diff --git a/crates/erp-plugin/src/handler/data_handler.rs b/crates/erp-plugin/src/handler/data_handler.rs
index e224dc7..7427f27 100644
--- a/crates/erp-plugin/src/handler/data_handler.rs
+++ b/crates/erp-plugin/src/handler/data_handler.rs
@@ -47,9 +47,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.list")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     let page = params.page.unwrap_or(1);
     let page_size = params.page_size.unwrap_or(20);
@@ -107,9 +105,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "create");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.admin")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     let result = PluginDataService::create(
         plugin_id,
@@ -146,9 +142,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "get");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.list")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     let result =
         PluginDataService::get_by_id(plugin_id, &entity, id, ctx.tenant_id, &state.db).await?;
@@ -179,9 +173,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "update");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.admin")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     let result = PluginDataService::update(
         plugin_id,
@@ -220,9 +212,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "delete");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.admin")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     PluginDataService::delete(
         plugin_id,
@@ -260,9 +250,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.list")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     // 解析 filter JSON
     let filter: Option<serde_json::Value> = params
@@ -306,9 +294,7 @@ where
 {
     let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
     let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
-    if require_permission(&ctx, &fine_perm).is_err() {
-        require_permission(&ctx, "plugin.list")?;
-    }
+    require_permission(&ctx, &fine_perm)?;
 
     // 解析 filter JSON
     let filter: Option<serde_json::Value> = params