diff --git a/lib/core/conf/conf.go b/lib/core/conf/conf.go
index 9ef98a0b..506c66a1 100644
--- a/lib/core/conf/conf.go
+++ b/lib/core/conf/conf.go
@@ -42,7 +42,7 @@ func IsAdmin(userID string) bool {
 	}
 	// 从本地配置获取user信息
 	// admins := Get("user.adminList").([]any)
-	admins := []string{"1"}
+	admins := []string{"1", "2", "3"}
 	for _, s := range admins {
 		if s == userID {
 			return true
diff --git a/lib/midware/authorize.go b/lib/midware/authorize.go
index ce62320f..12d9ca9b 100644
--- a/lib/midware/authorize.go
+++ b/lib/midware/authorize.go
@@ -118,7 +118,7 @@ func verifyRolePermission(roles, perms []string, options map[string][]string) bo
 
 	// 同时判断 含有其中
 	if opts[0] && opts[1] {
-		return hasRole && hasPerms
+		return hasRole || hasPerms
 	}
 	// 同时判断 匹配其中
 	if opts[2] && opts[3] {
diff --git a/lib/routes/routes.go b/lib/routes/routes.go
index 2047bca3..387b9500 100644
--- a/lib/routes/routes.go
+++ b/lib/routes/routes.go
@@ -61,43 +61,61 @@ func init() {
 	Register("GET", state.CustomUriLicenseInfoAll, state.GetAllLicenseInfoFromNF, nil)
 	Register("GET", state.CustomUriLicenseInfoOne, state.GetOneLicenseInfoFromNF, nil)
 
+	// 数据库直连操作权限
+	selectPermission := midware.Authorize(map[string][]string{
+		"hasRoles": {"dba"},
+		"hasPerms": {"db:select"},
+	})
+	updatePermission := midware.Authorize(map[string][]string{
+		"hasRoles": {"dba"},
+		"hasPerms": {"db:update"},
+	})
+	insertPermission := midware.Authorize(map[string][]string{
+		"hasRoles": {"dba"},
+		"hasPerms": {"db:insert"},
+	})
+	deletePermission := midware.Authorize(map[string][]string{
+		"hasRoles": {"dba"},
+		"hasPerms": {"db:delete"},
+	})
+
 	// database management
-	Register("GET", dbrest.XormGetDataUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("GET", dbrest.XormSelectDataUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.XormInsertDataUri, dbrest.DatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.XormUpdateDataUri, dbrest.DatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.XormDeleteDataUri, dbrest.DatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.XormGetDataUri, dbrest.DatabaseGetData, selectPermission)
+	Register("GET", dbrest.XormSelectDataUri, dbrest.DatabaseGetData, selectPermission)
+	Register("POST", dbrest.XormInsertDataUri, dbrest.DatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.XormUpdateDataUri, dbrest.DatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.XormDeleteDataUri, dbrest.DatabaseDeleteData, deletePermission)
 
-	Register("GET", dbrest.CustomXormGetDataUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("GET", dbrest.CustomXormSelectDataUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.CustomXormInsertDataUri, dbrest.DatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.CustomXormUpdateDataUri, dbrest.DatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.CustomXormDeleteDataUri, dbrest.DatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.CustomXormGetDataUri, dbrest.DatabaseGetData, selectPermission)
+	Register("GET", dbrest.CustomXormSelectDataUri, dbrest.DatabaseGetData, selectPermission)
+	Register("POST", dbrest.CustomXormInsertDataUri, dbrest.DatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.CustomXormUpdateDataUri, dbrest.DatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.CustomXormDeleteDataUri, dbrest.DatabaseDeleteData, deletePermission)
 
-	Register("GET", dbrest.XormCommonUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.XormCommonUri, dbrest.DatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.XormCommonUri, dbrest.DatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.XormCommonUri, dbrest.DatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.XormCommonUri, dbrest.DatabaseGetData, selectPermission)
+	Register("POST", dbrest.XormCommonUri, dbrest.DatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.XormCommonUri, dbrest.DatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.XormCommonUri, dbrest.DatabaseDeleteData, deletePermission)
 
 	Register("GET", dbrest.XormDatabaseUri, dbrest.TaskDatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.XormDatabaseUri, dbrest.TaskDatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.XormDatabaseUri, dbrest.TaskDatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.XormDatabaseUri, dbrest.TaskDatabaseDeleteData, midware.CheckPermission)
+	Register("POST", dbrest.XormDatabaseUri, dbrest.TaskDatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.XormDatabaseUri, dbrest.TaskDatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.XormDatabaseUri, dbrest.TaskDatabaseDeleteData, deletePermission)
 
-	Register("GET", dbrest.CustomXormCommonUri, dbrest.DatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.CustomXormCommonUri, dbrest.DatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.CustomXormCommonUri, dbrest.DatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.CustomXormCommonUri, dbrest.DatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.CustomXormCommonUri, dbrest.DatabaseGetData, selectPermission)
+	Register("POST", dbrest.CustomXormCommonUri, dbrest.DatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.CustomXormCommonUri, dbrest.DatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.CustomXormCommonUri, dbrest.DatabaseDeleteData, deletePermission)
 
-	Register("GET", dbrest.XormExtDataUri, dbrest.ExtDatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.XormExtDataUri, dbrest.ExtDatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.XormExtDataUri, dbrest.ExtDatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.XormExtDataUri, dbrest.ExtDatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.XormExtDataUri, dbrest.ExtDatabaseGetData, selectPermission)
+	Register("POST", dbrest.XormExtDataUri, dbrest.ExtDatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.XormExtDataUri, dbrest.ExtDatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.XormExtDataUri, dbrest.ExtDatabaseDeleteData, deletePermission)
 
-	Register("GET", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseGetData, midware.CheckPermission)
-	Register("POST", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseInsertData, midware.CheckPermission)
-	Register("PUT", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseUpdateData, midware.CheckPermission)
-	Register("DELETE", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseDeleteData, midware.CheckPermission)
+	Register("GET", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseGetData, selectPermission)
+	Register("POST", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseInsertData, insertPermission)
+	Register("PUT", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseUpdateData, updatePermission)
+	Register("DELETE", dbrest.CustomXormExtDataUri, dbrest.ExtDatabaseDeleteData, deletePermission)
 
 	// alarm restful Register
 	Register("POST", fm.UriAlarms, fm.PostAlarmFromNF, nil)
@@ -287,7 +305,7 @@ func NewRouter() *mux.Router {
 
 	r.Use(midware.LoggerTrace)
 	r.Use(midware.OptionProcess)
-	r.Use(midware.ArrowIPAddr)
+	// r.Use(midware.ArrowIPAddr)
 
 	for _, router := range routers {
 		rt := r.Methods(router.Method).Subrouter()