From 1ad330a7beaa46b19e63656d9e64dcd573483a63 Mon Sep 17 00:00:00 2001
From: Boris <boris2code@outlook.com>
Date: Thu, 15 Aug 2024 15:45:34 +0800
Subject: [PATCH] refactor: redefining the permit action structure (#825)

---
 .../access-token/access-token.service.ts      |   4 +-
 .../auth/decorators/permissions.decorator.ts  |   5 +-
 .../features/auth/guard/permission.guard.ts   |  15 +-
 .../features/auth/permission.service.spec.ts  |  16 +-
 .../src/features/auth/permission.service.ts   |  19 +-
 .../collaborator/collaborator.service.spec.ts |  14 +-
 .../collaborator/collaborator.service.ts      |  10 +-
 .../invitation/invitation.service.spec.ts     |  36 +--
 .../features/invitation/invitation.service.ts |   8 +-
 .../selection/selection.service.spec.ts       |   9 +-
 .../src/features/space/space.service.ts       |   9 +-
 .../table/open-api/table-open-api.service.ts  |  30 ++-
 .../table/table-permission.service.ts         |  20 +-
 .../src/features/user/user.service.ts         |   4 +-
 apps/nestjs-backend/src/types/cls.ts          |   4 +-
 .../test/access-token.e2e-spec.ts             |   4 +-
 .../test/computed-user-field.e2e-spec.ts      |   4 +-
 .../test/invitation.e2e-spec.ts               |   6 +-
 apps/nestjs-backend/test/space.e2e-spec.ts    |  16 +-
 .../setting/access-token/AccessTokenList.tsx  |   4 +-
 .../access-token/form/AccessTokenForm.tsx     |   4 +-
 .../setting/components/ScopesSelect.tsx       |  14 +-
 .../setting/oauth-app/manage/OAuthAppForm.tsx |   4 +-
 .../features/app/blocks/space/SpaceCard.tsx   |   4 +-
 .../app/blocks/space/SpaceInnerPage.tsx       |   4 +-
 .../space-inner/Collaborators.tsx             |   4 +-
 .../space/Collaborators.tsx                   |   4 +-
 .../collaborator-manage/space/Invite.tsx      |  11 +-
 .../collaborator-manage/space/InviteLink.tsx  |   4 +-
 .../collaborator-manage/space/RoleSelect.tsx  |  14 +-
 .../collaborator-manage/space/utils.ts        |   6 +-
 .../app/components/oauth/OAuthScope.tsx       |   4 +-
 apps/nextjs-app/src/lib/space-role-checker.ts |   4 +-
 .../space/[spaceId]/setting/collaborator.tsx  |   4 +-
 .../pages/space/[spaceId]/setting/general.tsx |   4 +-
 packages/core/src/auth/actions.ts             | 210 +++++++++--------
 packages/core/src/auth/oauth.ts               |  24 +-
 packages/core/src/auth/permission.ts          |  52 ++---
 packages/core/src/auth/role/base.role.ts      | 213 ------------------
 packages/core/src/auth/role/base.ts           |  26 +++
 .../auth/role/{space.role.ts => constant.ts}  |  28 +--
 packages/core/src/auth/role/index.ts          |  10 +-
 .../src/auth/role/{share.role.ts => share.ts} |   6 +-
 packages/core/src/auth/role/space.ts          |   3 +
 packages/core/src/auth/role/table.role.ts     |  81 -------
 packages/core/src/auth/role/table.ts          |  35 +++
 packages/core/src/auth/role/types.ts          |  14 ++
 packages/core/src/auth/types.ts               |   7 -
 packages/openapi/src/base/get-permission.ts   |  10 +-
 packages/openapi/src/base/get.ts              |   4 +-
 .../src/space/collaborator-get-list.ts        |   4 +-
 .../openapi/src/space/collaborator-update.ts  |   4 +-
 packages/openapi/src/space/get.ts             |   4 +-
 .../src/space/invitation-create-link.ts       |   4 +-
 .../openapi/src/space/invitation-email.ts     |   4 +-
 .../src/space/invitation-get-link-list.ts     |   4 +-
 .../src/space/invitation-update-link.ts       |   6 +-
 packages/openapi/src/table/get-permission.ts  |  22 +-
 .../hooks/use-permission-actions-static.ts    |   8 +-
 .../sdk/src/hooks/use-space-role-static.ts    |  15 +-
 packages/sdk/src/model/base.ts                |   4 +-
 packages/sdk/src/model/table/table.ts         |   4 +-
 62 files changed, 424 insertions(+), 708 deletions(-)
 delete mode 100644 packages/core/src/auth/role/base.role.ts
 create mode 100644 packages/core/src/auth/role/base.ts
 rename packages/core/src/auth/role/{space.role.ts => constant.ts} (92%)
 rename packages/core/src/auth/role/{share.role.ts => share.ts} (62%)
 create mode 100644 packages/core/src/auth/role/space.ts
 delete mode 100644 packages/core/src/auth/role/table.role.ts
 create mode 100644 packages/core/src/auth/role/table.ts
 create mode 100644 packages/core/src/auth/role/types.ts

diff --git a/apps/nestjs-backend/src/features/access-token/access-token.service.ts b/apps/nestjs-backend/src/features/access-token/access-token.service.ts
index 5884bbae5..cfe16e8fb 100644
--- a/apps/nestjs-backend/src/features/access-token/access-token.service.ts
+++ b/apps/nestjs-backend/src/features/access-token/access-token.service.ts
@@ -1,5 +1,5 @@
 import { Injectable, UnauthorizedException } from '@nestjs/common';
-import type { AllActions } from '@teable/core';
+import type { Action } from '@teable/core';
 import { generateAccessTokenId, getRandomString } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import type {
@@ -34,7 +34,7 @@ export class AccessTokenService {
     return {
       ...accessTokenEntity,
       description: description || undefined,
-      scopes: JSON.parse(scopes) as AllActions[],
+      scopes: JSON.parse(scopes) as Action[],
       spaceIds: spaceIds ? (JSON.parse(spaceIds) as string[]) : undefined,
       baseIds: baseIds ? (JSON.parse(baseIds) as string[]) : undefined,
       createdTime: createdTime?.toISOString(),
diff --git a/apps/nestjs-backend/src/features/auth/decorators/permissions.decorator.ts b/apps/nestjs-backend/src/features/auth/decorators/permissions.decorator.ts
index 0871e1b75..8ade9c478 100644
--- a/apps/nestjs-backend/src/features/auth/decorators/permissions.decorator.ts
+++ b/apps/nestjs-backend/src/features/auth/decorators/permissions.decorator.ts
@@ -1,8 +1,7 @@
 import { SetMetadata } from '@nestjs/common';
-import type { PermissionAction } from '@teable/core';
+import type { Action } from '@teable/core';
 
 export const PERMISSIONS_KEY = 'permissions';
 
 // eslint-disable-next-line @typescript-eslint/naming-convention
-export const Permissions = (...permissions: PermissionAction[]) =>
-  SetMetadata(PERMISSIONS_KEY, permissions);
+export const Permissions = (...permissions: Action[]) => SetMetadata(PERMISSIONS_KEY, permissions);
diff --git a/apps/nestjs-backend/src/features/auth/guard/permission.guard.ts b/apps/nestjs-backend/src/features/auth/guard/permission.guard.ts
index e308fdffe..120fa7f4e 100644
--- a/apps/nestjs-backend/src/features/auth/guard/permission.guard.ts
+++ b/apps/nestjs-backend/src/features/auth/guard/permission.guard.ts
@@ -1,7 +1,7 @@
 import type { ExecutionContext } from '@nestjs/common';
 import { ForbiddenException, Injectable } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import { type PermissionAction } from '@teable/core';
+import { type Action } from '@teable/core';
 import { ClsService } from 'nestjs-cls';
 import type { IClsStore } from '../../../types/cls';
 import { IS_DISABLED_PERMISSION } from '../decorators/disabled-permission.decorator';
@@ -48,10 +48,7 @@ export class PermissionGuard {
     return true;
   }
 
-  protected async resourcePermission(
-    resourceId: string | undefined,
-    permissions: PermissionAction[]
-  ) {
+  protected async resourcePermission(resourceId: string | undefined, permissions: Action[]) {
     if (!resourceId) {
       throw new ForbiddenException('permission check ID does not exist');
     }
@@ -66,10 +63,10 @@ export class PermissionGuard {
   }
 
   protected async permissionCheck(context: ExecutionContext) {
-    const permissions = this.reflector.getAllAndOverride<PermissionAction[] | undefined>(
-      PERMISSIONS_KEY,
-      [context.getHandler(), context.getClass()]
-    );
+    const permissions = this.reflector.getAllAndOverride<Action[] | undefined>(PERMISSIONS_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
 
     const accessTokenId = this.cls.get('accessTokenId');
     if (accessTokenId && !permissions?.length) {
diff --git a/apps/nestjs-backend/src/features/auth/permission.service.spec.ts b/apps/nestjs-backend/src/features/auth/permission.service.spec.ts
index d28cf2a33..e368093c9 100644
--- a/apps/nestjs-backend/src/features/auth/permission.service.spec.ts
+++ b/apps/nestjs-backend/src/features/auth/permission.service.spec.ts
@@ -3,8 +3,8 @@
 import { ForbiddenException, NotFoundException } from '@nestjs/common';
 import type { TestingModule } from '@nestjs/testing';
 import { Test } from '@nestjs/testing';
-import type { AllActions } from '@teable/core';
-import { RoleType, SpaceRole, getPermissions } from '@teable/core';
+import type { Action } from '@teable/core';
+import { Role, getPermissions } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import { noop } from 'lodash';
 import { ClsService } from 'nestjs-cls';
@@ -218,7 +218,7 @@ describe('PermissionService', () => {
     it('should return scopes when resourceId is a valid spaceId and allowed', async () => {
       const resourceId = 'spcxxxxxxx';
       const accessTokenId = 'validAccessTokenId';
-      const scopes: AllActions[] = ['table|create', 'table|update'];
+      const scopes: Action[] = ['table|create', 'table|update'];
       const spaceIds = ['spcxxxxxxx'];
 
       vi.spyOn(service, 'getAccessToken').mockResolvedValueOnce({
@@ -288,7 +288,7 @@ describe('PermissionService', () => {
     it('should return permissions for a user', async () => {
       const resourceId = 'bsexxxxxx';
       vi.spyOn(service, 'getPermissionsByResourceId').mockResolvedValue(
-        getPermissions(RoleType.Space, SpaceRole.Editor)
+        getPermissions(Role.Editor)
       );
       const result = await service.getPermissions(resourceId);
       expect(result.includes('view|create')).toEqual(true);
@@ -298,7 +298,7 @@ describe('PermissionService', () => {
     it('should return permissions for access token', async () => {
       const resourceId = 'bsexxxxxx';
       vi.spyOn(service, 'getPermissionsByResourceId').mockResolvedValue(
-        getPermissions(RoleType.Space, SpaceRole.Editor)
+        getPermissions(Role.Editor)
       );
       vi.spyOn(service, 'getPermissionsByAccessToken').mockResolvedValue([
         'view|create',
@@ -313,7 +313,7 @@ describe('PermissionService', () => {
 
   describe('validPermissions', () => {
     it('should return true if user has all required permissions', async () => {
-      const permissions = getPermissions(RoleType.Space, SpaceRole.Creator);
+      const permissions = getPermissions(Role.Creator);
       vi.spyOn(service, 'getPermissions').mockResolvedValue(permissions);
       const resourceId = 'bsexxxxxx';
       const result = await service.validPermissions(resourceId, ['base|create']);
@@ -321,9 +321,7 @@ describe('PermissionService', () => {
     });
 
     it('should throw an error if user does not have all required permissions', async () => {
-      vi.spyOn(service, 'getPermissions').mockResolvedValue(
-        getPermissions(RoleType.Space, SpaceRole.Editor)
-      );
+      vi.spyOn(service, 'getPermissions').mockResolvedValue(getPermissions(Role.Editor));
       const resourceId = 'bsexxxxxx';
       await expect(service.validPermissions(resourceId, ['space|create'])).rejects.toThrowError(
         new ForbiddenException(`not allowed to operate space|create on ${resourceId}`)
diff --git a/apps/nestjs-backend/src/features/auth/permission.service.ts b/apps/nestjs-backend/src/features/auth/permission.service.ts
index 295cf139d..b61667db0 100644
--- a/apps/nestjs-backend/src/features/auth/permission.service.ts
+++ b/apps/nestjs-backend/src/features/auth/permission.service.ts
@@ -1,10 +1,9 @@
 import { ForbiddenException, NotFoundException, Injectable } from '@nestjs/common';
-import type { BaseRole, PermissionAction, SpaceRole } from '@teable/core';
+import type { IBaseRole, Action, IRole } from '@teable/core';
 import { IdPrefix, getPermissions } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import { intersection } from 'lodash';
 import { ClsService } from 'nestjs-cls';
-import { RoleType } from '../../../../../packages/core/src/auth/types';
 import type { IClsStore } from '../../types/cls';
 
 @Injectable()
@@ -29,7 +28,7 @@ export class PermissionService {
     if (!collaborator) {
       throw new ForbiddenException(`can't find collaborator`);
     }
-    return collaborator.roleName as SpaceRole;
+    return collaborator.roleName as IRole;
   }
 
   async getRoleByBaseId(baseId: string) {
@@ -47,7 +46,7 @@ export class PermissionService {
     if (!collaborator) {
       return null;
     }
-    return collaborator.roleName as BaseRole;
+    return collaborator.roleName as IBaseRole;
   }
 
   async getOAuthAccessBy(userId: string) {
@@ -83,7 +82,7 @@ export class PermissionService {
       where: { id: accessTokenId },
       select: { scopes: true, spaceIds: true, baseIds: true, clientId: true, userId: true },
     });
-    const scopes = JSON.parse(stringifyScopes) as PermissionAction[];
+    const scopes = JSON.parse(stringifyScopes) as Action[];
     if (clientId) {
       const { spaceIds: spaceIdsByOAuth, baseIds: baseIdsByOAuth } =
         await this.getOAuthAccessBy(userId);
@@ -186,13 +185,13 @@ export class PermissionService {
 
   private async getPermissionBySpaceId(spaceId: string) {
     const role = await this.getRoleBySpaceId(spaceId);
-    return getPermissions(RoleType.Space, role);
+    return getPermissions(role);
   }
 
   private async getPermissionByBaseId(baseId: string) {
     const role = await this.getRoleByBaseId(baseId);
     if (role) {
-      return getPermissions(RoleType.Base, role);
+      return getPermissions(role);
     }
     return this.getPermissionBySpaceId((await this.getUpperIdByBaseId(baseId)).spaceId);
   }
@@ -227,11 +226,7 @@ export class PermissionService {
     return userPermissions;
   }
 
-  async validPermissions(
-    resourceId: string,
-    permissions: PermissionAction[],
-    accessTokenId?: string
-  ) {
+  async validPermissions(resourceId: string, permissions: Action[], accessTokenId?: string) {
     const ownPermissions = await this.getPermissions(resourceId, accessTokenId);
     if (permissions.every((permission) => ownPermissions.includes(permission))) {
       return ownPermissions;
diff --git a/apps/nestjs-backend/src/features/collaborator/collaborator.service.spec.ts b/apps/nestjs-backend/src/features/collaborator/collaborator.service.spec.ts
index 0f2681beb..0c793252f 100644
--- a/apps/nestjs-backend/src/features/collaborator/collaborator.service.spec.ts
+++ b/apps/nestjs-backend/src/features/collaborator/collaborator.service.spec.ts
@@ -1,6 +1,6 @@
 import type { TestingModule } from '@nestjs/testing';
 import { Test } from '@nestjs/testing';
-import { RoleType, SpaceRole, getPermissions } from '@teable/core';
+import { Role, getPermissions } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import { ClsService } from 'nestjs-cls';
 import { mockDeep } from 'vitest-mock-extended';
@@ -41,21 +41,17 @@ describe('CollaboratorService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => {
-          await collaboratorService.createSpaceCollaborator(
-            mockUser.id,
-            mockSpace.id,
-            SpaceRole.Owner
-          );
+          await collaboratorService.createSpaceCollaborator(mockUser.id, mockSpace.id, Role.Owner);
         }
       );
 
       expect(prismaService.collaborator.create).toBeCalledWith({
         data: {
           spaceId: mockSpace.id,
-          roleName: SpaceRole.Owner,
+          roleName: Role.Owner,
           userId: mockUser.id,
           createdBy: mockUser.id,
         },
@@ -66,7 +62,7 @@ describe('CollaboratorService', () => {
       prismaService.collaborator.count.mockResolvedValue(1);
 
       await expect(
-        collaboratorService.createSpaceCollaborator(mockUser.id, mockSpace.id, SpaceRole.Owner)
+        collaboratorService.createSpaceCollaborator(mockUser.id, mockSpace.id, Role.Owner)
       ).rejects.toThrow('has already existed in space');
     });
   });
diff --git a/apps/nestjs-backend/src/features/collaborator/collaborator.service.ts b/apps/nestjs-backend/src/features/collaborator/collaborator.service.ts
index 10b333d18..0daea46b1 100644
--- a/apps/nestjs-backend/src/features/collaborator/collaborator.service.ts
+++ b/apps/nestjs-backend/src/features/collaborator/collaborator.service.ts
@@ -1,5 +1,5 @@
 import { BadRequestException, Injectable } from '@nestjs/common';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import {
   UploadType,
@@ -30,7 +30,7 @@ export class CollaboratorService {
     @InjectModel('CUSTOM_KNEX') private readonly knex: Knex
   ) {}
 
-  async createSpaceCollaborator(userId: string, spaceId: string, role: SpaceRole) {
+  async createSpaceCollaborator(userId: string, spaceId: string, role: IRole) {
     const currentUserId = this.cls.get('user.id');
     const exist = await this.prismaService
       .txClient()
@@ -181,17 +181,17 @@ export class CollaboratorService {
         spaceId: true,
       },
     });
-    const roleMap: Record<string, SpaceRole> = {};
+    const roleMap: Record<string, IRole> = {};
     const baseIds = new Set<string>();
     const spaceIds = new Set<string>();
     collaborators.forEach(({ baseId, spaceId, roleName }) => {
       if (baseId) {
         baseIds.add(baseId);
-        roleMap[baseId] = roleName as SpaceRole;
+        roleMap[baseId] = roleName as IRole;
       }
       if (spaceId) {
         spaceIds.add(spaceId);
-        roleMap[spaceId] = roleName as SpaceRole;
+        roleMap[spaceId] = roleName as IRole;
       }
     });
     return {
diff --git a/apps/nestjs-backend/src/features/invitation/invitation.service.spec.ts b/apps/nestjs-backend/src/features/invitation/invitation.service.spec.ts
index 71828b57d..8edb2cb18 100644
--- a/apps/nestjs-backend/src/features/invitation/invitation.service.spec.ts
+++ b/apps/nestjs-backend/src/features/invitation/invitation.service.spec.ts
@@ -2,7 +2,7 @@
 import { BadRequestException, ForbiddenException, NotFoundException } from '@nestjs/common';
 import type { TestingModule } from '@nestjs/testing';
 import { Test } from '@nestjs/testing';
-import { getPermissions, RoleType, SpaceRole } from '@teable/core';
+import { getPermissions, Role } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import { ClsService } from 'nestjs-cls';
 import { vi } from 'vitest';
@@ -63,11 +63,11 @@ describe('InvitationService', () => {
       {
         user: mockUser,
         tx: {},
-        permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+        permissions: getPermissions(Role.Owner),
       },
       async () => {
         await invitationService.generateInvitationBySpace('link', mockSpace.id, {
-          role: SpaceRole.Owner,
+          role: Role.Owner,
         });
       }
     );
@@ -77,7 +77,7 @@ describe('InvitationService', () => {
         id: expect.anything(),
         invitationCode: expect.anything(),
         spaceId: mockSpace.id,
-        role: SpaceRole.Owner,
+        role: Role.Owner,
         type: 'link',
         expiredTime: null,
         createdBy: mockUser.id,
@@ -92,7 +92,7 @@ describe('InvitationService', () => {
       await expect(
         invitationService.emailInvitationBySpace(mockSpace.id, {
           emails: ['notfound@example.com'],
-          role: SpaceRole.Owner,
+          role: Role.Owner,
         })
       ).rejects.toThrow('Space not found');
     });
@@ -110,19 +110,19 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () =>
           await invitationService.emailInvitationBySpace(mockSpace.id, {
             emails: [mockInvitedUser.email],
-            role: SpaceRole.Owner,
+            role: Role.Owner,
           })
       );
 
       expect(collaboratorService.createSpaceCollaborator).toHaveBeenCalledWith(
         mockInvitedUser.id,
         mockSpace.id,
-        SpaceRole.Owner
+        Role.Owner
       );
       expect(prismaService.invitationRecord.create).toHaveBeenCalledWith({
         data: {
@@ -145,7 +145,7 @@ describe('InvitationService', () => {
       await expect(
         invitationService.emailInvitationBySpace(mockSpace.id, {
           emails: [mockInvitedUser.email],
-          role: SpaceRole.Owner,
+          role: Role.Owner,
         })
       ).rejects.toThrow('tx error');
     });
@@ -167,7 +167,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () =>
           await expect(() =>
@@ -182,7 +182,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () =>
           await expect(() =>
@@ -200,7 +200,7 @@ describe('InvitationService', () => {
         baseId: null,
         deletedTime: null,
         createdTime: new Date('2022-01-02'),
-        role: SpaceRole.Owner,
+        role: Role.Owner,
         createdBy: mockUser.id,
         lastModifiedBy: null,
         lastModifiedTime: null,
@@ -209,7 +209,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () =>
           await expect(() =>
@@ -227,7 +227,7 @@ describe('InvitationService', () => {
         baseId: null,
         deletedTime: null,
         createdTime: new Date(),
-        role: SpaceRole.Owner,
+        role: Role.Owner,
         createdBy: mockUser.id,
         lastModifiedBy: null,
         lastModifiedTime: null,
@@ -237,7 +237,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => await invitationService.acceptInvitationLink(acceptInvitationLinkRo)
       );
@@ -250,7 +250,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => await invitationService.acceptInvitationLink(acceptInvitationLinkRo)
       );
@@ -266,7 +266,7 @@ describe('InvitationService', () => {
         baseId: null,
         deletedTime: null,
         createdTime: new Date('2022-01-02'),
-        role: SpaceRole.Owner,
+        role: Role.Owner,
         createdBy: 'createdBy',
         lastModifiedBy: null,
         lastModifiedTime: null,
@@ -278,7 +278,7 @@ describe('InvitationService', () => {
         {
           user: mockUser,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => await invitationService.acceptInvitationLink(acceptInvitationLinkRo)
       );
diff --git a/apps/nestjs-backend/src/features/invitation/invitation.service.ts b/apps/nestjs-backend/src/features/invitation/invitation.service.ts
index 74e7a0a73..14df0fcc4 100644
--- a/apps/nestjs-backend/src/features/invitation/invitation.service.ts
+++ b/apps/nestjs-backend/src/features/invitation/invitation.service.ts
@@ -5,7 +5,7 @@ import {
   NotFoundException,
 } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import { generateInvitationId } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import type {
@@ -136,7 +136,7 @@ export class InvitationService {
       await this.generateInvitationBySpace('link', spaceId, data);
     return {
       invitationId: id,
-      role: role as SpaceRole,
+      role: role as IRole,
       createdBy,
       createdTime: createdTime.toISOString(),
       inviteUrl: this.generateInviteUrl(id, invitationCode),
@@ -184,7 +184,7 @@ export class InvitationService {
     });
     return {
       invitationId: id,
-      role: role as SpaceRole,
+      role: role as IRole,
     };
   }
 
@@ -195,7 +195,7 @@ export class InvitationService {
     });
     return data.map(({ id, role, createdBy, createdTime, invitationCode }) => ({
       invitationId: id,
-      role: role as SpaceRole,
+      role: role as IRole,
       createdBy,
       createdTime: createdTime.toISOString(),
       invitationCode,
diff --git a/apps/nestjs-backend/src/features/selection/selection.service.spec.ts b/apps/nestjs-backend/src/features/selection/selection.service.spec.ts
index a01f57ad2..8f9e8f1e4 100644
--- a/apps/nestjs-backend/src/features/selection/selection.service.spec.ts
+++ b/apps/nestjs-backend/src/features/selection/selection.service.spec.ts
@@ -17,8 +17,7 @@ import {
   defaultUserFieldOptions,
   getPermissions,
   nullsToUndefined,
-  SpaceRole,
-  RoleType,
+  Role,
   DateFormattingPreset,
   TimeFormatting,
 } from '@teable/core';
@@ -148,7 +147,7 @@ describe('selectionService', () => {
         {
           user: {} as any,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => selectionService['calculateExpansion'](tableSize, cell, tableDataSize)
       );
@@ -159,7 +158,7 @@ describe('selectionService', () => {
         {
           user: {} as any,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Editor),
+          permissions: getPermissions(Role.Editor),
         },
         async () => selectionService['calculateExpansion'](tableSize, cell, tableDataSize)
       );
@@ -533,7 +532,7 @@ describe('selectionService', () => {
         {
           user: {} as any,
           tx: {},
-          permissions: getPermissions(RoleType.Space, SpaceRole.Owner),
+          permissions: getPermissions(Role.Owner),
         },
         async () => await selectionService.paste(tableId, { viewId, ...pasteRo })
       );
diff --git a/apps/nestjs-backend/src/features/space/space.service.ts b/apps/nestjs-backend/src/features/space/space.service.ts
index 4eb6c1cfc..6d8a839c9 100644
--- a/apps/nestjs-backend/src/features/space/space.service.ts
+++ b/apps/nestjs-backend/src/features/space/space.service.ts
@@ -1,5 +1,6 @@
 import { ForbiddenException, Injectable, NotFoundException } from '@nestjs/common';
-import { SpaceRole, generateSpaceId, getUniqName } from '@teable/core';
+import type { IRole } from '@teable/core';
+import { Role, generateSpaceId, getUniqName } from '@teable/core';
 import type { Prisma } from '@teable/db-main-prisma';
 import { PrismaService } from '@teable/db-main-prisma';
 import type { ICreateSpaceRo, IUpdateSpaceRo } from '@teable/openapi';
@@ -28,7 +29,7 @@ export class SpaceService {
       await this.collaboratorService.createSpaceCollaborator(
         spaceCreateInput.createdBy,
         result.id,
-        SpaceRole.Owner
+        Role.Owner
       );
       return result;
     });
@@ -65,7 +66,7 @@ export class SpaceService {
     }
     return {
       ...space,
-      role: collaborator.roleName as SpaceRole,
+      role: collaborator.roleName as IRole,
     };
   }
 
@@ -92,7 +93,7 @@ export class SpaceService {
     const roleMap = keyBy(collaboratorSpaceList, 'spaceId');
     return spaceList.map((space) => ({
       ...space,
-      role: roleMap[space.id].roleName as SpaceRole,
+      role: roleMap[space.id].roleName as IRole,
     }));
   }
 
diff --git a/apps/nestjs-backend/src/features/table/open-api/table-open-api.service.ts b/apps/nestjs-backend/src/features/table/open-api/table-open-api.service.ts
index ce749f4ab..16b270826 100644
--- a/apps/nestjs-backend/src/features/table/open-api/table-open-api.service.ts
+++ b/apps/nestjs-backend/src/features/table/open-api/table-open-api.service.ts
@@ -1,24 +1,22 @@
 import { BadRequestException, NotFoundException, Injectable, Logger } from '@nestjs/common';
 import type {
-  BaseRole,
-  FieldActions,
+  FieldAction,
   IFieldRo,
   IFieldVo,
   ILinkFieldOptions,
   ILookupOptionsVo,
   IViewRo,
-  RecordActions,
-  SpaceRole,
-  TableActions,
-  ViewActions,
+  RecordAction,
+  IRole,
+  TableAction,
+  ViewAction,
 } from '@teable/core';
 import {
   ActionPrefix,
   FieldKeyType,
   FieldType,
-  RoleType,
   actionPrefixMap,
-  getPermissionMap,
+  getBasePermission,
 } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import type {
@@ -454,7 +452,7 @@ export class TableOpenApiService {
   }
 
   async getPermission(baseId: string, tableId: string): Promise<ITablePermissionVo> {
-    let role: SpaceRole | BaseRole | null = await this.permissionService.getRoleByBaseId(baseId);
+    let role: IRole | null = await this.permissionService.getRoleByBaseId(baseId);
     if (!role) {
       const { spaceId } = await this.permissionService.getUpperIdByBaseId(baseId);
       role = await this.permissionService.getRoleBySpaceId(spaceId);
@@ -465,21 +463,21 @@ export class TableOpenApiService {
     return this.getPermissionByRole(tableId, role);
   }
 
-  async getPermissionByRole(tableId: string, role: SpaceRole | BaseRole) {
-    const permissionMap = getPermissionMap(RoleType.Base, role);
+  async getPermissionByRole(tableId: string, role: IRole) {
+    const permissionMap = getBasePermission(role);
     const tablePermission = actionPrefixMap[ActionPrefix.Table].reduce(
       (acc, action) => {
         acc[action] = permissionMap[action];
         return acc;
       },
-      {} as Record<TableActions, boolean>
+      {} as Record<TableAction, boolean>
     );
     const viewPermission = actionPrefixMap[ActionPrefix.View].reduce(
       (acc, action) => {
         acc[action] = permissionMap[action];
         return acc;
       },
-      {} as Record<ViewActions, boolean>
+      {} as Record<ViewAction, boolean>
     );
 
     const recordPermission = actionPrefixMap[ActionPrefix.Record].reduce(
@@ -487,7 +485,7 @@ export class TableOpenApiService {
         acc[action] = permissionMap[action];
         return acc;
       },
-      {} as Record<RecordActions, boolean>
+      {} as Record<RecordAction, boolean>
     );
 
     const fields = await this.prismaService.field.findMany({
@@ -507,11 +505,11 @@ export class TableOpenApiService {
             acc[action] = permissionMap[action];
             return acc;
           },
-          {} as Record<FieldActions, boolean>
+          {} as Record<FieldAction, boolean>
         );
         return acc;
       },
-      {} as Record<string, Record<FieldActions, boolean>>
+      {} as Record<string, Record<FieldAction, boolean>>
     );
 
     return {
diff --git a/apps/nestjs-backend/src/features/table/table-permission.service.ts b/apps/nestjs-backend/src/features/table/table-permission.service.ts
index 4edbda8a0..d4ba5d202 100644
--- a/apps/nestjs-backend/src/features/table/table-permission.service.ts
+++ b/apps/nestjs-backend/src/features/table/table-permission.service.ts
@@ -1,6 +1,6 @@
 import { Injectable, NotFoundException } from '@nestjs/common';
-import type { BaseRole, ExcludeAction, SpaceRole, TableActions } from '@teable/core';
-import { ActionPrefix, RoleType, actionPrefixMap, getPermissionMap } from '@teable/core';
+import type { IBaseRole, ExcludeAction, IRole, TableAction } from '@teable/core';
+import { ActionPrefix, actionPrefixMap, getPermissionMap } from '@teable/core';
 import { PrismaService } from '@teable/db-main-prisma';
 import { pick } from 'lodash';
 import { ClsService } from 'nestjs-cls';
@@ -27,7 +27,7 @@ export class TablePermissionService {
   async getTablePermissionMapByBaseId(
     baseId: string,
     tableIds?: string[]
-  ): Promise<Record<string, Record<ExcludeAction<TableActions, 'table|create'>, boolean>>> {
+  ): Promise<Record<string, Record<ExcludeAction<TableAction, 'table|create'>, boolean>>> {
     const userId = this.cls.get('user.id');
     const base = await this.prismaService
       .txClient()
@@ -50,28 +50,24 @@ export class TablePermissionService {
         throw new NotFoundException('Collaborator not found');
       });
     const roleName = collaborator.roleName;
-    return this.getTablePermissionMapByRole(baseId, roleName as BaseRole, tableIds);
+    return this.getTablePermissionMapByRole(baseId, roleName as IBaseRole, tableIds);
   }
 
-  async getTablePermissionMapByRole(
-    baseId: string,
-    roleName: BaseRole | SpaceRole,
-    tableIds?: string[]
-  ) {
+  async getTablePermissionMapByRole(baseId: string, roleName: IRole, tableIds?: string[]) {
     const tables = await this.prismaService.txClient().tableMeta.findMany({
       where: { baseId, deletedTime: null, id: { in: tableIds } },
     });
     return tables.reduce(
       (acc, table) => {
         acc[table.id] = pick(
-          getPermissionMap(RoleType.Base, roleName as BaseRole),
+          getPermissionMap(roleName),
           actionPrefixMap[ActionPrefix.Table].filter(
             (action) => action !== 'table|create'
-          ) as ExcludeAction<TableActions, 'table|create'>[]
+          ) as ExcludeAction<TableAction, 'table|create'>[]
         );
         return acc;
       },
-      {} as Record<string, Record<ExcludeAction<TableActions, 'table|create'>, boolean>>
+      {} as Record<string, Record<ExcludeAction<TableAction, 'table|create'>, boolean>>
     );
   }
 }
diff --git a/apps/nestjs-backend/src/features/user/user.service.ts b/apps/nestjs-backend/src/features/user/user.service.ts
index cf8e09cae..647eca5fd 100644
--- a/apps/nestjs-backend/src/features/user/user.service.ts
+++ b/apps/nestjs-backend/src/features/user/user.service.ts
@@ -6,7 +6,7 @@ import {
   generateSpaceId,
   generateUserId,
   minidenticon,
-  SpaceRole,
+  Role,
 } from '@teable/core';
 import type { Prisma } from '@teable/db-main-prisma';
 import { PrismaService } from '@teable/db-main-prisma';
@@ -74,7 +74,7 @@ export class UserService {
     await this.prismaService.txClient().collaborator.create({
       data: {
         spaceId: space.id,
-        roleName: SpaceRole.Owner,
+        roleName: Role.Owner,
         userId,
         createdBy: userId,
       },
diff --git a/apps/nestjs-backend/src/types/cls.ts b/apps/nestjs-backend/src/types/cls.ts
index 48666fee6..649cc66dd 100644
--- a/apps/nestjs-backend/src/types/cls.ts
+++ b/apps/nestjs-backend/src/types/cls.ts
@@ -1,4 +1,4 @@
-import type { PermissionAction } from '@teable/core';
+import type { Action } from '@teable/core';
 import type { Prisma } from '@teable/db-main-prisma';
 import type { ClsStore } from 'nestjs-cls';
 import type { IFieldInstance } from '../features/field/model/factory';
@@ -23,7 +23,7 @@ export interface IClsStore extends ClsStore {
     rawOpMaps?: IRawOpMap[];
   };
   shareViewId?: string;
-  permissions: PermissionAction[];
+  permissions: Action[];
   // for share db adapter
   cookie?: string;
   oldField?: IFieldInstance;
diff --git a/apps/nestjs-backend/test/access-token.e2e-spec.ts b/apps/nestjs-backend/test/access-token.e2e-spec.ts
index 1c7834e35..53bad64bf 100644
--- a/apps/nestjs-backend/test/access-token.e2e-spec.ts
+++ b/apps/nestjs-backend/test/access-token.e2e-spec.ts
@@ -1,6 +1,6 @@
 /* eslint-disable sonarjs/no-duplicate-string */
 import type { INestApplication } from '@nestjs/common';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import type {
   CreateAccessTokenVo,
   ICreateSpaceVo,
@@ -188,7 +188,7 @@ describe('OpenAPI AccessTokenController (e2e)', () => {
 
       const spaceId = newUserSpace.id;
       await newUserAxios.post(urlBuilder(EMAIL_SPACE_INVITATION, { spaceId }), {
-        role: SpaceRole.Viewer,
+        role: Role.Viewer,
         emails: [email],
       });
 
diff --git a/apps/nestjs-backend/test/computed-user-field.e2e-spec.ts b/apps/nestjs-backend/test/computed-user-field.e2e-spec.ts
index 1c50039df..0feb12f34 100644
--- a/apps/nestjs-backend/test/computed-user-field.e2e-spec.ts
+++ b/apps/nestjs-backend/test/computed-user-field.e2e-spec.ts
@@ -1,6 +1,6 @@
 import type { INestApplication } from '@nestjs/common';
 import type { IFieldRo, IFieldVo } from '@teable/core';
-import { FieldKeyType, FieldType, SpaceRole } from '@teable/core';
+import { FieldKeyType, FieldType, Role } from '@teable/core';
 import {
   deleteSpaceCollaborator,
   emailSpaceInvitation,
@@ -245,7 +245,7 @@ describe('Computed user field (e2e)', () => {
 
       await emailSpaceInvitation({
         spaceId: globalThis.testConfig.spaceId,
-        emailSpaceInvitationRo: { role: SpaceRole.Creator, emails: ['renameUser@example.com'] },
+        emailSpaceInvitationRo: { role: Role.Creator, emails: ['renameUser@example.com'] },
       });
       table1 = (
         await user2Request.post<ITableFullVo>(urlBuilder(CREATE_TABLE, { baseId }), {
diff --git a/apps/nestjs-backend/test/invitation.e2e-spec.ts b/apps/nestjs-backend/test/invitation.e2e-spec.ts
index adaf6e988..a6a76c5d9 100644
--- a/apps/nestjs-backend/test/invitation.e2e-spec.ts
+++ b/apps/nestjs-backend/test/invitation.e2e-spec.ts
@@ -1,5 +1,5 @@
 import type { INestApplication } from '@nestjs/common';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import type { CreateSpaceInvitationLinkVo, ListSpaceCollaboratorVo } from '@teable/openapi';
 import {
   ACCEPT_INVITATION_LINK,
@@ -38,7 +38,7 @@ describe('OpenAPI InvitationController (e2e)', () => {
   it('/api/invitation/link/accept (POST)', async () => {
     const invitationLinkRes = await apiCreateSpaceInvitationLink({
       spaceId,
-      createSpaceInvitationLinkRo: { role: SpaceRole.Owner },
+      createSpaceInvitationLinkRo: { role: Role.Owner },
     });
 
     const { invitationId, invitationCode } = invitationLinkRes.data as CreateSpaceInvitationLinkVo;
@@ -48,6 +48,6 @@ describe('OpenAPI InvitationController (e2e)', () => {
     const collaborators: ListSpaceCollaboratorVo = (await apiGetSpaceCollaboratorList(spaceId))
       .data;
     const collaborator = collaborators.find(({ email }) => email === 'newuser@example.com');
-    expect(collaborator?.role).toEqual(SpaceRole.Owner);
+    expect(collaborator?.role).toEqual(Role.Owner);
   });
 });
diff --git a/apps/nestjs-backend/test/space.e2e-spec.ts b/apps/nestjs-backend/test/space.e2e-spec.ts
index e4b30cf61..f2cfe05b9 100644
--- a/apps/nestjs-backend/test/space.e2e-spec.ts
+++ b/apps/nestjs-backend/test/space.e2e-spec.ts
@@ -2,7 +2,7 @@
 import type { INestApplication } from '@nestjs/common';
 import { EventEmitter2 } from '@nestjs/event-emitter';
 import type { HttpError } from '@teable/core';
-import { IdPrefix, SpaceRole } from '@teable/core';
+import { IdPrefix, Role } from '@teable/core';
 import type { ListSpaceCollaboratorVo, ListSpaceInvitationLinkVo } from '@teable/openapi';
 import {
   createSpace as apiCreateSpace,
@@ -115,7 +115,7 @@ describe('OpenAPI SpaceController (e2e)', () => {
     it('/api/space/:spaceId/invitation/link (POST)', async () => {
       const res = await apiCreateSpaceInvitationLink({
         spaceId,
-        createSpaceInvitationLinkRo: { role: SpaceRole.Owner },
+        createSpaceInvitationLinkRo: { role: Role.Owner },
       });
 
       expect(createSpaceInvitationLinkVoSchema.safeParse(res.data).success).toEqual(true);
@@ -124,16 +124,16 @@ describe('OpenAPI SpaceController (e2e)', () => {
     it('/api/space/:spaceId/invitation/link/:invitationId (PATCH)', async () => {
       const res = await apiCreateSpaceInvitationLink({
         spaceId,
-        createSpaceInvitationLinkRo: { role: SpaceRole.Owner },
+        createSpaceInvitationLinkRo: { role: Role.Owner },
       });
       const newInvitationId = res.data.invitationId;
 
       const newSpaceUpdate = await apiUpdateSpaceInvitationLink({
         spaceId,
         invitationId: newInvitationId,
-        updateSpaceInvitationLinkRo: { role: SpaceRole.Editor },
+        updateSpaceInvitationLinkRo: { role: Role.Editor },
       });
-      expect(newSpaceUpdate.data.role).toEqual(SpaceRole.Editor);
+      expect(newSpaceUpdate.data.role).toEqual(Role.Editor);
 
       await apiDeleteSpaceInvitationLink({ spaceId, invitationId: newInvitationId });
     });
@@ -146,7 +146,7 @@ describe('OpenAPI SpaceController (e2e)', () => {
     it('/api/space/:spaceId/invitation/link/:invitationId (DELETE)', async () => {
       const res = await apiCreateSpaceInvitationLink({
         spaceId,
-        createSpaceInvitationLinkRo: { role: SpaceRole.Owner },
+        createSpaceInvitationLinkRo: { role: Role.Owner },
       });
       const newInvitationId = res.data.invitationId;
 
@@ -159,7 +159,7 @@ describe('OpenAPI SpaceController (e2e)', () => {
     it('/api/space/:spaceId/invitation/email (POST)', async () => {
       await apiEmailSpaceInvitation({
         spaceId,
-        emailSpaceInvitationRo: { role: SpaceRole.Owner, emails: [newUserEmail] },
+        emailSpaceInvitationRo: { role: Role.Owner, emails: [newUserEmail] },
       });
 
       const collaborators: ListSpaceCollaboratorVo = (await apiGetSpaceCollaboratorList(spaceId))
@@ -168,7 +168,7 @@ describe('OpenAPI SpaceController (e2e)', () => {
       const newCollaboratorInfo = collaborators.find(({ email }) => email === newUserEmail);
 
       expect(newCollaboratorInfo).not.toBeUndefined();
-      expect(newCollaboratorInfo?.role).toEqual(SpaceRole.Owner);
+      expect(newCollaboratorInfo?.role).toEqual(Role.Owner);
     });
   });
 });
diff --git a/apps/nextjs-app/src/features/app/blocks/setting/access-token/AccessTokenList.tsx b/apps/nextjs-app/src/features/app/blocks/setting/access-token/AccessTokenList.tsx
index cd2f87d13..e6d857868 100644
--- a/apps/nextjs-app/src/features/app/blocks/setting/access-token/AccessTokenList.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/setting/access-token/AccessTokenList.tsx
@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import type { AllActions } from '@teable/core';
+import type { Action } from '@teable/core';
 import { ArrowUpRight, Plus } from '@teable/icons';
 import { deleteAccessToken, listAccessToken } from '@teable/openapi';
 import { ReactQueryKeys } from '@teable/sdk/config';
@@ -143,7 +143,7 @@ export const AccessTokenList = (props: { newToken?: string }) => {
                   <TableCell title={scopes.join('; ')}>
                     {scopes
                       .slice(0, 2)
-                      .map((action) => actionStaticMap[action as AllActions].description)
+                      .map((action) => actionStaticMap[action as Action].description)
                       .join('; ')}
                     {scopesMoreLen ? ` ${t('token:moreScopes', { len: scopesMoreLen })}` : ''}
                   </TableCell>
diff --git a/apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessTokenForm.tsx b/apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessTokenForm.tsx
index 2bcdcf919..fee0587bf 100644
--- a/apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessTokenForm.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessTokenForm.tsx
@@ -1,4 +1,4 @@
-import { ActionPrefix, type AllActions } from '@teable/core';
+import { ActionPrefix, type Action } from '@teable/core';
 import {
   createAccessTokenRoSchema,
   type CreateAccessTokenRo,
@@ -152,7 +152,7 @@ export const AccessTokenForm = <T extends IFormType>(props: IAccessTokenForm<T>)
           </div>
         </Label>
         <ScopesSelect
-          initValue={scopes as AllActions[]}
+          initValue={scopes as Action[]}
           onChange={setScopes}
           actionsPrefixes={actionsPrefixes}
         />
diff --git a/apps/nextjs-app/src/features/app/blocks/setting/components/ScopesSelect.tsx b/apps/nextjs-app/src/features/app/blocks/setting/components/ScopesSelect.tsx
index 78180cf8b..ddc5fe4dd 100644
--- a/apps/nextjs-app/src/features/app/blocks/setting/components/ScopesSelect.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/setting/components/ScopesSelect.tsx
@@ -1,36 +1,36 @@
 import { actionPrefixMap } from '@teable/core';
-import type { ActionPrefix, AllActions } from '@teable/core';
+import type { ActionPrefix, Action } from '@teable/core';
 import { usePermissionActionsStatic } from '@teable/sdk/hooks';
 import { Checkbox, Label } from '@teable/ui-lib/shadcn';
 import { useMemo, useState } from 'react';
 
 interface IScopesSelectProps {
-  initValue?: AllActions[];
+  initValue?: Action[];
   onChange?: (value: string[]) => void;
   actionsPrefixes?: ActionPrefix[];
 }
 
 export const ScopesSelect = (props: IScopesSelectProps) => {
   const { onChange, initValue, actionsPrefixes } = props;
-  const [value, setValue] = useState<Record<AllActions, boolean>>(() => {
+  const [value, setValue] = useState<Record<Action, boolean>>(() => {
     if (initValue) {
       return initValue.reduce(
         (acc, cur) => {
           acc[cur] = true;
           return acc;
         },
-        {} as Record<AllActions, boolean>
+        {} as Record<Action, boolean>
       );
     }
-    return {} as Record<AllActions, boolean>;
+    return {} as Record<Action, boolean>;
   });
   const { actionPrefixStaticMap, actionStaticMap } = usePermissionActionsStatic();
 
-  const onCheckBoxChange = (status: boolean, val: AllActions) => {
+  const onCheckBoxChange = (status: boolean, val: Action) => {
     const actionMap = { ...value };
     actionMap[val] = status;
     setValue(actionMap);
-    const actions = Object.keys(actionMap).filter((key) => actionMap[key as AllActions]);
+    const actions = Object.keys(actionMap).filter((key) => actionMap[key as Action]);
     onChange?.(actions);
   };
 
diff --git a/apps/nextjs-app/src/features/app/blocks/setting/oauth-app/manage/OAuthAppForm.tsx b/apps/nextjs-app/src/features/app/blocks/setting/oauth-app/manage/OAuthAppForm.tsx
index 39aa7046d..41ccdf6dc 100644
--- a/apps/nextjs-app/src/features/app/blocks/setting/oauth-app/manage/OAuthAppForm.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/setting/oauth-app/manage/OAuthAppForm.tsx
@@ -1,5 +1,5 @@
 import { useMutation } from '@tanstack/react-query';
-import type { AllActions } from '@teable/core';
+import type { Action } from '@teable/core';
 import {
   UploadType,
   oauthCreateRoSchema,
@@ -222,7 +222,7 @@ export const OAuthAppForm = forwardRef<IOAuthAppFormRef, IOAuthAppFormProps>((pr
         </div>
         <ScopesSelect
           actionsPrefixes={OAuthActionsPrefixes}
-          initValue={form.scopes as AllActions[]}
+          initValue={form.scopes as Action[]}
           onChange={(value) => updateForm('scopes', value)}
         />
       </div>
diff --git a/apps/nextjs-app/src/features/app/blocks/space/SpaceCard.tsx b/apps/nextjs-app/src/features/app/blocks/space/SpaceCard.tsx
index 4ff3a28a0..8fe96e220 100644
--- a/apps/nextjs-app/src/features/app/blocks/space/SpaceCard.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/space/SpaceCard.tsx
@@ -1,5 +1,5 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import type { IGetBaseVo, IGetSpaceVo, ISubscriptionSummaryVo } from '@teable/openapi';
 import { PinType, deleteSpace, updateSpace } from '@teable/openapi';
 import { ReactQueryKeys } from '@teable/sdk/config';
@@ -88,7 +88,7 @@ export const SpaceCard: FC<ISpaceCard> = (props) => {
                 level={subscription?.level}
                 status={subscription?.status}
                 spaceId={space.id}
-                withUpgrade={space.role === SpaceRole.Owner}
+                withUpgrade={space.role === Role.Owner}
               />
             )}
           </div>
diff --git a/apps/nextjs-app/src/features/app/blocks/space/SpaceInnerPage.tsx b/apps/nextjs-app/src/features/app/blocks/space/SpaceInnerPage.tsx
index 55f9708d1..c3fdd0b12 100644
--- a/apps/nextjs-app/src/features/app/blocks/space/SpaceInnerPage.tsx
+++ b/apps/nextjs-app/src/features/app/blocks/space/SpaceInnerPage.tsx
@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import {
   PinType,
   deleteSpace,
@@ -112,7 +112,7 @@ export const SpaceInnerPage: React.FC = () => {
                 level={subscriptionSummary?.level}
                 status={subscriptionSummary?.status}
                 spaceId={space.id}
-                withUpgrade={space.role === SpaceRole.Owner}
+                withUpgrade={space.role === Role.Owner}
               />
             )}
           </div>
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space-inner/Collaborators.tsx b/apps/nextjs-app/src/features/app/components/collaborator-manage/space-inner/Collaborators.tsx
index 8caa28c66..744118642 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space-inner/Collaborators.tsx
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space-inner/Collaborators.tsx
@@ -1,5 +1,5 @@
 import { useQuery } from '@tanstack/react-query';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import { getSpaceCollaboratorList } from '@teable/openapi';
 import { ReactQueryKeys } from '@teable/sdk';
 import { useTranslation } from 'next-i18next';
@@ -8,7 +8,7 @@ import { UserAvatar } from '@/features/app/components/user/UserAvatar';
 
 interface SpaceInnerCollaboratorProps {
   spaceId: string;
-  role?: SpaceRole;
+  role?: IRole;
 }
 
 export const Collaborators: React.FC<SpaceInnerCollaboratorProps> = (props) => {
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Collaborators.tsx b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Collaborators.tsx
index e7877cbc9..5d04019ee 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Collaborators.tsx
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Collaborators.tsx
@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import { hasPermission } from '@teable/core';
 import { X } from '@teable/icons';
 import type { ListSpaceCollaboratorVo } from '@teable/openapi';
@@ -26,7 +26,7 @@ import { RoleSelect } from './RoleSelect';
 
 interface ICollaborators {
   spaceId: string;
-  role: SpaceRole;
+  role: IRole;
 }
 
 const filterCollaborators = (search: string, collaborators?: ListSpaceCollaboratorVo) => {
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Invite.tsx b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Invite.tsx
index ba45ddff9..877401ec6 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Invite.tsx
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/Invite.tsx
@@ -1,5 +1,6 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { SpaceRole, hasPermission } from '@teable/core';
+import type { IRole } from '@teable/core';
+import { Role, hasPermission } from '@teable/core';
 import { X } from '@teable/icons';
 import { createSpaceInvitationLink, emailSpaceInvitation } from '@teable/openapi';
 import { ReactQueryKeys, useSpaceRoleStatic } from '@teable/sdk';
@@ -14,7 +15,7 @@ import { getRolesWithLowerPermissions } from './utils';
 interface IInvite {
   className?: string;
   spaceId: string;
-  role: SpaceRole;
+  role: IRole;
 }
 
 export const Invite: React.FC<IInvite> = (props) => {
@@ -23,7 +24,7 @@ export const Invite: React.FC<IInvite> = (props) => {
   const { t } = useTranslation('common');
 
   const [inviteType, setInviteType] = useState<'link' | 'email'>('email');
-  const [inviteRole, setInviteRole] = useState<SpaceRole>(role);
+  const [inviteRole, setInviteRole] = useState<IRole>(role);
   const [email, setEmail] = useState<string>('');
   const [inviteEmails, setInviteEmails] = useState<string[]>([]);
 
@@ -54,12 +55,12 @@ export const Invite: React.FC<IInvite> = (props) => {
 
   const createInviteLink = async () => {
     await createInviteLinkRequest({ spaceId, createSpaceInvitationLinkRo: { role: inviteRole } });
-    setInviteRole(SpaceRole.Creator);
+    setInviteRole(Role.Creator);
   };
 
   const changeInviteType = (inviteType: 'link' | 'email') => {
     initEmail();
-    setInviteRole(SpaceRole.Creator);
+    setInviteRole(Role.Creator);
     setInviteType(inviteType);
   };
 
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/InviteLink.tsx b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/InviteLink.tsx
index 502fe5e2c..90de1d6de 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/InviteLink.tsx
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/InviteLink.tsx
@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import { Copy, X } from '@teable/icons';
 import {
   deleteSpaceInvitationLink,
@@ -24,7 +24,7 @@ import { getRolesWithLowerPermissions } from './utils';
 
 interface IInviteLink {
   spaceId: string;
-  role: SpaceRole;
+  role: IRole;
 }
 
 export const InviteLink: React.FC<IInviteLink> = (props) => {
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/RoleSelect.tsx b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/RoleSelect.tsx
index 4612a0459..305fc90d7 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/RoleSelect.tsx
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/RoleSelect.tsx
@@ -1,4 +1,4 @@
-import { SpaceRole } from '@teable/core';
+import { Role, type IRole } from '@teable/core';
 import { useSpaceRoleStatic } from '@teable/sdk/hooks';
 import {
   cn,
@@ -13,11 +13,11 @@ import { find } from 'lodash';
 import React, { useMemo } from 'react';
 interface IRoleSelect {
   className?: string;
-  value?: SpaceRole;
-  defaultValue?: SpaceRole;
+  value?: IRole;
+  defaultValue?: IRole;
   disabled?: boolean;
-  filterRoles?: SpaceRole[];
-  onChange?: (value: SpaceRole) => void;
+  filterRoles?: IRole[];
+  onChange?: (value: IRole) => void;
 }
 
 export const RoleSelect: React.FC<IRoleSelect> = (props) => {
@@ -37,7 +37,7 @@ export const RoleSelect: React.FC<IRoleSelect> = (props) => {
   return (
     <Select
       value={value || defaultValue}
-      onValueChange={(value) => onChange?.(value as SpaceRole)}
+      onValueChange={(value) => onChange?.(value as IRole)}
       disabled={disabled}
     >
       <SelectTrigger className={cn('h-8 w-32 bg-background', className)}>
@@ -46,7 +46,7 @@ export const RoleSelect: React.FC<IRoleSelect> = (props) => {
       <SelectContent className=" w-72">
         {filteredRoleList.map(({ role, name, description }) => (
           <div key={role}>
-            {role === SpaceRole.Owner && <Separator />}
+            {role === Role.Owner && <Separator />}
             <SelectItem value={role}>
               <span className="text-sm">{name}</span>
               <p className=" text-xs text-muted-foreground">{description}</p>
diff --git a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/utils.ts b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/utils.ts
index c99e3a5a3..8ab29cd18 100644
--- a/apps/nextjs-app/src/features/app/components/collaborator-manage/space/utils.ts
+++ b/apps/nextjs-app/src/features/app/components/collaborator-manage/space/utils.ts
@@ -1,8 +1,8 @@
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import type { ISpaceRoleStatic } from '@teable/sdk/hooks';
 
 export const getRolesWithLowerPermissions = (
-  role: SpaceRole,
+  role: IRole,
   spaceRoleStatic: ISpaceRoleStatic[],
   includeRole: boolean = true
 ) => {
@@ -16,7 +16,7 @@ export const getRolesWithLowerPermissions = (
 };
 
 export const getRolesWithHigherPermissions = (
-  role: SpaceRole,
+  role: IRole,
   spaceRoleStatic: ISpaceRoleStatic[],
   includeRole: boolean = true
 ) => {
diff --git a/apps/nextjs-app/src/features/app/components/oauth/OAuthScope.tsx b/apps/nextjs-app/src/features/app/components/oauth/OAuthScope.tsx
index 759d42211..0066412b4 100644
--- a/apps/nextjs-app/src/features/app/components/oauth/OAuthScope.tsx
+++ b/apps/nextjs-app/src/features/app/components/oauth/OAuthScope.tsx
@@ -1,4 +1,4 @@
-import type { AllActions } from '@teable/core';
+import type { Action } from '@teable/core';
 import { ActionPrefix } from '@teable/core';
 import { Hash, PackageCheck, Sheet, Square, Table2, User } from '@teable/icons';
 import { usePermissionActionsStatic } from '@teable/sdk/hooks';
@@ -32,7 +32,7 @@ export const OAuthScope = (props: {
             return acc;
           }
           const prefix = scope.split('|')[0] as ActionPrefix;
-          const scopeDesc = actionStaticMap[scope as AllActions].description;
+          const scopeDesc = actionStaticMap[scope as Action].description;
           if (acc[prefix]) {
             acc[prefix].push(scopeDesc);
           } else {
diff --git a/apps/nextjs-app/src/lib/space-role-checker.ts b/apps/nextjs-app/src/lib/space-role-checker.ts
index 516b4924c..e9673b6a0 100644
--- a/apps/nextjs-app/src/lib/space-role-checker.ts
+++ b/apps/nextjs-app/src/lib/space-role-checker.ts
@@ -1,5 +1,5 @@
 import type { QueryClient } from '@tanstack/react-query';
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import type { IGetSpaceVo } from '@teable/openapi';
 import { ReactQueryKeys } from '@teable/sdk/config';
 
@@ -10,7 +10,7 @@ export const spaceRoleChecker = ({
 }: {
   queryClient: QueryClient;
   spaceId: string;
-  roles: SpaceRole[];
+  roles: IRole[];
 }) => {
   const role = (queryClient.getQueryState(ReactQueryKeys.space(spaceId))?.data as IGetSpaceVo)
     ?.role;
diff --git a/apps/nextjs-app/src/pages/space/[spaceId]/setting/collaborator.tsx b/apps/nextjs-app/src/pages/space/[spaceId]/setting/collaborator.tsx
index a605d82c1..d9a5de271 100644
--- a/apps/nextjs-app/src/pages/space/[spaceId]/setting/collaborator.tsx
+++ b/apps/nextjs-app/src/pages/space/[spaceId]/setting/collaborator.tsx
@@ -1,5 +1,5 @@
 import { QueryClient, dehydrate } from '@tanstack/react-query';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import { ReactQueryKeys } from '@teable/sdk/config';
 import type { GetServerSideProps } from 'next';
 import type { ReactElement } from 'react';
@@ -25,7 +25,7 @@ export const getServerSideProps: GetServerSideProps = withAuthSSR(async (context
   spaceRoleChecker({
     queryClient,
     spaceId: spaceId as string,
-    roles: [SpaceRole.Owner],
+    roles: [Role.Owner],
   });
 
   return {
diff --git a/apps/nextjs-app/src/pages/space/[spaceId]/setting/general.tsx b/apps/nextjs-app/src/pages/space/[spaceId]/setting/general.tsx
index d134aaad0..771e45160 100644
--- a/apps/nextjs-app/src/pages/space/[spaceId]/setting/general.tsx
+++ b/apps/nextjs-app/src/pages/space/[spaceId]/setting/general.tsx
@@ -1,5 +1,5 @@
 import { QueryClient, dehydrate } from '@tanstack/react-query';
-import { SpaceRole } from '@teable/core';
+import { Role } from '@teable/core';
 import { ReactQueryKeys } from '@teable/sdk/config';
 import type { GetServerSideProps } from 'next';
 import type { ReactElement } from 'react';
@@ -25,7 +25,7 @@ export const getServerSideProps: GetServerSideProps = withAuthSSR(async (context
   spaceRoleChecker({
     queryClient,
     spaceId: spaceId as string,
-    roles: [SpaceRole.Owner],
+    roles: [Role.Owner],
   });
 
   return {
diff --git a/packages/core/src/auth/actions.ts b/packages/core/src/auth/actions.ts
index c6d8bf3bc..6dd2f2695 100644
--- a/packages/core/src/auth/actions.ts
+++ b/packages/core/src/auth/actions.ts
@@ -13,116 +13,110 @@ export enum ActionPrefix {
   TableRecordHistory = 'table_record_history',
 }
 
-const defaultActionsSchema = z.enum(['create', 'update', 'delete', 'read']);
-
-export const spaceActionsSchema = defaultActionsSchema.or(
-  z.enum(['invite_email', 'invite_link', 'grant_role'])
-);
-
-export type SpaceActions = `${ActionPrefix.Space}|${z.infer<typeof spaceActionsSchema>}`;
-
-export const baseActionsSchema = defaultActionsSchema.or(
-  z.enum([
-    'invite_email',
-    'invite_link',
-    'table_import',
-    'table_export',
-    'authority_matrix_config',
-    'db_connection',
-    'query_data',
-  ])
-);
-
-export type BaseActions = `${ActionPrefix.Base}|${z.infer<typeof baseActionsSchema>}`;
-
-export const tableActionsSchema = defaultActionsSchema.or(z.enum(['import', 'export']));
-
-export type TableActions = `${ActionPrefix.Table}|${z.infer<typeof tableActionsSchema>}`;
-
-export const viewActionsSchema = defaultActionsSchema;
-
-export type ViewActions = `${ActionPrefix.View}|${z.infer<typeof viewActionsSchema>}`;
-
-export const fieldActionsSchema = defaultActionsSchema;
-
-export type FieldActions = `${ActionPrefix.Field}|${z.infer<typeof fieldActionsSchema>}`;
-
-export const recordActionsSchema = defaultActionsSchema.or(z.enum(['comment']));
-
-export type RecordActions = `${ActionPrefix.Record}|${z.infer<typeof recordActionsSchema>}`;
-
-export const automationActionsSchema = defaultActionsSchema;
-
-export type AutomationActions =
-  `${ActionPrefix.Automation}|${z.infer<typeof automationActionsSchema>}`;
-
-export const userActionsSchema = z.enum(['email_read']);
-
-export type UserActions = `${ActionPrefix.User}|${z.infer<typeof userActionsSchema>}`;
-
-export const recordHistoryActionsSchema = z.enum(['read']);
-
-export type TableRecordHistoryActions =
-  `${ActionPrefix.TableRecordHistory}|${z.infer<typeof recordHistoryActionsSchema>}`;
-
-export type AllActions =
-  | SpaceActions
-  | BaseActions
-  | TableActions
-  | ViewActions
-  | FieldActions
-  | RecordActions
-  | AutomationActions
-  | UserActions
-  | TableRecordHistoryActions;
+export const spaceActions = [
+  'space|create',
+  'space|delete',
+  'space|read',
+  'space|update',
+  'space|invite_email',
+  'space|invite_link',
+  'space|grant_role',
+] as const;
+export const spaceActionSchema = z.enum(spaceActions);
+export type SpaceAction = z.infer<typeof spaceActionSchema>;
+
+export const baseActions = [
+  'base|create',
+  'base|delete',
+  'base|read',
+  'base|update',
+  'base|invite_email',
+  'base|invite_link',
+  'base|table_import',
+  'base|table_export',
+  'base|authority_matrix_config',
+  'base|db_connection',
+  'base|query_data',
+] as const;
+export const baseActionSchema = z.enum(baseActions);
+export type BaseAction = z.infer<typeof baseActionSchema>;
+
+export const tableActions = [
+  'table|create',
+  'table|delete',
+  'table|read',
+  'table|update',
+  'table|import',
+  'table|export',
+] as const;
+export const tableActionSchema = z.enum(tableActions);
+export type TableAction = z.infer<typeof tableActionSchema>;
+
+export const viewActions = ['view|create', 'view|delete', 'view|read', 'view|update'] as const;
+export const viewActionSchema = z.enum(viewActions);
+export type ViewAction = z.infer<typeof viewActionSchema>;
+
+export const fieldActions = ['field|create', 'field|delete', 'field|read', 'field|update'] as const;
+export const fieldActionSchema = z.enum(fieldActions);
+export type FieldAction = z.infer<typeof fieldActionSchema>;
+
+export const recordActions = [
+  'record|create',
+  'record|delete',
+  'record|read',
+  'record|update',
+  'record|comment',
+] as const;
+export const recordActionSchema = z.enum(recordActions);
+export type RecordAction = z.infer<typeof recordActionSchema>;
+
+export const automationActions = [
+  'automation|create',
+  'automation|delete',
+  'automation|read',
+  'automation|update',
+] as const;
+export const automationActionSchema = z.enum(automationActions);
+export type AutomationAction = z.infer<typeof automationActionSchema>;
+
+export const userActions = ['user|email_read'] as const;
+export const userActionSchema = z.enum(userActions);
+export type UserAction = z.infer<typeof userActionSchema>;
+
+export const tableRecordHistoryActions = ['table_record_history|read'] as const;
+export const tableRecordHistoryActionSchema = z.enum(tableRecordHistoryActions);
+export type TableRecordHistoryAction = z.infer<typeof tableRecordHistoryActionSchema>;
+
+export type Action =
+  | SpaceAction
+  | BaseAction
+  | TableAction
+  | ViewAction
+  | FieldAction
+  | RecordAction
+  | AutomationAction
+  | UserAction
+  | TableRecordHistoryAction;
 
 export type ActionPrefixMap = {
-  [ActionPrefix.Space]: SpaceActions[];
-  [ActionPrefix.Base]: BaseActions[];
-  [ActionPrefix.Table]: TableActions[];
-  [ActionPrefix.View]: ViewActions[];
-  [ActionPrefix.Field]: FieldActions[];
-  [ActionPrefix.Record]: RecordActions[];
-  [ActionPrefix.Automation]: AutomationActions[];
-  [ActionPrefix.User]: UserActions[];
-  [ActionPrefix.TableRecordHistory]: TableRecordHistoryActions[];
+  [ActionPrefix.Space]: SpaceAction[];
+  [ActionPrefix.Base]: BaseAction[];
+  [ActionPrefix.Table]: TableAction[];
+  [ActionPrefix.View]: ViewAction[];
+  [ActionPrefix.Field]: FieldAction[];
+  [ActionPrefix.Record]: RecordAction[];
+  [ActionPrefix.Automation]: AutomationAction[];
+  [ActionPrefix.User]: UserAction[];
+  [ActionPrefix.TableRecordHistory]: TableRecordHistoryAction[];
 };
-
 export const actionPrefixMap: ActionPrefixMap = {
-  [ActionPrefix.Space]: ['space|create', 'space|delete', 'space|read', 'space|update'],
-  [ActionPrefix.Base]: [
-    'base|create',
-    'base|delete',
-    'base|read',
-    'base|update',
-    'base|table_import',
-    'base|table_export',
-    'base|db_connection',
-    'base|authority_matrix_config',
-  ],
-  [ActionPrefix.Table]: [
-    'table|create',
-    'table|delete',
-    'table|read',
-    'table|update',
-    'table|import',
-    'table|export',
-  ],
-  [ActionPrefix.View]: ['view|create', 'view|delete', 'view|read', 'view|update'],
-  [ActionPrefix.Field]: ['field|create', 'field|delete', 'field|read', 'field|update'],
-  [ActionPrefix.Record]: [
-    'record|create',
-    'record|delete',
-    'record|read',
-    'record|update',
-    'record|comment',
-  ],
-  [ActionPrefix.Automation]: [
-    'automation|create',
-    'automation|delete',
-    'automation|read',
-    'automation|update',
-  ],
-  [ActionPrefix.TableRecordHistory]: ['table_record_history|read'],
-  [ActionPrefix.User]: ['user|email_read'],
+  [ActionPrefix.Space]: [...spaceActions],
+  [ActionPrefix.Base]: [...baseActions],
+  [ActionPrefix.Table]: [...tableActions],
+  [ActionPrefix.View]: [...viewActions],
+  [ActionPrefix.Field]: [...fieldActions],
+  [ActionPrefix.Record]: [...recordActions],
+  [ActionPrefix.Automation]: [...automationActions],
+  [ActionPrefix.TableRecordHistory]: [...tableRecordHistoryActions],
+  [ActionPrefix.User]: [...userActions],
 };
diff --git a/packages/core/src/auth/oauth.ts b/packages/core/src/auth/oauth.ts
index d7a79c198..891673ad7 100644
--- a/packages/core/src/auth/oauth.ts
+++ b/packages/core/src/auth/oauth.ts
@@ -1,19 +1,19 @@
 import type {
-  AutomationActions,
-  FieldActions,
-  RecordActions,
-  TableActions,
-  UserActions,
-  ViewActions,
+  AutomationAction,
+  FieldAction,
+  RecordAction,
+  TableAction,
+  UserAction,
+  ViewAction,
 } from './actions';
 
 export const OAUTH_ACTIONS: (
-  | TableActions
-  | ViewActions
-  | FieldActions
-  | RecordActions
-  | UserActions
-  | AutomationActions
+  | TableAction
+  | ViewAction
+  | FieldAction
+  | RecordAction
+  | UserAction
+  | AutomationAction
 )[] = [
   'table|create',
   'table|delete',
diff --git a/packages/core/src/auth/permission.ts b/packages/core/src/auth/permission.ts
index e6138e052..cb41ba41d 100644
--- a/packages/core/src/auth/permission.ts
+++ b/packages/core/src/auth/permission.ts
@@ -3,53 +3,27 @@
  * TODO: need to distinguish between the resources that this role targets, such as spaceRole or baseRole
  */
 import { keys } from 'lodash';
-import type { AllActions } from './actions';
-import type { BaseRole, TableRole } from './role';
-import {
-  SpaceRole,
-  basePermissions,
-  shareViewPermissions,
-  spacePermissions,
-  tablePermissions,
-} from './role';
-import { RoleType } from './types';
+import type { Action } from './actions';
+import { Role, RolePermission } from './role';
+import type { IRole } from './role/types';
 
-export type PermissionAction = AllActions;
-
-export type PermissionMap = Record<PermissionAction, boolean>;
-
-export const checkPermissions = (role: SpaceRole, actions: PermissionAction[]) => {
-  return actions.every((action) => Boolean(spacePermissions[role][action]));
+export const checkPermissions = (role: IRole, actions: Action[]) => {
+  return actions.every((action) => Boolean(RolePermission[role][action]));
 };
 
-export const getPermissions = (type: RoleType, role?: SpaceRole | BaseRole | TableRole) => {
-  const permissionMap = getPermissionMap(type, role);
-  return (keys(permissionMap) as PermissionAction[]).filter((key) => permissionMap[key]);
+export const getPermissions = (role: IRole) => {
+  const permissionMap = getPermissionMap(role);
+  return (keys(permissionMap) as Action[]).filter((key) => permissionMap[key]);
 };
 
-export const getPermissionMap = (
-  type: RoleType,
-  role?: SpaceRole | BaseRole | TableRole
-): PermissionMap => {
-  switch (type) {
-    case RoleType.Space:
-      return spacePermissions[role as SpaceRole] as PermissionMap;
-    case RoleType.Base: {
-      return basePermissions[role as BaseRole] as PermissionMap;
-    }
-    case RoleType.Table:
-      return tablePermissions[role as TableRole] as PermissionMap;
-    case RoleType.Share:
-      return shareViewPermissions as PermissionMap;
-    default:
-      return {} as PermissionMap;
-  }
+export const getPermissionMap = (role: IRole) => {
+  return RolePermission[role];
 };
 
-export const hasPermission = (role: SpaceRole, action: PermissionAction) => {
+export const hasPermission = (role: IRole, action: Action) => {
   return checkPermissions(role, [action]);
 };
 
-export const isUnrestrictedRole = (role: string) => {
-  return [SpaceRole.Owner].includes(role as SpaceRole);
+export const isUnrestrictedRole = (role: IRole) => {
+  return role === Role.Owner;
 };
diff --git a/packages/core/src/auth/role/base.role.ts b/packages/core/src/auth/role/base.role.ts
deleted file mode 100644
index fd06a7272..000000000
--- a/packages/core/src/auth/role/base.role.ts
+++ /dev/null
@@ -1,213 +0,0 @@
-/* eslint-disable @typescript-eslint/naming-convention */
-import { z } from '../../zod';
-import type { AllActions, SpaceActions } from '../actions';
-import { SpaceRole } from './space.role';
-
-export enum BaseRole {
-  Creator = SpaceRole.Creator,
-  Editor = SpaceRole.Editor,
-  Commenter = SpaceRole.Commenter,
-  Viewer = SpaceRole.Viewer,
-}
-
-export const baseRolesSchema = z.nativeEnum(BaseRole);
-
-type ExcludeSpaceActions<T> = T extends SpaceActions ? never : T;
-
-export type BasePermission = ExcludeSpaceActions<AllActions>;
-
-export const basePermissions: Record<
-  BaseRole | SpaceRole.Owner,
-  Record<BasePermission, boolean>
-> = {
-  [SpaceRole.Owner]: {
-    'base|create': false,
-    'base|delete': true,
-    'base|read': true,
-    'base|update': true,
-    'base|invite_email': true,
-    'base|invite_link': true,
-    'base|table_import': true,
-    'base|table_export': true,
-    'base|authority_matrix_config': true,
-    'base|db_connection': true,
-    'base|query_data': true,
-    'table|create': true,
-    'table|delete': true,
-    'table|read': true,
-    'table|update': true,
-    'table|import': true,
-    'table|export': true,
-    'table_record_history|read': true,
-    'view|create': true,
-    'view|delete': true,
-    'view|read': true,
-    'view|update': true,
-    'field|create': true,
-    'field|delete': true,
-    'field|read': true,
-    'field|update': true,
-    'record|create': true,
-    'record|comment': true,
-    'record|delete': true,
-    'record|read': true,
-    'record|update': true,
-    'automation|create': true,
-    'automation|delete': true,
-    'automation|read': true,
-    'automation|update': true,
-    'user|email_read': true,
-  },
-  [BaseRole.Creator]: {
-    'base|create': false,
-    'base|delete': false,
-    'base|read': true,
-    'base|update': false,
-    'base|invite_email': true,
-    'base|invite_link': true,
-    'base|table_import': true,
-    'base|table_export': true,
-    'base|authority_matrix_config': true,
-    'base|db_connection': false,
-    'base|query_data': false,
-    'table|create': true,
-    'table|delete': true,
-    'table|read': true,
-    'table|update': true,
-    'table|import': true,
-    'table|export': true,
-    'table_record_history|read': true,
-    'view|create': true,
-    'view|delete': true,
-    'view|read': true,
-    'view|update': true,
-    'field|create': true,
-    'field|delete': true,
-    'field|read': true,
-    'field|update': true,
-    'record|create': true,
-    'record|comment': true,
-    'record|delete': true,
-    'record|read': true,
-    'record|update': true,
-    'automation|create': true,
-    'automation|delete': true,
-    'automation|read': true,
-    'automation|update': true,
-    'user|email_read': true,
-  },
-  [BaseRole.Editor]: {
-    'base|create': false,
-    'base|delete': false,
-    'base|read': true,
-    'base|update': false,
-    'base|invite_email': true,
-    'base|invite_link': true,
-    'base|table_import': true,
-    'base|table_export': true,
-    'base|authority_matrix_config': false,
-    'base|db_connection': false,
-    'base|query_data': false,
-    'table|create': false,
-    'table|read': true,
-    'table|delete': false,
-    'table|update': false,
-    'table|import': false,
-    'table|export': true,
-    'table_record_history|read': true,
-    'view|create': true,
-    'view|delete': true,
-    'view|read': true,
-    'view|update': true,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': true,
-    'field|update': false,
-    'record|create': true,
-    'record|comment': true,
-    'record|delete': true,
-    'record|read': true,
-    'record|update': true,
-    'automation|create': false,
-    'automation|delete': false,
-    'automation|read': true,
-    'automation|update': false,
-    'user|email_read': true,
-  },
-  [BaseRole.Commenter]: {
-    'base|create': false,
-    'base|delete': false,
-    'base|read': true,
-    'base|update': false,
-    'base|invite_email': true,
-    'base|invite_link': true,
-    'base|table_import': false,
-    'base|table_export': true,
-    'base|authority_matrix_config': false,
-    'base|db_connection': false,
-    'base|query_data': false,
-    'table|create': false,
-    'table|delete': false,
-    'table|read': true,
-    'table|update': false,
-    'table|import': false,
-    'table|export': true,
-    'table_record_history|read': false,
-    'view|create': false,
-    'view|delete': false,
-    'view|read': true,
-    'view|update': false,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': true,
-    'field|update': false,
-    'record|create': false,
-    'record|comment': true,
-    'record|delete': false,
-    'record|read': true,
-    'record|update': false,
-    'automation|create': false,
-    'automation|delete': false,
-    'automation|read': true,
-    'automation|update': false,
-    'user|email_read': true,
-  },
-  [BaseRole.Viewer]: {
-    'base|create': false,
-    'base|delete': false,
-    'base|read': true,
-    'base|update': false,
-    'base|invite_email': true,
-    'base|invite_link': true,
-    'base|table_import': false,
-    'base|table_export': false,
-    'base|authority_matrix_config': false,
-    'base|db_connection': false,
-    'base|query_data': false,
-    'table|create': false,
-    'table|delete': false,
-    'table|read': true,
-    'table|update': false,
-    'table|import': false,
-    'table|export': false,
-    'table_record_history|read': false,
-    'view|create': false,
-    'view|delete': false,
-    'view|read': true,
-    'view|update': false,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': true,
-    'field|update': false,
-    'record|create': false,
-    'record|comment': false,
-    'record|delete': false,
-    'record|read': true,
-    'record|update': false,
-    'automation|create': false,
-    'automation|delete': false,
-    'automation|read': true,
-    'automation|update': false,
-    'user|email_read': true,
-  },
-};
diff --git a/packages/core/src/auth/role/base.ts b/packages/core/src/auth/role/base.ts
new file mode 100644
index 000000000..a89ac44f9
--- /dev/null
+++ b/packages/core/src/auth/role/base.ts
@@ -0,0 +1,26 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+import { omit } from 'lodash';
+import { z } from '../../zod';
+import type { Action, SpaceAction } from '../actions';
+import { RolePermission } from './constant';
+import type { IRole } from './types';
+import { Role } from './types';
+
+export const BaseRole = {
+  Creator: Role.Creator,
+  Editor: Role.Editor,
+  Commenter: Role.Commenter,
+  Viewer: Role.Viewer,
+} as const;
+
+export const baseRolesSchema = z.nativeEnum(BaseRole);
+
+export type IBaseRole = z.infer<typeof baseRolesSchema>;
+
+type ExcludeSpaceAction<T> = T extends SpaceAction ? never : T;
+
+export type BasePermission = ExcludeSpaceAction<Action>;
+
+export const getBasePermission = (role: IRole): Record<BasePermission, boolean> => {
+  return omit(RolePermission[role], ['space|create', 'space|delete', 'space|read']);
+};
diff --git a/packages/core/src/auth/role/space.role.ts b/packages/core/src/auth/role/constant.ts
similarity index 92%
rename from packages/core/src/auth/role/space.role.ts
rename to packages/core/src/auth/role/constant.ts
index ddbe0ea8a..01930cdb1 100644
--- a/packages/core/src/auth/role/space.role.ts
+++ b/packages/core/src/auth/role/constant.ts
@@ -1,21 +1,9 @@
 /* eslint-disable @typescript-eslint/naming-convention */
-import { z } from '../../zod';
-import type { AllActions } from '../actions';
+import type { Action } from '../actions';
+import { Role, type IRole } from './types';
 
-export enum SpaceRole {
-  Owner = 'owner',
-  Creator = 'creator',
-  Editor = 'editor',
-  Commenter = 'commenter',
-  Viewer = 'viewer',
-}
-
-export const spaceRolesSchema = z.nativeEnum(SpaceRole);
-
-export type SpacePermission = AllActions;
-
-export const spacePermissions: Record<SpaceRole, Record<SpacePermission, boolean>> = {
-  owner: {
+export const RolePermission: Record<IRole, Record<Action, boolean>> = {
+  [Role.Owner]: {
     'space|create': true,
     'space|delete': true,
     'space|read': true,
@@ -60,7 +48,7 @@ export const spacePermissions: Record<SpaceRole, Record<SpacePermission, boolean
     'automation|update': true,
     'user|email_read': true,
   },
-  creator: {
+  [Role.Creator]: {
     'space|create': false,
     'space|delete': false,
     'space|update': false,
@@ -105,7 +93,7 @@ export const spacePermissions: Record<SpaceRole, Record<SpacePermission, boolean
     'automation|update': true,
     'user|email_read': true,
   },
-  editor: {
+  [Role.Editor]: {
     'space|create': false,
     'space|delete': false,
     'space|update': false,
@@ -150,7 +138,7 @@ export const spacePermissions: Record<SpaceRole, Record<SpacePermission, boolean
     'automation|update': false,
     'user|email_read': true,
   },
-  commenter: {
+  [Role.Commenter]: {
     'space|create': false,
     'space|delete': false,
     'space|update': false,
@@ -195,7 +183,7 @@ export const spacePermissions: Record<SpaceRole, Record<SpacePermission, boolean
     'automation|update': false,
     'user|email_read': true,
   },
-  viewer: {
+  [Role.Viewer]: {
     'space|create': false,
     'space|delete': false,
     'space|update': false,
diff --git a/packages/core/src/auth/role/index.ts b/packages/core/src/auth/role/index.ts
index 33f446861..e19ec034a 100644
--- a/packages/core/src/auth/role/index.ts
+++ b/packages/core/src/auth/role/index.ts
@@ -1,4 +1,6 @@
-export * from './space.role';
-export * from './base.role';
-export * from './share.role';
-export * from './table.role';
+export * from './space';
+export * from './base';
+export * from './share';
+export * from './types';
+export * from './table';
+export * from './constant';
diff --git a/packages/core/src/auth/role/share.role.ts b/packages/core/src/auth/role/share.ts
similarity index 62%
rename from packages/core/src/auth/role/share.role.ts
rename to packages/core/src/auth/role/share.ts
index e30d33a14..c622c7b23 100644
--- a/packages/core/src/auth/role/share.role.ts
+++ b/packages/core/src/auth/role/share.ts
@@ -1,9 +1,9 @@
 /* eslint-disable @typescript-eslint/naming-convention */
-import type { FieldActions, RecordActions, ViewActions } from '../actions';
+import type { FieldAction, RecordAction, ViewAction } from '../actions';
 
-export type ShareViewPermission = ViewActions | FieldActions | RecordActions;
+export type ShareViewAction = ViewAction | FieldAction | RecordAction;
 
-export const shareViewPermissions: Record<ShareViewPermission, boolean> = {
+export const shareViewPermissions: Record<ShareViewAction, boolean> = {
   'view|create': false,
   'view|delete': false,
   'view|read': true,
diff --git a/packages/core/src/auth/role/space.ts b/packages/core/src/auth/role/space.ts
new file mode 100644
index 000000000..01e7c0eed
--- /dev/null
+++ b/packages/core/src/auth/role/space.ts
@@ -0,0 +1,3 @@
+import type { Action } from '../actions';
+
+export type ISpaceAction = Action;
diff --git a/packages/core/src/auth/role/table.role.ts b/packages/core/src/auth/role/table.role.ts
deleted file mode 100644
index 2825104cf..000000000
--- a/packages/core/src/auth/role/table.role.ts
+++ /dev/null
@@ -1,81 +0,0 @@
-/* eslint-disable @typescript-eslint/naming-convention */
-import { keys, pickBy } from 'lodash';
-import type { FieldActions, RecordActions, ViewActions } from '../actions';
-
-export enum TableRole {
-  Manager = 'manager',
-  Editor = 'editor',
-  Viewer = 'viewer',
-  None = 'none',
-}
-
-export type TablePermission = ViewActions | FieldActions | RecordActions;
-
-export const tablePermissions: Record<TableRole, Record<TablePermission, boolean>> = {
-  [TableRole.Manager]: {
-    'view|create': true,
-    'view|delete': true,
-    'view|read': true,
-    'view|update': true,
-    'field|create': true,
-    'field|delete': true,
-    'field|read': true,
-    'field|update': true,
-    'record|create': true,
-    'record|comment': true,
-    'record|delete': true,
-    'record|read': true,
-    'record|update': true,
-  },
-  [TableRole.Editor]: {
-    'view|create': true,
-    'view|delete': true,
-    'view|read': true,
-    'view|update': true,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': true,
-    'field|update': false,
-    'record|create': true,
-    'record|comment': true,
-    'record|delete': true,
-    'record|read': true,
-    'record|update': true,
-  },
-  [TableRole.Viewer]: {
-    'view|create': false,
-    'view|delete': false,
-    'view|read': true,
-    'view|update': false,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': true,
-    'field|update': false,
-    'record|create': false,
-    'record|comment': true,
-    'record|delete': false,
-    'record|read': true,
-    'record|update': false,
-  },
-  [TableRole.None]: {
-    'view|create': false,
-    'view|delete': false,
-    'view|read': false,
-    'view|update': false,
-    'field|create': false,
-    'field|delete': false,
-    'field|read': false,
-    'field|update': false,
-    'record|create': false,
-    'record|comment': false,
-    'record|delete': false,
-    'record|read': false,
-    'record|update': false,
-  },
-};
-
-export const TablePermissionActions = keys(tablePermissions.manager) as TablePermission[];
-
-export const DefaultEnableActions = keys(
-  pickBy(tablePermissions.editor, (value) => value === true)
-) as TablePermission[];
diff --git a/packages/core/src/auth/role/table.ts b/packages/core/src/auth/role/table.ts
new file mode 100644
index 000000000..9fdd2adc8
--- /dev/null
+++ b/packages/core/src/auth/role/table.ts
@@ -0,0 +1,35 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+import { keys, pickBy } from 'lodash';
+import { z } from '../../zod';
+import {
+  fieldActions,
+  recordActions,
+  viewActions,
+  type FieldAction,
+  type RecordAction,
+  type ViewAction,
+} from '../actions';
+import { RolePermission } from './constant';
+import { Role } from './types';
+
+export const TableRole = {
+  Creator: Role.Creator,
+  Editor: Role.Editor,
+  Viewer: Role.Viewer,
+} as const;
+
+export const tableRolesSchema = z.nativeEnum(TableRole);
+
+export type ITableRole = z.infer<typeof tableRolesSchema>;
+
+export type TablePermission = ViewAction | FieldAction | RecordAction;
+
+export const TablePermissionActions: TablePermission[] = [
+  ...viewActions,
+  ...fieldActions,
+  ...recordActions,
+];
+
+export const DefaultEnableActions = keys(
+  pickBy(RolePermission[Role.Editor], (value) => value === true)
+).filter((action) => TablePermissionActions.some((item) => item === action)) as TablePermission[];
diff --git a/packages/core/src/auth/role/types.ts b/packages/core/src/auth/role/types.ts
new file mode 100644
index 000000000..1e6924695
--- /dev/null
+++ b/packages/core/src/auth/role/types.ts
@@ -0,0 +1,14 @@
+import { z } from '../../zod';
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const Role = {
+  Owner: 'owner',
+  Creator: 'creator',
+  Editor: 'editor',
+  Commenter: 'commenter',
+  Viewer: 'viewer',
+} as const;
+
+export const roleSchema = z.nativeEnum(Role);
+
+export type IRole = z.infer<typeof roleSchema>;
diff --git a/packages/core/src/auth/types.ts b/packages/core/src/auth/types.ts
index 28ce5d637..40d780643 100644
--- a/packages/core/src/auth/types.ts
+++ b/packages/core/src/auth/types.ts
@@ -1,9 +1,2 @@
-export enum RoleType {
-  Base = 'base',
-  Space = 'space',
-  Table = 'table',
-  Share = 'share',
-}
-
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export type ExcludeAction<T extends string, F extends string> = T extends F ? never : T;
diff --git a/packages/openapi/src/base/get-permission.ts b/packages/openapi/src/base/get-permission.ts
index 4e736dc53..ceff0cf2e 100644
--- a/packages/openapi/src/base/get-permission.ts
+++ b/packages/openapi/src/base/get-permission.ts
@@ -1,8 +1,8 @@
 import type {
-  BaseActions,
-  TableActions,
-  AutomationActions,
-  TableRecordHistoryActions,
+  BaseAction,
+  TableAction,
+  AutomationAction,
+  TableRecordHistoryAction,
 } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
@@ -11,7 +11,7 @@ import { z } from '../zod';
 export const GET_BASE_PERMISSION = '/base/{baseId}/permission';
 
 export const GetBasePermissionVoSchema = z.record(
-  z.custom<TableActions | BaseActions | AutomationActions | TableRecordHistoryActions>(),
+  z.custom<TableAction | BaseAction | AutomationAction | TableRecordHistoryAction>(),
   z.boolean()
 );
 
diff --git a/packages/openapi/src/base/get.ts b/packages/openapi/src/base/get.ts
index 3ac972ef1..663dc7957 100644
--- a/packages/openapi/src/base/get.ts
+++ b/packages/openapi/src/base/get.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -11,7 +11,7 @@ export const getBaseItemSchema = z.object({
   name: z.string(),
   spaceId: z.string(),
   icon: z.string().nullable(),
-  role: spaceRolesSchema,
+  role: roleSchema,
   isUnrestricted: z.boolean().optional(),
 });
 
diff --git a/packages/openapi/src/space/collaborator-get-list.ts b/packages/openapi/src/space/collaborator-get-list.ts
index 4adc8ddf9..e6d74b466 100644
--- a/packages/openapi/src/space/collaborator-get-list.ts
+++ b/packages/openapi/src/space/collaborator-get-list.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -10,7 +10,7 @@ export const itemSpaceCollaboratorSchema = z.object({
   userId: z.string(),
   userName: z.string(),
   email: z.string(),
-  role: spaceRolesSchema,
+  role: roleSchema,
   avatar: z.string().nullable(),
   createdTime: z.string(),
 });
diff --git a/packages/openapi/src/space/collaborator-update.ts b/packages/openapi/src/space/collaborator-update.ts
index fdd6ba54d..d14fa497e 100644
--- a/packages/openapi/src/space/collaborator-update.ts
+++ b/packages/openapi/src/space/collaborator-update.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -8,7 +8,7 @@ export const UPDATE_SPACE_COLLABORATE = '/space/{spaceId}/collaborators';
 
 export const updateSpaceCollaborateRoSchema = z.object({
   userId: z.string(),
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type UpdateSpaceCollaborateRo = z.infer<typeof updateSpaceCollaborateRoSchema>;
diff --git a/packages/openapi/src/space/get.ts b/packages/openapi/src/space/get.ts
index 1e92fab8f..f35c75b63 100644
--- a/packages/openapi/src/space/get.ts
+++ b/packages/openapi/src/space/get.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -9,7 +9,7 @@ export const GET_SPACE = '/space/{spaceId}';
 export const getSpaceVoSchema = z.object({
   id: z.string(),
   name: z.string(),
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type IGetSpaceVo = z.infer<typeof getSpaceVoSchema>;
diff --git a/packages/openapi/src/space/invitation-create-link.ts b/packages/openapi/src/space/invitation-create-link.ts
index 6f12a64dd..30cf0e7b8 100644
--- a/packages/openapi/src/space/invitation-create-link.ts
+++ b/packages/openapi/src/space/invitation-create-link.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -8,7 +8,7 @@ import { itemSpaceInvitationLinkVoSchema } from './invitation-get-link-list';
 export const CREATE_SPACE_INVITATION_LINK = '/space/{spaceId}/invitation/link';
 
 export const createSpaceInvitationLinkRoSchema = z.object({
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type CreateSpaceInvitationLinkRo = z.infer<typeof createSpaceInvitationLinkRoSchema>;
diff --git a/packages/openapi/src/space/invitation-email.ts b/packages/openapi/src/space/invitation-email.ts
index 58204b67e..3fd30b02a 100644
--- a/packages/openapi/src/space/invitation-email.ts
+++ b/packages/openapi/src/space/invitation-email.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -8,7 +8,7 @@ export const EMAIL_SPACE_INVITATION = '/space/{spaceId}/invitation/email';
 
 export const emailSpaceInvitationRoSchema = z.object({
   emails: z.array(z.string().email()).min(1),
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type EmailSpaceInvitationRo = z.infer<typeof emailSpaceInvitationRoSchema>;
diff --git a/packages/openapi/src/space/invitation-get-link-list.ts b/packages/openapi/src/space/invitation-get-link-list.ts
index 49b8ce703..4e07036a2 100644
--- a/packages/openapi/src/space/invitation-get-link-list.ts
+++ b/packages/openapi/src/space/invitation-get-link-list.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -8,7 +8,7 @@ export const LIST_SPACE_INVITATION_LINK = '/space/{spaceId}/invitation/link';
 
 export const itemSpaceInvitationLinkVoSchema = z.object({
   invitationId: z.string(),
-  role: spaceRolesSchema,
+  role: roleSchema,
   inviteUrl: z.string(),
   invitationCode: z.string(),
   createdBy: z.string(),
diff --git a/packages/openapi/src/space/invitation-update-link.ts b/packages/openapi/src/space/invitation-update-link.ts
index cfd4e6909..1e3aea460 100644
--- a/packages/openapi/src/space/invitation-update-link.ts
+++ b/packages/openapi/src/space/invitation-update-link.ts
@@ -1,5 +1,5 @@
 import type { RouteConfig } from '@asteasolutions/zod-to-openapi';
-import { spaceRolesSchema } from '@teable/core';
+import { roleSchema } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
 import { z } from '../zod';
@@ -7,14 +7,14 @@ import { z } from '../zod';
 export const UPDATE_SPACE_INVITATION_LINK = '/space/{spaceId}/invitation/link/{invitationId}';
 
 export const updateSpaceInvitationLinkRoSchema = z.object({
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type UpdateSpaceInvitationLinkRo = z.infer<typeof updateSpaceInvitationLinkRoSchema>;
 
 export const updateSpaceInvitationLinkVoSchema = z.object({
   invitationId: z.string(),
-  role: spaceRolesSchema,
+  role: roleSchema,
 });
 
 export type UpdateSpaceInvitationLinkVo = z.infer<typeof updateSpaceInvitationLinkVoSchema>;
diff --git a/packages/openapi/src/table/get-permission.ts b/packages/openapi/src/table/get-permission.ts
index 8c4ccf85c..291d56b0a 100644
--- a/packages/openapi/src/table/get-permission.ts
+++ b/packages/openapi/src/table/get-permission.ts
@@ -1,10 +1,10 @@
 import { ActionPrefix, actionPrefixMap } from '@teable/core';
 import type {
   ExcludeAction,
-  FieldActions,
-  RecordActions,
-  TableActions,
-  ViewActions,
+  FieldAction,
+  RecordAction,
+  TableAction,
+  ViewAction,
 } from '@teable/core';
 import { axios } from '../axios';
 import { registerRoute, urlBuilder } from '../utils';
@@ -12,18 +12,18 @@ import { z } from '../zod';
 
 export const GET_TABLE_PERMISSION = '/base/{baseId}/table/{tableId}/permission';
 
-export type TablePermissionFieldActions = ExcludeAction<FieldActions, 'field|create'>;
+export type TablePermissionFieldAction = ExcludeAction<FieldAction, 'field|create'>;
 
-export const FieldActionsExcludeCreate = actionPrefixMap[ActionPrefix.Field].filter(
+export const FieldActionExcludeCreate = actionPrefixMap[ActionPrefix.Field].filter(
   (action) => action !== 'field|create'
-) as TablePermissionFieldActions[];
+) as TablePermissionFieldAction[];
 
 export const tablePermissionVoSchema = z.object({
-  table: z.record(z.custom<TableActions>(), z.boolean()),
-  view: z.record(z.custom<ViewActions>(), z.boolean()),
-  record: z.record(z.custom<RecordActions>(), z.boolean()),
+  table: z.record(z.custom<TableAction>(), z.boolean()),
+  view: z.record(z.custom<ViewAction>(), z.boolean()),
+  record: z.record(z.custom<RecordAction>(), z.boolean()),
   field: z.object({
-    fields: z.record(z.string(), z.record(z.custom<TablePermissionFieldActions>(), z.boolean())),
+    fields: z.record(z.string(), z.record(z.custom<TablePermissionFieldAction>(), z.boolean())),
     create: z.boolean(),
   }),
 });
diff --git a/packages/sdk/src/hooks/use-permission-actions-static.ts b/packages/sdk/src/hooks/use-permission-actions-static.ts
index cb3682672..149c0e864 100644
--- a/packages/sdk/src/hooks/use-permission-actions-static.ts
+++ b/packages/sdk/src/hooks/use-permission-actions-static.ts
@@ -1,12 +1,12 @@
 /* eslint-disable @typescript-eslint/naming-convention */
-import type { AllActions } from '@teable/core';
+import type { Action } from '@teable/core';
 import { ActionPrefix } from '@teable/core';
 import { useMemo } from 'react';
 import { useTranslation } from '../context/app/i18n';
 import type { TKey } from '../context/app/i18n';
 
 const actionsI18nMap: Record<
-  AllActions,
+  Action,
   {
     description: TKey;
   }
@@ -177,13 +177,13 @@ export const usePermissionActionsStatic = () => {
   return useMemo(() => {
     const actionStaticMap = Object.keys(actionsI18nMap).reduce(
       (acc, key) => {
-        const action = key as AllActions;
+        const action = key as Action;
         acc[action] = {
           description: t(actionsI18nMap[action].description),
         };
         return acc;
       },
-      {} as Record<AllActions, { description: string }>
+      {} as Record<Action, { description: string }>
     );
     const actionPrefixStaticMap = Object.values(ActionPrefix).reduce(
       (acc, prefix) => {
diff --git a/packages/sdk/src/hooks/use-space-role-static.ts b/packages/sdk/src/hooks/use-space-role-static.ts
index 39fcfa989..68969f574 100644
--- a/packages/sdk/src/hooks/use-space-role-static.ts
+++ b/packages/sdk/src/hooks/use-space-role-static.ts
@@ -1,9 +1,10 @@
-import { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
+import { Role } from '@teable/core';
 import { useMemo } from 'react';
 import { useTranslation } from '../context/app/i18n';
 
 export interface ISpaceRoleStatic {
-  role: SpaceRole;
+  role: IRole;
   name: string;
   description: string;
   level: number;
@@ -14,31 +15,31 @@ export const useSpaceRoleStatic = (): ISpaceRoleStatic[] => {
   return useMemo(() => {
     return [
       {
-        role: SpaceRole.Creator,
+        role: Role.Creator,
         name: t('spaceRole.role.creator'),
         description: t('spaceRole.description.creator'),
         level: 1,
       },
       {
-        role: SpaceRole.Editor,
+        role: Role.Editor,
         name: t('spaceRole.role.editor'),
         description: t('spaceRole.description.editor'),
         level: 2,
       },
       {
-        role: SpaceRole.Commenter,
+        role: Role.Commenter,
         name: t('spaceRole.role.commenter'),
         description: t('spaceRole.description.commenter'),
         level: 3,
       },
       {
-        role: SpaceRole.Viewer,
+        role: Role.Viewer,
         name: t('spaceRole.role.viewer'),
         description: t('spaceRole.description.viewer'),
         level: 4,
       },
       {
-        role: SpaceRole.Owner,
+        role: Role.Owner,
         name: t('spaceRole.role.owner'),
         description: t('spaceRole.description.owner'),
         level: 0,
diff --git a/packages/sdk/src/model/base.ts b/packages/sdk/src/model/base.ts
index 41a869c07..70ed2db6e 100644
--- a/packages/sdk/src/model/base.ts
+++ b/packages/sdk/src/model/base.ts
@@ -1,4 +1,4 @@
-import type { SpaceRole } from '@teable/core';
+import type { IRole } from '@teable/core';
 import type { IGetBaseVo, ICreateTableRo } from '@teable/openapi';
 import { Table } from './table/table';
 
@@ -7,7 +7,7 @@ export class Base implements IGetBaseVo {
   name: string;
   spaceId: string;
   icon: string | null;
-  role: SpaceRole;
+  role: IRole;
 
   constructor(base: IGetBaseVo) {
     const { id, name, spaceId, icon, role } = base;
diff --git a/packages/sdk/src/model/table/table.ts b/packages/sdk/src/model/table/table.ts
index aad3daf1d..0ea705517 100644
--- a/packages/sdk/src/model/table/table.ts
+++ b/packages/sdk/src/model/table/table.ts
@@ -1,5 +1,5 @@
 /* eslint-disable @typescript-eslint/naming-convention */
-import type { IFieldRo, IRecord, IUpdateFieldRo, IViewRo, TableActions } from '@teable/core';
+import type { IFieldRo, IRecord, IUpdateFieldRo, IViewRo, TableAction } from '@teable/core';
 import { FieldKeyType, TableCore } from '@teable/core';
 import type { IUpdateOrderRo, IRecordInsertOrderRo, ITableVo } from '@teable/openapi';
 import {
@@ -38,7 +38,7 @@ export class Table extends TableCore {
 
   baseId!: string;
 
-  permission?: { [key in TableActions]: boolean };
+  permission?: { [key in TableAction]: boolean };
 
   async getViews() {
     return View.getViews(this.id);