {
+        return false;
+      }
+
+      // User has a specific permission requirement but doesn't meet it => disabled
+      return true;
+    },
+    [
+      isBWPOff,
+      isBusinessWriteDisabled,
+      checkProjectPermission,
+      checkDbServicePermission,
+      getProjectAttributesStatus
+    ]
+  );
+
+  const mergeActionButtonPropsWithBWPDisabled = useCallback(
+    <T>(
+      buttonProps: ((record?: T) => Record<string, any>) | undefined,
+      bwpDisabled: boolean | ((record?: T) => boolean)
+    ): ((record?: T) => Record<string, any>) | undefined => {
+      if (typeof bwpDisabled === 'function') {
+        // Per-record BWP check: evaluate lazily for each row
+        if (typeof buttonProps === 'function') {
+          return (record?: T) => {
+            const disabled = bwpDisabled(record);
+            return disabled
+              ? { ...buttonProps(record), disabled: true }
+              : buttonProps(record);
+          };
+        }
+        return (record?: T) => {
+          const disabled = bwpDisabled(record);
+          return disabled ? { disabled: true } : {};
+        };
+      }
+      if (!bwpDisabled) return buttonProps;
+      if (typeof buttonProps === 'function') {
+        return (record?: T) => ({
+          ...buttonProps(record),
+          disabled: true
+        });
+      }
+      return () => ({ disabled: true });
+    },
+    []
+  );
+
   const parse2TableActionPermissions = useCallback(
     <
       T = Record<string, any>,
@@ -216,12 +337,26 @@ const usePermission = () => {
       actions: ActiontechTableActionsWithPermissions<T, F, OtherColumnKeys>
     ): ActiontechTableProps<T, F, OtherColumnKeys>['actions'] => {
       if (Array.isArray(actions)) {
-        return actions.map((item) => ({
-          ...item,
-          permissions: item.permissions
-            ? (record) => checkActionPermission(item.permissions!, { record })
-            : undefined
-        }));
+        return actions.map((item) => {
+          // Create per-record BWP check that passes record context for
+          // db-service-level permission evaluation
+          const bwpDisabledFn = item.permissions
+            ? (record?: T) =>
+                checkActionDisabledByBWP(item.permissions!, {
+                  record: record as unknown as Record<string, string>
+                })
+            : false;
+          return {
+            ...item,
+            permissions: item.permissions
+              ? (record) => checkActionPermission(item.permissions!, { record })
+              : undefined,
+            buttonProps: mergeActionButtonPropsWithBWPDisabled(
+              item.buttonProps,
+              bwpDisabledFn
+            )
+          };
+        });
       }
 
       const parseActionMoreButtons = (
@@ -229,49 +364,107 @@ const usePermission = () => {
       ): ActiontechTableActionsConfig<T, F, OtherColumnKeys>['moreButtons'] => {
         if (typeof moreButtons === 'function') {
           return (record: T) =>
-            moreButtons(record).map((item) => ({
-              ...item,
-              permissions: item.permissions
-                ? (data) =>
-                    checkActionPermission(item.permissions!, { record: data })
-                : undefined
-            }));
+            moreButtons(record).map((item) => {
+              const bwpDisabled = item.permissions
+                ? checkActionDisabledByBWP(item.permissions!, {
+                    record: record as unknown as Record<string, string>
+                  })
+                : false;
+              const itemDisabled = item.disabled;
+              return {
+                ...item,
+                permissions: item.permissions
+                  ? (data) =>
+                      checkActionPermission(item.permissions!, { record: data })
+                  : undefined,
+                disabled:
+                  typeof itemDisabled === 'function'
+                    ? (data?: T) =>
+                        (item.permissions
+                          ? checkActionDisabledByBWP(item.permissions!, {
+                              record: data as unknown as Record<string, string>
+                            })
+                          : false) || !!itemDisabled(data)
+                    : bwpDisabled || !!itemDisabled
+              };
+            });
         }
 
-        return moreButtons?.map((item) => ({
-          ...item,
-          permissions: item.permissions
-            ? (record) => checkActionPermission(item.permissions!, { record })
-            : undefined
-        }));
+        return moreButtons?.map((item) => {
+          const bwpDisabled = item.permissions
+            ? checkActionDisabledByBWP(item.permissions)
+            : false;
+          const itemDisabled = item.disabled;
+          return {
+            ...item,
+            permissions: item.permissions
+              ? (record) => checkActionPermission(item.permissions!, { record })
+              : undefined,
+            disabled:
+              typeof itemDisabled === 'function'
+                ? (data?: T) =>
+                    (item.permissions
+                      ? checkActionDisabledByBWP(item.permissions!, {
+                          record: data as unknown as Record<string, string>
+                        })
+                      : false) || !!itemDisabled(data)
+                : bwpDisabled || !!itemDisabled
+          };
+        });
       };
 
       return {
         ...actions,
-        buttons: actions.buttons.map((item) => ({
-          ...item,
-          permissions: item.permissions
-            ? (record) => checkActionPermission(item.permissions!, { record })
-            : undefined
-        })),
+        buttons: actions.buttons.map((item) => {
+          // Create per-record BWP check for row-level buttons
+          const bwpDisabledFn = item.permissions
+            ? (record?: T) =>
+                checkActionDisabledByBWP(item.permissions!, {
+                  record: record as unknown as Record<string, string>
+                })
+            : false;
+          return {
+            ...item,
+            permissions: item.permissions
+              ? (record) => checkActionPermission(item.permissions!, { record })
+              : undefined,
+            buttonProps: mergeActionButtonPropsWithBWPDisabled(
+              item.buttonProps,
+              bwpDisabledFn
+            )
+          };
+        }),
         moreButtons: parseActionMoreButtons(actions.moreButtons)
       };
     },
-    [checkActionPermission]
+    [
+      checkActionPermission,
+      checkActionDisabledByBWP,
+      mergeActionButtonPropsWithBWPDisabled
+    ]
   );
 
   const parse2TableToolbarActionPermissions = useCallback(
     (
       actions: ActiontechTableToolbarActionWithPermissions
     ): ActiontechTableToolbarActionMeta[] => {
-      return actions.map((item) => ({
-        ...item,
-        permissions: item.permissions
-          ? checkActionPermission(item.permissions!)
-          : undefined
-      }));
+      return actions.map((item) => {
+        const bwpDisabled = item.permissions
+          ? checkActionDisabledByBWP(item.permissions)
+          : false;
+        return {
+          ...item,
+          permissions: item.permissions
+            ? checkActionPermission(item.permissions!)
+            : undefined,
+          buttonProps: {
+            ...item.buttonProps,
+            ...(bwpDisabled ? { disabled: true } : {})
+          }
+        };
+      });
     },
-    [checkActionPermission]
+    [checkActionPermission, checkActionDisabledByBWP]
   );
 
   return {
@@ -280,6 +473,7 @@ const usePermission = () => {
     checkDbServicePermission,
     checkPagePermission,
     checkActionPermission,
+    checkActionDisabledByBWP,
     parse2TableActionPermissions,
     parse2TableToolbarActionPermissions,
     checkProjectPermission
diff --git a/packages/shared/lib/features/useUserInfo/index.test.ts b/packages/shared/lib/features/useUserInfo/index.test.ts
index 57fd879ad..5c313de2a 100644
--- a/packages/shared/lib/features/useUserInfo/index.test.ts
+++ b/packages/shared/lib/features/useUserInfo/index.test.ts
@@ -53,7 +53,7 @@ describe('useUserInfo', () => {
     expect(result.current.getUserInfoLoading).toBeFalsy();
     await act(() => result.current.getUserInfo());
     await act(async () => jest.advanceTimersByTime(3000));
-    expect(mockDispatch).toHaveBeenCalledTimes(6);
+    expect(mockDispatch).toHaveBeenCalledTimes(7);
 
     expect(mockDispatch).toHaveBeenCalledWith({
       payload: {
@@ -80,6 +80,10 @@ describe('useUserInfo', () => {
       },
       type: 'user/updateManagementPermissions'
     });
+    expect(mockDispatch).toHaveBeenCalledWith({
+      payload: true,
+      type: 'user/updateBusinessWritePermission'
+    });
     expect(mockDispatch).toHaveBeenCalledWith({
       payload: {
         systemPreference: GetUserSystemEnum.MANAGEMENT
@@ -103,7 +107,7 @@ describe('useUserInfo', () => {
     expect(result.current.getUserInfoLoading).toBeFalsy();
     await act(() => result.current.getUserInfo());
     await act(async () => jest.advanceTimersByTime(3000));
-    expect(mockDispatch).toHaveBeenCalledTimes(5);
+    expect(mockDispatch).toHaveBeenCalledTimes(6);
 
     expect(mockDispatch).not.toHaveBeenCalledWith({
       payload: {
@@ -121,7 +125,6 @@ describe('useUserInfo', () => {
     const { result } = renderHook(() => useUserInfo());
     await act(() => result.current.getUserInfo());
     await act(async () => jest.advanceTimersByTime(3000));
-    expect(mockDispatch).toHaveBeenCalledTimes(12);
     expect(mockDispatch).toHaveBeenNthCalledWith(1, {
       payload: { username: '', role: '' },
       type: 'user/updateUser'
@@ -146,6 +149,10 @@ describe('useUserInfo', () => {
       },
       type: 'user/updateManagementPermissions'
     });
+    expect(mockDispatch).toHaveBeenNthCalledWith(6, {
+      payload: true,
+      type: 'user/updateBusinessWritePermission'
+    });
     // expect(navigateSpy).toHaveBeenCalledTimes(1);
     // expect(navigateSpy).toHaveBeenCalledWith('/login', { replace: true });
   });
@@ -158,7 +165,6 @@ describe('useUserInfo', () => {
     const { result } = renderHook(() => useUserInfo());
     await act(() => result.current.getUserInfo());
     await act(async () => jest.advanceTimersByTime(3000));
-    expect(mockDispatch).toHaveBeenCalledTimes(6);
     expect(mockDispatch).toHaveBeenNthCalledWith(1, {
       payload: { username: '', role: '' },
       type: 'user/updateUser'
@@ -183,6 +189,10 @@ describe('useUserInfo', () => {
       },
       type: 'user/updateManagementPermissions'
     });
+    expect(mockDispatch).toHaveBeenNthCalledWith(6, {
+      payload: true,
+      type: 'user/updateBusinessWritePermission'
+    });
     // expect(navigateSpy).toHaveBeenCalledTimes(1);
     // expect(navigateSpy).toHaveBeenCalledWith('/login', { replace: true });
   });
diff --git a/packages/shared/lib/features/useUserInfo/index.ts b/packages/shared/lib/features/useUserInfo/index.ts
index ea48d43be..76aab3c1a 100644
--- a/packages/shared/lib/features/useUserInfo/index.ts
+++ b/packages/shared/lib/features/useUserInfo/index.ts
@@ -11,7 +11,8 @@ import {
   updateUserInfoFetchStatus,
   updateUserUid,
   updateLanguage,
-  updateSystemPreference
+  updateSystemPreference,
+  updateBusinessWritePermission
 } from '../../../../base/src/store/user';
 import {
   ResponseCode,
@@ -61,6 +62,8 @@ const useUserInfo = () => {
       })
     );
 
+    dispatch(updateBusinessWritePermission(true));
+
     dispatch(updateUserInfoFetchStatus(false));
   }, [dispatch]);
 
@@ -110,6 +113,12 @@ const useUserInfo = () => {
             })
           );
 
+          dispatch(
+            updateBusinessWritePermission(
+              data?.business_write_permission !== false
+            )
+          );
+
           if (!systemPreference) {
             dispatch(
               updateSystemPreference({
diff --git a/packages/shared/lib/testUtil/mockHook/data.tsx b/packages/shared/lib/testUtil/mockHook/data.tsx
index b50a68c4d..90a98ba26 100644
--- a/packages/shared/lib/testUtil/mockHook/data.tsx
+++ b/packages/shared/lib/testUtil/mockHook/data.tsx
@@ -33,8 +33,8 @@ export const mockCurrentUserReturn = {
   ],
   managementPermissions: [
     {
-      uid: OpPermissionTypeUid.project_director,
-      name: '创建项目'
+      uid: OpPermissionTypeUid.system_administrator,
+      name: '系统管理员'
     }
   ],
   projectID: '1',
@@ -51,11 +51,11 @@ export const mockCurrentUserReturn = {
     [SystemRole.admin]: true,
     [SystemRole.certainProjectManager]: true,
     [SystemRole.systemAdministrator]: true,
-    [SystemRole.auditAdministrator]: true,
-    [SystemRole.projectDirector]: true
+    [SystemRole.auditAdministrator]: true
   },
   hasGlobalViewingPermission: true,
-  systemPreference: GetUserSystemEnum.MANAGEMENT
+  systemPreference: GetUserSystemEnum.MANAGEMENT,
+  businessWritePermission: true
 };
 
 export const mockProjectInfo = {
diff --git a/packages/shared/lib/testUtil/mockHook/index.ts b/packages/shared/lib/testUtil/mockHook/index.ts
index 468609bcc..e1bdb7401 100644
--- a/packages/shared/lib/testUtil/mockHook/index.ts
+++ b/packages/shared/lib/testUtil/mockHook/index.ts
@@ -3,5 +3,6 @@ export { mockUseCurrentUser } from './mockUseCurrentUser';
 export { mockUseDbServiceDriver } from './mockUseDbServiceDriver';
 export { mockUsePermission } from './mockUsePermission';
 export { mockUseUserInfo } from './mockUseUserInfo';
+export { mockUseBusinessWritePermission } from './mockUseBusinessWritePermission';
 
 export * from './data';
diff --git a/packages/shared/lib/testUtil/mockHook/mockUseBusinessWritePermission.ts b/packages/shared/lib/testUtil/mockHook/mockUseBusinessWritePermission.ts
new file mode 100644
index 000000000..ee06e9e4b
--- /dev/null
+++ b/packages/shared/lib/testUtil/mockHook/mockUseBusinessWritePermission.ts
@@ -0,0 +1,18 @@
+import * as useBusinessWritePermission from '../../features/useBusinessWritePermission';
+
+export const mockBusinessWritePermissionReturn = {
+  isBusinessWriteDisabled: false,
+  isBWPOff: false,
+  businessWritePermission: true
+};
+
+export const mockUseBusinessWritePermission = (
+  data?: Partial<typeof mockBusinessWritePermissionReturn>
+) => {
+  const spy = jest.spyOn(useBusinessWritePermission, 'default');
+  spy.mockImplementation(() => ({
+    ...mockBusinessWritePermissionReturn,
+    ...data
+  }));
+  return spy;
+};
diff --git a/packages/shared/lib/testUtil/mockHook/mockUsePermission.ts b/packages/shared/lib/testUtil/mockHook/mockUsePermission.ts
index 654defe59..131403e78 100644
--- a/packages/shared/lib/testUtil/mockHook/mockUsePermission.ts
+++ b/packages/shared/lib/testUtil/mockHook/mockUsePermission.ts
@@ -19,6 +19,7 @@ const mockUsePermissionData = {
   checkDbServicePermission: jest.fn(),
   checkPagePermission: jest.fn(),
   checkActionPermission: jest.fn(),
+  checkActionDisabledByBWP: jest.fn().mockReturnValue(false),
   parse2TableActionPermissions: jest.fn(),
   parse2TableToolbarActionPermissions: jest.fn(),
   checkProjectPermission: jest.fn()
diff --git a/packages/sqle/src/page/DataSourceComparison/ComparisonEntry/index.tsx b/packages/sqle/src/page/DataSourceComparison/ComparisonEntry/index.tsx
index 8853782b4..b987a6c49 100644
--- a/packages/sqle/src/page/DataSourceComparison/ComparisonEntry/index.tsx
+++ b/packages/sqle/src/page/DataSourceComparison/ComparisonEntry/index.tsx
@@ -39,10 +39,15 @@ import {
 } from '@actiontech/shared/lib/api/sqle/service/common.enum';
 import ModifiedSqlDrawer from './component/ModifiedSqlDrawer';
 import { Key, useMemo, useState, useRef } from 'react';
+import { usePermission, PERMISSIONS } from '@actiontech/shared/lib/features';
 import { IGenDatabaseDiffModifySQLsV1Params } from '@actiontech/shared/lib/api/sqle/service/database_comparison/index.d';
 const ComparisonEntry: React.FC = () => {
   const { t } = useTranslation();
   const { projectName } = useCurrentProject();
+  const { checkActionDisabledByBWP } = usePermission();
+  const isBusinessWriteDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.DATA_SOURCE_COMPARISON.CREATE_MODIFIED_SQL_WORKFLOW
+  );
   const [messageApi, messageContextHolder] = message.useMessage();
   const treeRef = useRef<ComparisonTreeNodeRef>(null);
   const [
@@ -363,7 +368,7 @@ const ComparisonEntry: React.FC = () => {
           className="full-width-element"
           type="primary"
           onClick={executeComparison}
-          disabled={executeComparisonPending}
+          disabled={executeComparisonPending || isBusinessWriteDisabled}
           loading={executeComparisonPending}
           style={{
             marginTop: 16
@@ -442,7 +447,7 @@ const ComparisonEntry: React.FC = () => {
               )}
 
               {filteredWithoutParentNodeKey(checkedObjectNodeKeys).length ===
-              0 ? (
+                0 || isBusinessWriteDisabled ? (
                 <BasicToolTip
                   title={t(
                     'dataSourceComparison.entry.generateSQLDisabledTips'
diff --git a/packages/sqle/src/page/OperationRecord/List/index.test.tsx b/packages/sqle/src/page/OperationRecord/List/index.test.tsx
index 8e40a033e..564efafde 100644
--- a/packages/sqle/src/page/OperationRecord/List/index.test.tsx
+++ b/packages/sqle/src/page/OperationRecord/List/index.test.tsx
@@ -149,8 +149,7 @@ describe('sqle/OperationRecord/List', () => {
         admin: false,
         certainProjectManager: true,
         systemAdministrator: false,
-        auditAdministrator: false,
-        projectDirector: false
+        auditAdministrator: false
       }
     });
     const operationRecordListSpy = operationRecord.getOperationRecordList();
diff --git a/packages/sqle/src/page/SqlAudit/List/component/SqlAuditTags/index.tsx b/packages/sqle/src/page/SqlAudit/List/component/SqlAuditTags/index.tsx
index c8f96975a..1832cd6a7 100644
--- a/packages/sqle/src/page/SqlAudit/List/component/SqlAuditTags/index.tsx
+++ b/packages/sqle/src/page/SqlAudit/List/component/SqlAuditTags/index.tsx
@@ -13,6 +13,7 @@ import { Divider, Form, InputRef, Popover, Space, Spin, message } from 'antd';
 import { useForm } from 'antd/es/form/Form';
 import useSQLAuditRecordTag from '../../../../../hooks/useSQLAuditRecordTag';
 import { tagNameRule } from '@actiontech/dms-kit';
+import { usePermission, PERMISSIONS } from '@actiontech/shared/lib/features';
 export interface ISqlAuditTags {
   projectName: string;
   defaultTags: string[];
@@ -24,6 +25,10 @@ const SqlAuditTags = ({
   updateTags
 }: ISqlAuditTags) => {
   const { t } = useTranslation();
+  const { checkActionDisabledByBWP } = usePermission();
+  const isBusinessWriteDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_AUDIT.CREATE
+  );
   const [messageApi, messageContextHolder] = message.useMessage();
   const [open, setOpen] = useState(false);
   const [extraTagForm] = useForm<{
@@ -141,7 +146,7 @@ const SqlAuditTags = ({
             color="geekblue"
             size="small"
             key={v}
-            closable
+            closable={!isBusinessWriteDisabled}
             onClose={(e) => {
               e.preventDefault();
               removeTag(v);
@@ -172,6 +177,7 @@ const SqlAuditTags = ({
             shape="circle"
             size="small"
             onClick={handelClickAddTagsIcon}
+            disabled={isBusinessWriteDisabled}
           ></SqlAuditTagsButton>
         </Popover>
       </Space>
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/column.tsx b/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/column.tsx
index d9820a953..a02c8f0f0 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/column.tsx
+++ b/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/column.tsx
@@ -12,7 +12,8 @@ import { BackupStrategyDictionary } from './index.data';
 export const AuditResultForCreateWorkflowColumn = (
   updateSqlDescribe: (sqlNum: number, sqlDescribe: string) => void,
   onClickAuditResult: (record: IAuditTaskSQLResV2) => void,
-  onSwitchSqlBackupPolicy: (sqlID?: number) => void
+  onSwitchSqlBackupPolicy: (sqlID?: number) => void,
+  isBusinessWriteDisabled?: boolean
 ): ActiontechTableColumn<IAuditTaskSQLResV2> => {
   return [
     {
@@ -90,6 +91,9 @@ export const AuditResultForCreateWorkflowColumn = (
       title: () => t('execWorkflow.audit.table.describe'),
       className: 'audit-result-describe-column',
       render: (description, record) => {
+        if (isBusinessWriteDisabled) {
+          return description || '-';
+        }
         return (
           <EditText
             editButtonProps={{
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/index.tsx b/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/index.tsx
index a57c976e7..4961e796f 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/index.tsx
+++ b/packages/sqle/src/page/SqlExecWorkflow/Common/AuditResultList/Table/index.tsx
@@ -14,7 +14,7 @@ import AuditResultDrawer from './AuditResultDrawer';
 import useWhitelistRedux from '../../../../Whitelist/hooks/useWhitelistRedux';
 import AddWhitelistModal from '../../../../Whitelist/Drawer/AddWhitelist';
 import { AuditResultForCreateWorkflowActions } from './actions';
-import { usePermission } from '@actiontech/shared/lib/features';
+import { usePermission, PERMISSIONS } from '@actiontech/shared/lib/features';
 import { parse2ReactRouterPath } from '@actiontech/shared/lib/components/TypedRouter/utils';
 import { ROUTE_PATHS } from '@actiontech/dms-kit';
 import SwitchSqlBackupStrategyModal from './SwitchSqlBackupStrategyModal';
@@ -53,7 +53,11 @@ const AuditResultTable: React.FC<AuditResultTableProps> = ({
   const { pagination, tableChange, setPagination } = useTableRequestParams();
   const { requestErrorMessage, handleTableRequestError } =
     useTableRequestError();
-  const { parse2TableActionPermissions } = usePermission();
+  const { parse2TableActionPermissions, checkActionDisabledByBWP } =
+    usePermission();
+  const isBusinessWriteDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CREATE
+  );
   const { openCreateWhitelistModal, updateSelectWhitelistRecord } =
     useWhitelistRedux();
   const [
@@ -187,7 +191,8 @@ const AuditResultTable: React.FC<AuditResultTableProps> = ({
     const columnList = AuditResultForCreateWorkflowColumn(
       updateSqlDescribe,
       onClickAuditResult,
-      onSwitchSqlBackupPolicy
+      onSwitchSqlBackupPolicy,
+      isBusinessWriteDisabled
     );
     return allowSwitchBackupPolicy
       ? columnList
@@ -196,7 +201,8 @@ const AuditResultTable: React.FC<AuditResultTableProps> = ({
     onSwitchSqlBackupPolicy,
     updateSqlDescribe,
     onClickAuditResult,
-    allowSwitchBackupPolicy
+    allowSwitchBackupPolicy,
+    isBusinessWriteDisabled
   ]);
 
   // @feature: useTableRequestParams 整合自定义filter info
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/__test__/useWorkflowDetailAction.test.ts b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/__test__/useWorkflowDetailAction.test.ts
index 6a0be19b5..a986c09ae 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/__test__/useWorkflowDetailAction.test.ts
+++ b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/__test__/useWorkflowDetailAction.test.ts
@@ -6,6 +6,10 @@ import useWorkflowDetailAction from '../hooks/useWorkflowDetailAction';
 import { WorkflowDetailPageHeaderExtraProps } from '../index.type';
 import { mockUseCurrentProject } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentProject';
 import { WorkflowListData } from '@actiontech/shared/lib/testUtil/mockApi/sqle/execWorkflow/data';
+import workflow from '@actiontech/shared/lib/api/sqle/service/workflow';
+import { ResponseCode } from '@actiontech/dms-kit';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
 
 describe('sqle/SqlExecWorkflow/Detail/useWorkflowDetailAction', () => {
   const refreshWorkflowFn = jest.fn();
@@ -19,6 +23,10 @@ describe('sqle/SqlExecWorkflow/Detail/useWorkflowDetailAction', () => {
   const startRollback = jest.fn();
   const showModifySqlStatementStep = jest.fn();
 
+  let checkActionDisabledByBWPMock: jest.Mock;
+  let usePermissionSpy: jest.SpyInstance | undefined;
+  let cancelWorkflowSpy: jest.SpyInstance;
+
   const customRender = (
     params: Partial<
       Pick<
@@ -63,11 +71,27 @@ describe('sqle/SqlExecWorkflow/Detail/useWorkflowDetailAction', () => {
 
   beforeEach(() => {
     jest.useFakeTimers();
+    checkActionDisabledByBWPMock = jest.fn().mockReturnValue(false);
+    usePermissionSpy = mockUsePermission(
+      {
+        checkActionDisabledByBWP: checkActionDisabledByBWPMock
+      },
+      { useSpyOnMockHooks: true }
+    );
     mockUseCurrentUser();
     mockUseCurrentProject();
+    cancelWorkflowSpy = jest
+      .spyOn(workflow, 'cancelWorkflowV2')
+      .mockResolvedValue({
+        data: { code: ResponseCode.SUCCESS }
+      } as never);
   });
 
   afterEach(() => {
+    usePermissionSpy?.mockRestore();
+    usePermissionSpy = undefined;
+    cancelWorkflowSpy?.mockRestore();
+    jest.useRealTimers();
     jest.clearAllMocks();
     cleanup();
   });
@@ -81,4 +105,80 @@ describe('sqle/SqlExecWorkflow/Detail/useWorkflowDetailAction', () => {
       await act(async () => jest.advanceTimersByTime(500));
     });
   });
+
+  describe('checkActionDisabledByBWP (SQL exec workflow)', () => {
+    it('should set auditPassWorkflowButtonMeta.disabled when BWP blocks APPROVE', () => {
+      checkActionDisabledByBWPMock.mockImplementation(
+        (permission: string) =>
+          permission === PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.APPROVE
+      );
+      const { result } = customRender();
+      expect(result.current.auditPassWorkflowButtonMeta.disabled).toBe(true);
+      expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(false);
+      expect(result.current.batchExecutingWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+      expect(result.current.manualExecuteWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+    });
+
+    it('should set rejectWorkflowButtonMeta.disabled when BWP blocks BATCH_REJECT', () => {
+      checkActionDisabledByBWPMock.mockImplementation(
+        (permission: string) =>
+          permission === PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_REJECT
+      );
+      const { result } = customRender();
+      expect(result.current.auditPassWorkflowButtonMeta.disabled).toBe(false);
+      expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(true);
+      expect(result.current.batchExecutingWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+      expect(result.current.manualExecuteWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+    });
+
+    it('should set batchExecutingWorkflowButtonMeta.disabled when BWP blocks BATCH_EXEC', () => {
+      checkActionDisabledByBWPMock.mockImplementation(
+        (permission: string) =>
+          permission === PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_EXEC
+      );
+      const { result } = customRender();
+      expect(result.current.batchExecutingWorkflowButtonMeta.disabled).toBe(
+        true
+      );
+      expect(result.current.manualExecuteWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+    });
+
+    it('should set manualExecuteWorkflowButtonMeta.disabled when BWP blocks MANUALLY_EXEC', () => {
+      checkActionDisabledByBWPMock.mockImplementation(
+        (permission: string) =>
+          permission ===
+          PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.MANUALLY_EXEC
+      );
+      const { result } = customRender();
+      expect(result.current.batchExecutingWorkflowButtonMeta.disabled).toBe(
+        false
+      );
+      expect(result.current.manualExecuteWorkflowButtonMeta.disabled).toBe(
+        true
+      );
+    });
+
+    it('should set all BWP-driven action metas disabled when checkActionDisabledByBWP always returns true', () => {
+      checkActionDisabledByBWPMock.mockReturnValue(true);
+      const { result } = customRender();
+      expect(result.current.auditPassWorkflowButtonMeta.disabled).toBe(true);
+      expect(result.current.rejectWorkflowButtonMeta.disabled).toBe(true);
+      expect(result.current.batchExecutingWorkflowButtonMeta.disabled).toBe(
+        true
+      );
+      expect(result.current.manualExecuteWorkflowButtonMeta.disabled).toBe(
+        true
+      );
+    });
+  });
 });
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/action.tsx b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/action.tsx
index 3e17177d3..c55a6a1e8 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/action.tsx
+++ b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/action.tsx
@@ -50,11 +50,13 @@ export const BatchRejectWorkflowAction = (
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_REJECT}
+      skipBWPCheck
     >
       <ActionButton
         text={t('execWorkflow.detail.operator.rejectFull')}
         onClick={openRejectModal}
         hidden={rejectWorkflowButtonMeta.hidden}
+        disabled={rejectWorkflowButtonMeta.disabled}
       />
     </PermissionControl>
   );
@@ -65,11 +67,15 @@ export const ApproveWorkflowAction = (
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.APPROVE}
+      skipBWPCheck
     >
       <ActionButton
         text={t('execWorkflow.detail.operator.sqlReview')}
         hidden={approveWorkflowButtonMeta.hidden}
-        disabled={approveWorkflowButtonMeta.loading}
+        disabled={
+          approveWorkflowButtonMeta.loading ||
+          approveWorkflowButtonMeta.disabled
+        }
         loading={approveWorkflowButtonMeta.loading}
         onClick={() => approveWorkflowButtonMeta.action()}
         type="primary"
@@ -85,11 +91,16 @@ export const BatchExecWorkflowAction = (
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_EXEC}
+      skipBWPCheck
     >
       <ActionButton
         text={t('execWorkflow.detail.operator.batchSqlExecute')}
         hidden={batchExecutingWorkflowButtonMeta.hidden}
-        disabled={batchExecutingWorkflowButtonMeta.loading || !executable}
+        disabled={
+          batchExecutingWorkflowButtonMeta.loading ||
+          !executable ||
+          batchExecutingWorkflowButtonMeta.disabled
+        }
         loading={batchExecutingWorkflowButtonMeta.loading}
         type="primary"
         actionType={executable ? 'confirm' : 'tooltip'}
@@ -114,11 +125,16 @@ export const MarkManuallyExecWorkflowAction = (
   return (
     <PermissionControl
       permission={PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.MANUALLY_EXEC}
+      skipBWPCheck
     >
       <ActionButton
         text={t('execWorkflow.detail.operator.markManually')}
         hidden={manualExecuteWorkflowButtonMeta.hidden}
-        disabled={manualExecuteWorkflowButtonMeta.loading || !executable}
+        disabled={
+          manualExecuteWorkflowButtonMeta.loading ||
+          !executable ||
+          manualExecuteWorkflowButtonMeta.disabled
+        }
         loading={manualExecuteWorkflowButtonMeta.loading}
         type="primary"
         actionType={executable ? 'confirm' : 'tooltip'}
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/hooks/useWorkflowDetailAction.tsx b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/hooks/useWorkflowDetailAction.tsx
index 581bfcc2a..1a206d6eb 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/hooks/useWorkflowDetailAction.tsx
+++ b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/hooks/useWorkflowDetailAction.tsx
@@ -8,7 +8,11 @@ import {
   WorkflowRecordResV2StatusEnum,
   WorkflowStepResV2TypeEnum
 } from '@actiontech/shared/lib/api/sqle/service/common.enum';
-import { useCurrentUser } from '@actiontech/shared/lib/features';
+import {
+  useCurrentUser,
+  usePermission,
+  PERMISSIONS
+} from '@actiontech/shared/lib/features';
 import dayjs, { Dayjs } from 'dayjs';
 import {
   WorkflowDetailActionMeta,
@@ -49,6 +53,22 @@ const useWorkflowDetailAction = ({
   const { t } = useTranslation();
   const [messageApi, messageContextHolder] = message.useMessage();
   const { username } = useCurrentUser();
+  const { checkActionDisabledByBWP } = usePermission();
+  const isWorkflowRejectBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_REJECT
+  );
+
+  const isWorkflowManuallyExecBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.MANUALLY_EXEC
+  );
+
+  const isWorkflowBatchExecBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.BATCH_EXEC
+  );
+
+  const isWorkflowApproveBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.APPROVE
+  );
 
   const currentStep = useMemo(() => {
     return workflowInfo?.record?.workflow_step_list?.find(
@@ -335,22 +355,26 @@ const useWorkflowDetailAction = ({
     auditPassWorkflowButtonMeta: {
       action: auditPassWorkflow,
       loading: passLoading,
-      hidden: !auditWorkflowButtonVisibility
+      hidden: !auditWorkflowButtonVisibility,
+      disabled: isWorkflowApproveBWPDisabled
     },
     rejectWorkflowButtonMeta: {
       action: rejectWorkflow,
       loading: rejectLoading,
-      hidden: !rejectWorkflowButtonVisibility
+      hidden: !rejectWorkflowButtonVisibility,
+      disabled: isWorkflowRejectBWPDisabled
     },
     batchExecutingWorkflowButtonMeta: {
       action: executingWorkflow,
       loading: executingLoading,
-      hidden: !executingButtonVisibility
+      hidden: !executingButtonVisibility,
+      disabled: isWorkflowBatchExecBWPDisabled
     },
     manualExecuteWorkflowButtonMeta: {
       action: completeWorkflow,
       loading: completeLoading,
-      hidden: !manualExecuteButtonVisibility
+      hidden: !manualExecuteButtonVisibility,
+      disabled: isWorkflowManuallyExecBWPDisabled
     },
     terminateWorkflowButtonMeta: {
       action: terminateWorkflow,
diff --git a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/index.type.ts b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/index.type.ts
index 17abdd7fe..e6fb2feaa 100644
--- a/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/index.type.ts
+++ b/packages/sqle/src/page/SqlExecWorkflow/Detail/components/PageHeaderExtra/index.type.ts
@@ -29,4 +29,5 @@ export type WorkflowDetailActionMeta = {
   action: (val?: string) => Promise<void> | undefined;
   loading: boolean;
   hidden: boolean;
+  disabled?: boolean;
 };
diff --git a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/actions.tsx b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/actions.tsx
index 15eb3448f..254aaf940 100644
--- a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/actions.tsx
+++ b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/actions.tsx
@@ -12,7 +12,7 @@ import {
   ActiontechTableToolbarActionMeta
 } from '@actiontech/dms-kit/es/components/ActiontechTable';
 
-export const SqlManagementRowAction = (
+export const sqlManagementRowAction = (
   openModal: (name: ModalName, row?: ISqlManage) => void,
   jumpToAnalyze: (
     sqlManageID: string,
@@ -26,7 +26,10 @@ export const SqlManagementRowAction = (
     requiredPermission: PermissionsConstantType
   ) => boolean,
   onPushToCoding: (batch: boolean, record?: ISqlManage) => void,
-  username: string
+  username: string,
+  checkActionDisabledByBWP: (
+    requiredPermission: PermissionsConstantType
+  ) => boolean
 ): ActiontechTableActionsConfig<ISqlManage> => {
   const getWidth = () => {
     return language === SupportLanguage.enUS
@@ -44,7 +47,10 @@ export const SqlManagementRowAction = (
           return {
             onClick: () => {
               openModal(ModalName.Assignment_Member_Single, record);
-            }
+            },
+            disabled: checkActionDisabledByBWP(
+              PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.ASSIGNMENT
+            )
           };
         },
         permissions: (record) => {
@@ -64,7 +70,10 @@ export const SqlManagementRowAction = (
           return {
             onClick: () => {
               openModal(ModalName.Change_Status_Single, record);
-            }
+            },
+            disabled: checkActionDisabledByBWP(
+              PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_STATUS
+            )
           };
         },
         permissions: (record) => {
@@ -85,6 +94,9 @@ export const SqlManagementRowAction = (
         onClick: (record) => {
           openModal(ModalName.Change_SQL_Priority, record);
         },
+        disabled: checkActionDisabledByBWP(
+          PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.UPDATE_PRIORITY
+        ),
         permissions: (record) => {
           return (
             (checkActionPermission(
@@ -140,13 +152,16 @@ export const SqlManagementRowAction = (
               record?.assignees?.includes(username)) ??
             false
           );
-        }
+        },
+        disabled: checkActionDisabledByBWP(
+          PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT.PUSH_TO_CODING
+        )
       }
     ]
   };
 };
 
-export const SqlManagementTableToolbarActions = (
+export const sqlManagementTableToolbarActions = (
   disabled: boolean,
   batchSolveLoading: boolean,
   batchIgnoreLoading: boolean,
diff --git a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/column.tsx b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/column.tsx
index 0fc8308be..0764712fa 100644
--- a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/column.tsx
+++ b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/column.tsx
@@ -100,7 +100,7 @@ export const ExtraFilterMeta: () => ActiontechTableFilterMeta<
     ]
   ]);
 };
-const SqlManagementColumn: (
+const sqlManagementColumn: (
   projectID: string,
   updateRemark: (id: number, remark: string) => void,
   openModal: (name: ModalName, row?: ISqlManage) => void,
@@ -386,4 +386,4 @@ const SqlManagementColumn: (
     }
   ];
 };
-export default SqlManagementColumn;
+export default sqlManagementColumn;
diff --git a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/index.tsx b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/index.tsx
index 28258a03a..7e98d889d 100644
--- a/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/index.tsx
+++ b/packages/sqle/src/page/SqlManagement/component/SQLEEIndex/index.tsx
@@ -36,14 +36,14 @@ import {
   exportSqlManageV2FilterStatusEnum,
   exportSqlManageV2ExportFormatEnum
 } from '@actiontech/shared/lib/api/sqle/service/SqlManage/index.enum';
-import SqlManagementColumn, {
+import sqlManagementColumn, {
   ExtraFilterMeta,
   ExtraFilterMetaType,
   type SqlManagementTableFilterParamType
 } from './column';
 import {
-  SqlManagementRowAction,
-  SqlManagementTableToolbarActions
+  sqlManagementRowAction,
+  sqlManagementTableToolbarActions
 } from './actions';
 import { ModalName } from '../../../../data/ModalName';
 import { SorterResult, TableRowSelection } from 'antd/es/table/interface';
@@ -73,7 +73,7 @@ const SQLEEIndex = () => {
   const { t } = useTranslation();
   const extractQueries = useTypedQuery();
   const [messageApi, messageContextHolder] = message.useMessage();
-  const { checkActionPermission } = usePermission();
+  const { checkActionPermission, checkActionDisabledByBWP } = usePermission();
   // api
   const { projectID, projectName } = useCurrentProject();
   const { username, userId, language } = useCurrentUser();
@@ -277,7 +277,7 @@ const SQLEEIndex = () => {
     [updateModalStatus, setBatchSelectData, selectedRowData]
   );
   const actions = useMemo(() => {
-    return SqlManagementRowAction(
+    return sqlManagementRowAction(
       openModal,
       jumpToAnalyze,
       onCreateSqlManagementException,
@@ -285,7 +285,8 @@ const SQLEEIndex = () => {
       language,
       checkActionPermission,
       onPushToCoding,
-      username
+      username,
+      checkActionDisabledByBWP
     );
   }, [
     jumpToAnalyze,
@@ -295,7 +296,8 @@ const SQLEEIndex = () => {
     language,
     checkActionPermission,
     onPushToCoding,
-    username
+    username,
+    checkActionDisabledByBWP
   ]);
   const updateRemarkProtect = useRef(false);
   const updateRemark = useCallback(
@@ -322,7 +324,7 @@ const SQLEEIndex = () => {
   );
   const columns = useMemo(
     () =>
-      SqlManagementColumn(
+      sqlManagementColumn(
         projectID,
         updateRemark,
         openModal,
@@ -442,7 +444,7 @@ const SQLEEIndex = () => {
     const isCertainAssignees =
       sqlList?.list?.some((item) => item?.assignees?.includes(username)) ??
       false;
-    return SqlManagementTableToolbarActions(
+    return sqlManagementTableToolbarActions(
       isDisabled,
       batchSolveLoading,
       batchIgnoreLoading,
diff --git a/packages/sqle/src/page/SqlManagementConf/List/__tests__/index.test.tsx b/packages/sqle/src/page/SqlManagementConf/List/__tests__/index.test.tsx
index 338c642e5..966e502cb 100644
--- a/packages/sqle/src/page/SqlManagementConf/List/__tests__/index.test.tsx
+++ b/packages/sqle/src/page/SqlManagementConf/List/__tests__/index.test.tsx
@@ -3,10 +3,7 @@ import { cleanup, act, screen, fireEvent } from '@testing-library/react';
 import { mockUseCurrentProject } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentProject';
 import { mockUseCurrentUser } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentUser';
 import { mockUseDbServiceDriver } from '@actiontech/shared/lib/testUtil/mockHook/mockUseDbServiceDriver';
-import {
-  mockProjectInfo,
-  mockUseUserOperationPermissionData
-} from '@actiontech/shared/lib/testUtil/mockHook/data';
+import { mockProjectInfo } from '@actiontech/shared/lib/testUtil/mockHook/data';
 import instanceAuditPlan from '@actiontech/shared/lib/testUtil/mockApi/sqle/instanceAuditPlan';
 import { mockInstanceAuditPlanListData } from '@actiontech/shared/lib/testUtil/mockApi/sqle/instanceAuditPlan/data';
 import { sqleSuperRender } from '../../../../testUtils/superRender';
@@ -23,11 +20,176 @@ import {
 import instance from '@actiontech/shared/lib/testUtil/mockApi/sqle/instance';
 import { InstanceAuditPlanStatusEnum } from '../index.enum';
 import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
+import usePermission from '@actiontech/shared/lib/features/usePermission/usePermission';
 import {
   AuditPlanTypeResBaseActiveStatusEnum,
   AuditPlanTypeResBaseLastCollectionStatusEnum
 } from '@actiontech/shared/lib/api/sqle/service/common.enum';
 import project from '@actiontech/shared/lib/testUtil/mockApi/base/project';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
+import type { ActiontechTableActionsWithPermissions } from '@actiontech/shared/lib/features';
+import type { IInstanceAuditPlanResV1 } from '@actiontech/shared/lib/api/sqle/service/common';
+import type { PermissionsConstantType } from '@actiontech/shared/lib/features/usePermission/permissions';
+import type { CheckActionPermissionOtherValues } from '@actiontech/shared/lib/features/usePermission/index.type';
+import type { ActiontechTableProps } from '@actiontech/dms-kit/es/components/ActiontechTable';
+
+type Row = IInstanceAuditPlanResV1;
+
+type CheckActionPermFn = (
+  permission: PermissionsConstantType,
+  other?: CheckActionPermissionOtherValues<Row>
+) => boolean;
+
+type CheckBwpFn = (
+  permission: PermissionsConstantType,
+  other?: { record?: Record<string, string> }
+) => boolean;
+
+/** 与 usePermission.parse2TableActionPermissions 对齐的简化实现，供 spy mock 注入 */
+function mergeActionButtonPropsWithBWPDisabled(
+  buttonProps: ((record?: Row) => Record<string, any>) | undefined,
+  bwpDisabled: boolean | ((record?: Row) => boolean)
+): ((record?: Row) => Record<string, any>) | undefined {
+  if (typeof bwpDisabled === 'function') {
+    if (typeof buttonProps === 'function') {
+      return (record?: Row) => {
+        const disabled = bwpDisabled(record);
+        return disabled
+          ? { ...buttonProps(record), disabled: true }
+          : buttonProps(record);
+      };
+    }
+    return (record?: Row) => {
+      const disabled = bwpDisabled(record);
+      return disabled ? { disabled: true } : {};
+    };
+  }
+  if (!bwpDisabled) return buttonProps;
+  if (typeof buttonProps === 'function') {
+    return (record?: Row) => ({
+      ...buttonProps(record),
+      disabled: true
+    });
+  }
+  return () => ({ disabled: true });
+}
+
+function createMockParse2TableActionPermissions(
+  checkActionPermission: CheckActionPermFn,
+  checkActionDisabledByBWP: CheckBwpFn = () => false
+) {
+  return (
+    actions: ActiontechTableActionsWithPermissions<Row>
+  ): ActiontechTableProps<Row>['actions'] => {
+    if (Array.isArray(actions)) {
+      return actions.map((item) => {
+        const bwpDisabledFn = item.permissions
+          ? (record?: Row) =>
+              checkActionDisabledByBWP(item.permissions!, {
+                record: record as unknown as Record<string, string>
+              })
+          : false;
+        return {
+          ...item,
+          permissions: item.permissions
+            ? (record) =>
+                checkActionPermission(item.permissions!, {
+                  record
+                })
+            : undefined,
+          buttonProps: mergeActionButtonPropsWithBWPDisabled(
+            item.buttonProps as (r?: Row) => Record<string, any>,
+            bwpDisabledFn
+          )
+        };
+      }) as ActiontechTableProps<Row>['actions'];
+    }
+
+    const parseActionMoreButtons = (
+      moreButtons: typeof actions.moreButtons
+    ) => {
+      if (typeof moreButtons === 'function') {
+        return (record: Row) =>
+          moreButtons(record).map((item) => {
+            const bwpDisabled = item.permissions
+              ? checkActionDisabledByBWP(item.permissions!, {
+                  record: record as unknown as Record<string, string>
+                })
+              : false;
+            const itemDisabled = item.disabled;
+            return {
+              ...item,
+              permissions: item.permissions
+                ? (data: Row) =>
+                    checkActionPermission(item.permissions!, {
+                      record: data
+                    })
+                : undefined,
+              disabled:
+                typeof itemDisabled === 'function'
+                  ? (data?: Row) =>
+                      (item.permissions
+                        ? checkActionDisabledByBWP(item.permissions!, {
+                            record: data as unknown as Record<string, string>
+                          })
+                        : false) || !!itemDisabled(data)
+                  : bwpDisabled || !!itemDisabled
+            };
+          });
+      }
+      return moreButtons?.map((item) => {
+        const bwpDisabled = item.permissions
+          ? checkActionDisabledByBWP(item.permissions)
+          : false;
+        const itemDisabled = item.disabled;
+        return {
+          ...item,
+          permissions: item.permissions
+            ? (record: Row) =>
+                checkActionPermission(item.permissions!, {
+                  record
+                })
+            : undefined,
+          disabled:
+            typeof itemDisabled === 'function'
+              ? (data?: Row) =>
+                  (item.permissions
+                    ? checkActionDisabledByBWP(item.permissions!, {
+                        record: data as unknown as Record<string, string>
+                      })
+                    : false) || !!itemDisabled(data)
+              : bwpDisabled || !!itemDisabled
+        };
+      });
+    };
+
+    return {
+      ...actions,
+      buttons: actions.buttons.map((item) => {
+        const bwpDisabledFn = item.permissions
+          ? (record?: Row) =>
+              checkActionDisabledByBWP(item.permissions!, {
+                record: record as unknown as Record<string, string>
+              })
+          : false;
+        return {
+          ...item,
+          permissions: item.permissions
+            ? (record) =>
+                checkActionPermission(item.permissions!, {
+                  record
+                })
+            : undefined,
+          buttonProps: mergeActionButtonPropsWithBWPDisabled(
+            item.buttonProps as (r?: Row) => Record<string, any>,
+            bwpDisabledFn
+          )
+        };
+      }),
+      moreButtons: parseActionMoreButtons(actions.moreButtons)
+    } as ActiontechTableProps<Row>['actions'];
+  };
+}
 
 jest.mock('react-redux', () => {
   return {
@@ -278,8 +440,11 @@ describe('test sqle/SqlManagementConf/List', () => {
     await act(async () => jest.advanceTimersByTime(3000));
     fireEvent.click(getBySelector('.actiontech-table-actions-more-button'));
     await act(async () => jest.advanceTimersByTime(100));
-    expect(screen.getByText('停用')).toBeVisible();
-    fireEvent.click(screen.getByText('停用').closest('div')!);
+    const stopInMoreMenu = screen.getByText('停用', {
+      selector: '.more-button-item-text'
+    });
+    expect(stopInMoreMenu).toBeVisible();
+    fireEvent.click(stopInMoreMenu);
     expect(
       screen.getByText('禁用后所有数据将不再更新，是否确认停用？')
     ).toBeInTheDocument();
@@ -311,8 +476,11 @@ describe('test sqle/SqlManagementConf/List', () => {
     await act(async () => jest.advanceTimersByTime(3000));
     fireEvent.click(getBySelector('.actiontech-table-actions-more-button'));
     await act(async () => jest.advanceTimersByTime(100));
-    expect(screen.getByText('启用')).toBeVisible();
-    fireEvent.click(screen.getByText('启用').closest('div')!);
+    const enableInMoreMenu = screen.getByText('启用', {
+      selector: '.more-button-item-text'
+    });
+    expect(enableInMoreMenu).toBeVisible();
+    fireEvent.click(enableInMoreMenu);
     await act(async () => jest.advanceTimersByTime(3000));
     expect(updateInstanceAuditPlanStatus).toHaveBeenCalledTimes(1);
     expect(updateInstanceAuditPlanStatus).toHaveBeenNthCalledWith(1, {
@@ -339,8 +507,11 @@ describe('test sqle/SqlManagementConf/List', () => {
     await act(async () => jest.advanceTimersByTime(3000));
     fireEvent.click(getBySelector('.actiontech-table-actions-more-button'));
     await act(async () => jest.advanceTimersByTime(100));
-    expect(screen.getByText('删除')).toBeVisible();
-    fireEvent.click(screen.getByText('删除').closest('div')!);
+    const deleteInMoreMenu = screen
+      .getAllByText('删除')
+      .find((el) => !!el.closest('.more-button-item-text'));
+    expect(deleteInMoreMenu).toBeTruthy();
+    fireEvent.click(deleteInMoreMenu!);
     expect(
       screen.getByText('删除后所有数据将不再保留，是否确认删除？')
     ).toBeInTheDocument();
@@ -354,4 +525,147 @@ describe('test sqle/SqlManagementConf/List', () => {
     });
     expect(screen.getByText('删除成功')).toBeInTheDocument();
   });
+
+  describe('permissions (mockUsePermission spy)', () => {
+    let permissionSpy: jest.SpyInstance | undefined;
+
+    afterEach(() => {
+      permissionSpy?.mockRestore();
+      permissionSpy = undefined;
+    });
+
+    const SqleConfPerms = PERMISSIONS.ACTIONS.SQLE.SQL_MANAGEMENT_CONF;
+
+    const setupPermissionMock = (
+      checkActionPermission: CheckActionPermFn,
+      checkActionDisabledByBWP: CheckBwpFn = () => false
+    ) => {
+      permissionSpy = mockUsePermission(
+        {
+          checkActionPermission: jest.fn(checkActionPermission),
+          checkActionDisabledByBWP: jest.fn(checkActionDisabledByBWP),
+          checkPagePermission: jest.fn().mockReturnValue(true),
+          parse2TableActionPermissions: createMockParse2TableActionPermissions(
+            checkActionPermission,
+            checkActionDisabledByBWP
+          )
+        } as Partial<ReturnType<typeof usePermission>>,
+        { useSpyOnMockHooks: true }
+      );
+    };
+
+    it('hides header create button when CREATE is denied', async () => {
+      setupPermissionMock((perm) => perm !== SqleConfPerms.CREATE);
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(
+        screen.queryByText('为数据源开启扫描任务')
+      ).not.toBeInTheDocument();
+      expect(screen.getByText('编 辑').closest('button')).toBeInTheDocument();
+    });
+
+    it('hides row edit button when EDIT is denied', async () => {
+      setupPermissionMock((perm) => perm !== SqleConfPerms.EDIT);
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(screen.queryByText('编 辑')).not.toBeInTheDocument();
+      expect(screen.getByText('为数据源开启扫描任务')).toBeInTheDocument();
+    });
+
+    it('hides stop action in more menu when STOP is denied', async () => {
+      setupPermissionMock((perm) => perm !== SqleConfPerms.STOP);
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      fireEvent.click(getBySelector('.actiontech-table-actions-more-button'));
+      await act(async () => jest.advanceTimersByTime(100));
+      expect(
+        screen.queryByText('停用', { selector: '.more-button-item-text' })
+      ).not.toBeInTheDocument();
+      expect(
+        screen
+          .getAllByText('删除')
+          .some((el) => !!el.closest('.more-button-item-text'))
+      ).toBe(true);
+    });
+
+    it('hides more menu when STOP, ENABLE and DELETE are all denied', async () => {
+      setupPermissionMock(
+        (perm) =>
+          perm !== SqleConfPerms.STOP &&
+          perm !== SqleConfPerms.ENABLE &&
+          perm !== SqleConfPerms.DELETE
+      );
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(
+        document.querySelector('.actiontech-table-actions-more-button')
+      ).toBeNull();
+      expect(screen.getByText('编 辑').closest('button')).toBeInTheDocument();
+    });
+
+    it('disables header create button when CREATE is allowed but blocked by BWP', async () => {
+      setupPermissionMock(
+        () => true,
+        (perm) => perm === SqleConfPerms.CREATE
+      );
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(
+        screen.getByText('为数据源开启扫描任务').closest('button')
+      ).toBeDisabled();
+    });
+
+    it('renders stop in more menu as disabled when STOP is blocked by BWP', async () => {
+      setupPermissionMock(
+        () => true,
+        (perm) => perm === SqleConfPerms.STOP
+      );
+      getInstanceAuditPlansSpy.mockClear();
+      getInstanceAuditPlansSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [mockInstanceAuditPlanListData[0]]
+        })
+      );
+      sqleSuperRender(<SqlManagementConfList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      fireEvent.click(getBySelector('.actiontech-table-actions-more-button'));
+      await act(async () => jest.advanceTimersByTime(100));
+      const stopLabel = screen.getByText('停用', {
+        selector: '.more-button-item-text'
+      });
+      expect(stopLabel.closest('.more-button-item')).toHaveClass(
+        'more-button-item-disabled'
+      );
+    });
+  });
 });
diff --git a/packages/sqle/src/page/VersionManagement/Detail/__tests__/index.test.tsx b/packages/sqle/src/page/VersionManagement/Detail/__tests__/index.test.tsx
index b7fad541d..1a75847b3 100644
--- a/packages/sqle/src/page/VersionManagement/Detail/__tests__/index.test.tsx
+++ b/packages/sqle/src/page/VersionManagement/Detail/__tests__/index.test.tsx
@@ -270,7 +270,6 @@ describe('sqle/VersionManagement/Detail', () => {
         [SystemRole.admin]: false,
         [SystemRole.auditAdministrator]: false,
         [SystemRole.systemAdministrator]: false,
-        [SystemRole.projectDirector]: false,
         [SystemRole.certainProjectManager]: false
       }
     });
diff --git a/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/__tests__/index.test.tsx b/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/__tests__/index.test.tsx
index c460bf8a5..866c8eb32 100644
--- a/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/__tests__/index.test.tsx
+++ b/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/__tests__/index.test.tsx
@@ -7,16 +7,32 @@ import {
   SqlVersionDetailResV1StatusEnum
 } from '@actiontech/shared/lib/api/sqle/service/common.enum';
 import { mockUseCurrentProject } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentProject';
+import { mockUseCurrentUser } from '@actiontech/shared/lib/testUtil/mockHook/mockUseCurrentUser';
+import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
 import { ReactFlowProvider } from '@xyflow/react';
 import { getBySelector } from '@actiontech/shared/lib/testUtil/customQuery';
 
+jest.mock('react-redux', () => {
+  return {
+    ...jest.requireActual('react-redux'),
+    useSelector: jest.fn()
+  };
+});
+
 describe('sqle/VersionManagement/Detail/StageNode', () => {
+  let permissionSpy: jest.SpyInstance | undefined;
+
   beforeEach(() => {
     jest.useFakeTimers();
     mockUseCurrentProject();
+    mockUseCurrentUser();
+    mockUsePermission(undefined, { mockSelector: true });
   });
 
   afterEach(() => {
+    permissionSpy?.mockRestore();
+    permissionSpy = undefined;
     jest.useRealTimers();
     cleanup();
   });
@@ -162,4 +178,89 @@ describe('sqle/VersionManagement/Detail/StageNode', () => {
     await act(async () => jest.advanceTimersByTime(0));
     expect(offlineExecuteSpy).toHaveBeenCalledTimes(1);
   });
+
+  describe('BWP (mockUsePermission spy)', () => {
+    it('disables first-stage workflow buttons when VERSION_MANAGEMENT.ADD is blocked by BWP', async () => {
+      permissionSpy = mockUsePermission(
+        {
+          checkActionDisabledByBWP: jest
+            .fn()
+            .mockImplementation(
+              (perm: string) =>
+                perm === PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.ADD
+            )
+        },
+        { useSpyOnMockHooks: true }
+      );
+      const { baseElement } = customRender({
+        isFirstStage: true,
+        isLastStage: false
+      });
+      expect(baseElement).toBeTruthy();
+      expect(screen.getByText('添加已有工单').closest('button')).toBeDisabled();
+      expect(
+        screen.getByText('创建新工单').closest('button')
+      ).not.toBeDisabled();
+    });
+
+    it('disables create workflow when SQL_EXEC_WORKFLOW.CREATE is blocked by BWP', async () => {
+      permissionSpy = mockUsePermission(
+        {
+          checkActionDisabledByBWP: jest
+            .fn()
+            .mockImplementation(
+              (perm: string) =>
+                perm === PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CREATE
+            )
+        },
+        { useSpyOnMockHooks: true }
+      );
+      customRender({
+        isFirstStage: true,
+        isLastStage: false
+      });
+      expect(
+        screen.getByText('添加已有工单').closest('button')
+      ).not.toBeDisabled();
+      expect(screen.getByText('创建新工单').closest('button')).toBeDisabled();
+    });
+
+    it('disables failed-workflow retry and offline buttons when VERSION_MANAGEMENT.EDIT is blocked by BWP', async () => {
+      permissionSpy = mockUsePermission(
+        {
+          checkActionDisabledByBWP: jest
+            .fn()
+            .mockImplementation(
+              (perm: string) =>
+                perm === PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT
+            )
+        },
+        { useSpyOnMockHooks: true }
+      );
+      customRender({
+        isFirstStage: true,
+        isLastStage: false,
+        workflowList: [
+          {
+            workflow_name: 'DEV1_20241021103951',
+            workflow_id: '12345678',
+            workflow_sequence: 1,
+            status: WorkflowDetailWithInstanceStatusEnum.exec_failed,
+            workflow_exec_time: '2024-10-21T14:42:42.348+08:00',
+            workflow_instances: [
+              {
+                instances_id: '123456',
+                instances_name: 'DEV1',
+                instance_schema: 'test'
+              }
+            ]
+          }
+        ],
+        onRetry: jest.fn(),
+        onOfflineExecute: jest.fn()
+      });
+      expect(screen.getByText('修改工单').closest('button')).toBeDisabled();
+      expect(screen.getByText('已线下执行').closest('button')).toBeDisabled();
+    });
+  });
 });
diff --git a/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/index.tsx b/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/index.tsx
index 96e42437a..6e36f7998 100644
--- a/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/index.tsx
+++ b/packages/sqle/src/page/VersionManagement/Detail/components/StageNode/index.tsx
@@ -4,7 +4,11 @@ import { BasicTypographyEllipsis, TypedLink } from '@actiontech/shared';
 import { Card, Space, Typography } from 'antd';
 import type { Node, NodeProps } from '@xyflow/react';
 import { StageNodeStyleWrapper } from '../../style';
-import { useCurrentProject } from '@actiontech/shared/lib/features';
+import {
+  useCurrentProject,
+  usePermission,
+  PERMISSIONS
+} from '@actiontech/shared/lib/features';
 import { useTranslation } from 'react-i18next';
 import classNames from 'classnames';
 import WorkflowStatus from '../../../../SqlExecWorkflow/List/components/WorkflowStatus';
@@ -32,6 +36,16 @@ const StageNode: React.FC<NodeProps<Node<StageNodeData>>> = ({
   } = data;
   const { t } = useTranslation();
   const { projectID } = useCurrentProject();
+  const { checkActionDisabledByBWP } = usePermission();
+  const isVersionEditBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT
+  );
+  const isVersionAddBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.ADD
+  );
+  const isWorkflowCreateBWPDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.SQL_EXEC_WORKFLOW.CREATE
+  );
   const displayWorkflow = useMemo(() => {
     // 版本初始化不存在工单时 统一展示一个空占位
     if (!workflowList?.length) {
@@ -99,6 +113,7 @@ const StageNode: React.FC<NodeProps<Node<StageNodeData>>> = ({
                     <BasicButton
                       size="small"
                       onClick={() => onRetry?.(workflow?.workflow_id ?? '')}
+                      disabled={isVersionEditBWPDisabled}
                     >
                       {t('versionManagement.stageNode.updateInfo')}
                     </BasicButton>
@@ -107,6 +122,7 @@ const StageNode: React.FC<NodeProps<Node<StageNodeData>>> = ({
                       onClick={() =>
                         onOfflineExecute?.(workflow.workflow_id ?? '')
                       }
+                      disabled={isVersionEditBWPDisabled}
                     >
                       {t('versionManagement.stageNode.offlineExecuted')}
                     </BasicButton>
@@ -120,14 +136,20 @@ const StageNode: React.FC<NodeProps<Node<StageNodeData>>> = ({
           <BasicButton
             type="primary"
             onClick={() => onAssociateWorkflow?.(data.stageId ?? 0)}
-            disabled={versionStatus === SqlVersionDetailResV1StatusEnum.locked}
+            disabled={
+              isVersionAddBWPDisabled ||
+              versionStatus === SqlVersionDetailResV1StatusEnum.locked
+            }
           >
             {t('versionManagement.stageNode.addExistingWorkflow')}
           </BasicButton>
           <BasicButton
             type="primary"
             onClick={onCreateNewWorkflow}
-            disabled={versionStatus === SqlVersionDetailResV1StatusEnum.locked}
+            disabled={
+              isWorkflowCreateBWPDisabled ||
+              versionStatus === SqlVersionDetailResV1StatusEnum.locked
+            }
           >
             {t('versionManagement.stageNode.createWorkflow')}
           </BasicButton>
diff --git a/packages/sqle/src/page/VersionManagement/List/__tests__/index.test.tsx b/packages/sqle/src/page/VersionManagement/List/__tests__/index.test.tsx
index 2b9ebee01..55f3e15c9 100644
--- a/packages/sqle/src/page/VersionManagement/List/__tests__/index.test.tsx
+++ b/packages/sqle/src/page/VersionManagement/List/__tests__/index.test.tsx
@@ -10,6 +10,7 @@ import { getAllBySelector } from '@actiontech/shared/lib/testUtil/customQuery';
 import { createSpySuccessResponse } from '@actiontech/shared/lib/testUtil/mockApi';
 import { useNavigate } from 'react-router-dom';
 import { mockUsePermission } from '@actiontech/shared/lib/testUtil/mockHook/mockUsePermission';
+import { PERMISSIONS } from '@actiontech/shared/lib/features';
 
 jest.mock('react-router-dom', () => ({
   ...jest.requireActual('react-router-dom'),
@@ -143,4 +144,61 @@ describe('sqle/VersionManagement/List', () => {
     await act(async () => jest.advanceTimersByTime(3000));
     expect(getSqlVersionListSpy).toHaveBeenCalledTimes(2);
   });
+
+  describe('checkActionPermission granular', () => {
+    it('hides add version in header when ADD is denied', async () => {
+      checkActionPermissionSpy.mockImplementation(
+        (perm) => perm !== PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.ADD
+      );
+      sqleSuperRender(<VersionManagementList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(getSqlVersionListSpy).toHaveBeenCalled();
+      expect(screen.queryByText('添加版本')).not.toBeInTheDocument();
+    });
+
+    it('hides edit when EDIT is denied for releasing row', async () => {
+      checkActionPermissionSpy.mockImplementation(
+        (perm) => perm !== PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT
+      );
+      getSqlVersionListSpy.mockClear();
+      getSqlVersionListSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [firstMockVersion]
+        })
+      );
+      sqleSuperRender(<VersionManagementList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(screen.queryByText('编 辑')).not.toBeInTheDocument();
+    });
+
+    it('hides lock when LOCK is denied', async () => {
+      checkActionPermissionSpy.mockImplementation(
+        (perm) => perm !== PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.LOCK
+      );
+      getSqlVersionListSpy.mockClear();
+      getSqlVersionListSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [firstMockVersion]
+        })
+      );
+      sqleSuperRender(<VersionManagementList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(screen.queryByText('锁 定')).not.toBeInTheDocument();
+    });
+
+    it('hides delete when DELETE is denied', async () => {
+      checkActionPermissionSpy.mockImplementation(
+        (perm) => perm !== PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DELETE
+      );
+      getSqlVersionListSpy.mockClear();
+      getSqlVersionListSpy.mockImplementation(() =>
+        createSpySuccessResponse({
+          data: [firstMockVersion]
+        })
+      );
+      sqleSuperRender(<VersionManagementList />);
+      await act(async () => jest.advanceTimersByTime(3000));
+      expect(screen.queryByText('删 除')).not.toBeInTheDocument();
+    });
+  });
 });
diff --git a/packages/sqle/src/page/VersionManagement/List/action.tsx b/packages/sqle/src/page/VersionManagement/List/action.tsx
index a2db373eb..487bd7cba 100644
--- a/packages/sqle/src/page/VersionManagement/List/action.tsx
+++ b/packages/sqle/src/page/VersionManagement/List/action.tsx
@@ -11,7 +11,7 @@ import { SqlVersionResV1StatusEnum } from '@actiontech/shared/lib/api/sqle/servi
 import { ActiontechTableActionsConfig } from '@actiontech/dms-kit/es/components/ActiontechTable/index.type';
 import { PlusOutlined } from '@actiontech/icons';
 import { ROUTE_PATHS } from '@actiontech/dms-kit';
-export const VersionManagementPageHeaderActions = (
+export const versionManagementPageHeaderActions = (
   projectID: string
 ): Record<'add', ReactNode> => {
   return {
@@ -35,24 +35,36 @@ export const VersionManagementPageHeaderActions = (
     )
   };
 };
-export const VersionManagementTableActions = ({
+export const versionManagementTableActions = ({
   onEdit,
   onDelete,
   onLock,
-  checkActionPermission
+  checkActionPermission,
+  checkActionDisabledByBWP
 }: {
   onEdit: (id?: number) => void;
   onDelete: (id?: number) => void;
   onLock: (id?: number) => void;
   checkActionPermission: (permission: PermissionsConstantType) => boolean;
+  checkActionDisabledByBWP: (permission: PermissionsConstantType) => boolean;
 }): ActiontechTableActionsConfig<ISqlVersionResV1> => {
+  const editBwpDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.EDIT
+  );
+  const lockBwpDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.LOCK
+  );
+  const deleteBwpDisabled = checkActionDisabledByBWP(
+    PERMISSIONS.ACTIONS.SQLE.VERSION_MANAGEMENT.DELETE
+  );
   return {
     buttons: [
       {
         key: 'edit-button',
         text: t('common.edit'),
         buttonProps: (record) => ({
-          onClick: () => onEdit(record?.version_id)
+          onClick: () => onEdit(record?.version_id),
+          disabled: editBwpDisabled
         }),
         permissions: (record) =>
           record?.status === SqlVersionResV1StatusEnum.is_being_released &&
@@ -67,6 +79,9 @@ export const VersionManagementTableActions = ({
           title: t('versionManagement.list.action.lockConfirm'),
           onConfirm: () => onLock(record?.version_id)
         }),
+        buttonProps: () => ({
+          disabled: lockBwpDisabled
+        }),
         permissions: (record) =>
           !!record?.lockable &&
           record?.status !== SqlVersionResV1StatusEnum.locked &&
@@ -78,7 +93,8 @@ export const VersionManagementTableActions = ({
         key: 'delete-button',
         text: t('common.delete'),
         buttonProps: () => ({
-          danger: true
+          danger: true,
+          disabled: deleteBwpDisabled
         }),
         confirm: (record) => ({
           title: t('versionManagement.list.action.deleteConfirm'),
diff --git a/packages/sqle/src/page/VersionManagement/List/column.tsx b/packages/sqle/src/page/VersionManagement/List/column.tsx
index e1da1ec72..1420426aa 100644
--- a/packages/sqle/src/page/VersionManagement/List/column.tsx
+++ b/packages/sqle/src/page/VersionManagement/List/column.tsx
@@ -15,7 +15,7 @@ export type VersionManagementTableFilterParamType = PageInfoWithoutIndexAndSize<
   'project_name'
 >;
 
-export const VersionManagementTableColumns: (
+export const versionManagementTableColumns: (
   projectID: string
 ) => ActiontechTableColumn<
   ISqlVersionResV1,
diff --git a/packages/sqle/src/page/VersionManagement/List/index.tsx b/packages/sqle/src/page/VersionManagement/List/index.tsx
index 3c7c85124..0af0ecf1a 100644
--- a/packages/sqle/src/page/VersionManagement/List/index.tsx
+++ b/packages/sqle/src/page/VersionManagement/List/index.tsx
@@ -7,7 +7,7 @@ import {
 } from '@actiontech/shared/lib/features';
 import {
   VersionManagementTableFilterParamType,
-  VersionManagementTableColumns
+  versionManagementTableColumns
 } from './column';
 import { useRequest } from 'ahooks';
 import {
@@ -25,14 +25,14 @@ import { IGetSqlVersionListV1Params } from '@actiontech/shared/lib/api/sqle/serv
 import { ResponseCode } from '@actiontech/dms-kit';
 import { ROUTE_PATHS } from '@actiontech/dms-kit';
 import {
-  VersionManagementPageHeaderActions,
-  VersionManagementTableActions
+  versionManagementPageHeaderActions,
+  versionManagementTableActions
 } from './action';
 const VersionManagementList = () => {
   const { t } = useTranslation();
   const navigate = useTypedNavigate();
   const { projectID, projectName } = useCurrentProject();
-  const { checkActionPermission } = usePermission();
+  const { checkActionPermission, checkActionDisabledByBWP } = usePermission();
   const [messageApi, messageContextHolder] = message.useMessage();
   const {
     tableFilterInfo,
@@ -69,7 +69,7 @@ const VersionManagementList = () => {
   );
   const { filterButtonMeta, filterContainerMeta, updateAllSelectedFilterItem } =
     useTableFilterContainer(
-      VersionManagementTableColumns(projectID),
+      versionManagementTableColumns(projectID),
       updateTableFilterInfo
     );
   const onEdit = (id?: number) => {
@@ -118,7 +118,7 @@ const VersionManagementList = () => {
         hide();
       });
   };
-  const pageHeaderActions = VersionManagementPageHeaderActions(projectID);
+  const pageHeaderActions = versionManagementPageHeaderActions(projectID);
   return (
     <>
       {messageContextHolder}
@@ -156,15 +156,16 @@ const VersionManagementList = () => {
         pagination={{
           total: versionData?.total ?? 0
         }}
-        columns={VersionManagementTableColumns(projectID)}
+        columns={versionManagementTableColumns(projectID)}
         loading={loading}
         errorMessage={requestErrorMessage}
         onChange={tableChange}
-        actions={VersionManagementTableActions({
+        actions={versionManagementTableActions({
           onEdit,
           onDelete,
           onLock,
-          checkActionPermission
+          checkActionPermission,
+          checkActionDisabledByBWP
         })}
         scroll={{}}
       />