docs: update CONTRIBUTING and README with API endpoint details

2026-06-18 05:35:26 +02:00 · 2026-03-10 08:13:34 +00:00
146 changed files with 6108 additions and 33662 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -62,6 +62,16 @@ pnpm install
 cp apps/dokploy/.env.example apps/dokploy/.env
 ```

+### Optional Docker Configuration
+
+The following environment variables can be added to your `.env` file if you need custom Docker daemon configuration:
+
+- **DOCKER_API_VERSION**: Specify which Docker API version to use (optional)
+- **DOKPLOY_DOCKER_HOST**: Specify a custom Docker daemon host (optional)
+- **DOKPLOY_DOCKER_PORT**: Specify a custom Docker daemon port (optional)
+
+These variables are typically not needed for standard local development but can be useful if you need to connect to a remote Docker daemon or require a specific Docker API version.
+
 ## Requirements

 - [Docker](/GUIDES.md#docker)
@@ -171,6 +181,11 @@ curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.39.1/pack-v0.
 - **Issue Association:** For any significant change, it's highly recommended to open an issue first to discuss the proposed solution with the community and maintainers. This ensures alignment and avoids duplicated effort. If your PR resolves an existing issue, please link it in the description (e.g., `Fixes #123`, `Closes #456`).
 - **Large Features:** Pull Requests that introduce very large or broad features **will not be accepted** unless the idea is first outlined and discussed in a GitHub issue. Large features should be designed together with the Dokploy team so the project stays coherent and moves in the same direction. Open an issue to propose and align on the design before implementing.

+### Pull Request Guidelines
+
+- **Keep PRs small and focused.** Avoid very large PRs; prefer several smaller PRs (e.g., one template or one logical change per PR). This speeds up review and keeps the history clear.
+- **Test before submitting.** Any PR that has not been tested by the contributor will be closed. This keeps the PR queue tidy and ensures that only contributions that have been verified by their authors are considered.
+
 Thank you for your contribution!

 ## Templates
--- a/apps/api/README.md
+++ b/apps/api/README.md
@@ -6,3 +6,346 @@ npm run dev
 ```
 open http://localhost:3000
 ```
+
+## Environment Variables
+
+The API server requires the following environment variables for configuration:
+
+### Inngest Configuration
+
+Required for the GET /jobs endpoint to list deployment jobs:
+
+- **INNGEST_BASE_URL** - The base URL for the Inngest instance
+  - Self-hosted: `http://localhost:8288`
+  - Production: `https://dev-inngest.dokploy.com`
+  
+- **INNGEST_SIGNING_KEY** - The signing key for authenticating with Inngest
+
+Optional configuration for filtering and pagination:
+
+- **INNGEST_EVENTS_RECEIVED_AFTER** (optional) - An RFC3339 timestamp to filter events received after a specific date (e.g., `2024-01-01T00:00:00Z`). If unset, no date filter is applied.
+
+- **INNGEST_JOBS_MAX_EVENTS** (optional) - Maximum number of events to fetch when listing jobs. Default is 100, maximum is 10000. Used for pagination with cursor.
+
+### Lemon Squeezy Integration
+
+- **LEMON_SQUEEZY_API_KEY** - API key for Lemon Squeezy integration
+- **LEMON_SQUEEZY_STORE_ID** - Store ID for Lemon Squeezy integration
+
+### Docker Configuration
+
+Optional configuration for customizing Docker daemon connections:
+
+- **DOCKER_API_VERSION** (optional) - Specifies which Docker API version to use when connecting to the Docker daemon. If not set, the Docker client uses the default API version.
+
+- **DOKPLOY_DOCKER_HOST** (optional) - Specifies the Docker daemon host to connect to. If not set, uses the default Docker socket connection.
+
+- **DOKPLOY_DOCKER_PORT** (optional) - Specifies the port for connecting to the Docker daemon. If not set, uses the default port.
+
+These variables allow advanced users to customize how the Dokploy API server connects to Docker, which can be useful for connecting to remote Docker daemons or using specific API versions.
+
+## API Endpoints
+
+### GET /jobs
+
+Lists deployment jobs (Inngest runs) for a specified server.
+
+**Query Parameters:**
+- `serverId` (required) - The ID of the server to list deployment jobs for
+
+**Response:**
+Returns an array of deployment job objects with the same shape as BullMQ queue jobs:
+```json
+[
+  {
+    "id": "string",
+    "name": "string",
+    "data": {},
+    "timestamp": 0,
+    "processedOn": 0,
+    "finishedOn": 0,
+    "failedReason": "string",
+    "state": "string"
+  }
+]
+```
+
+**Error Responses:**
+- `400` - serverId is not provided
+- `503` - INNGEST_BASE_URL is not configured
+- `200` - Empty array on other errors
+
+This endpoint is used by the UI to display deployment queue information in the dashboard.
+
+## Search Endpoints
+
+The following search endpoints provide flexible querying capabilities with pagination support. All search endpoints respect member permissions, returning only resources the user has access to.
+
+### application.search
+
+Search applications across name, appName, description, repository, owner, and dockerImage fields.
+
+**Query Parameters:**
+- `q` (optional string) - General search term that searches across name, appName, description, repository, owner, and dockerImage
+- `name` (optional string) - Filter by application name
+- `appName` (optional string) - Filter by app name
+- `description` (optional string) - Filter by description
+- `repository` (optional string) - Filter by repository
+- `owner` (optional string) - Filter by owner
+- `dockerImage` (optional string) - Filter by Docker image
+- `projectId` (optional string) - Filter by project ID
+- `environmentId` (optional string) - Filter by environment ID
+- `limit` (number, default 20, min 1, max 100) - Maximum number of results
+- `offset` (number, default 0, min 0) - Pagination offset
+
+**Response:**
+```json
+{
+  "items": [
+    {
+      "applicationId": "string",
+      "name": "string",
+      "appName": "string",
+      "description": "string",
+      "environmentId": "string",
+      "applicationStatus": "string",
+      "sourceType": "string",
+      "createdAt": "string"
+    }
+  ],
+  "total": 0
+}
+```
+
+### compose.search
+
+Search compose services with filtering by name, appName, and description.
+
+**Query Parameters:**
+- `q` (optional string) - General search term across name, appName, description
+- `name` (optional string) - Filter by name
+- `appName` (optional string) - Filter by app name
+- `description` (optional string) - Filter by description
+- `projectId` (optional string) - Filter by project ID
+- `environmentId` (optional string) - Filter by environment ID
+- `limit` (number, default 20, min 1, max 100) - Maximum results
+- `offset` (number, default 0, min 0) - Pagination offset
+
+**Response:**
+```json
+{
+  "items": [
+    {
+      "composeId": "string",
+      "name": "string",
+      "appName": "string",
+      "description": "string",
+      "environmentId": "string",
+      "composeStatus": "string",
+      "sourceType": "string",
+      "createdAt": "string"
+    }
+  ],
+  "total": 0
+}
+```
+
+### environment.search
+
+Search environments by name and description.
+
+**Query Parameters:**
+- `q` (optional string) - General search term across name and description
+- `name` (optional string) - Filter by name
+- `description` (optional string) - Filter by description
+- `projectId` (optional string) - Filter by project ID
+- `limit` (number, default 20, min 1, max 100) - Maximum results
+- `offset` (number, default 0, min 0) - Pagination offset
+
+**Response:**
+```json
+{
+  "items": [
+    {
+      "environmentId": "string",
+      "name": "string",
+      "description": "string",
+      "createdAt": "string",
+      "env": "string",
+      "projectId": "string",
+      "isDefault": true
+    }
+  ],
+  "total": 0
+}
+```
+
+### project.search
+
+Search projects by name and description.
+
+**Query Parameters:**
+- `q` (optional string) - General search term across name and description
+- `name` (optional string) - Filter by name
+- `description` (optional string) - Filter by description
+- `limit` (number, default 20, min 1, max 100) - Maximum results
+- `offset` (number, default 0, min 0) - Pagination offset
+
+**Response:**
+```json
+{
+  "items": [
+    {
+      "projectId": "string",
+      "name": "string",
+      "description": "string",
+      "createdAt": "string",
+      "organizationId": "string",
+      "env": "string"
+    }
+  ],
+  "total": 0
+}
+```
+
+### Database Service Search Endpoints
+
+The following database services all share the same search interface:
+- **postgres.search**
+- **mysql.search**
+- **mariadb.search**
+- **mongo.search**
+- **redis.search**
+
+**Query Parameters:**
+- `q` (optional string) - General search term across name, appName, description
+- `name` (optional string) - Filter by name
+- `appName` (optional string) - Filter by app name
+- `description` (optional string) - Filter by description
+- `projectId` (optional string) - Filter by project ID
+- `environmentId` (optional string) - Filter by environment ID
+- `limit` (number, default 20, min 1, max 100) - Maximum results
+- `offset` (number, default 0, min 0) - Pagination offset
+
+**Response:**
+```json
+{
+  "items": [
+    {
+      "postgresId": "string",
+      "name": "string",
+      "appName": "string",
+      "description": "string",
+      "environmentId": "string",
+      "applicationStatus": "string",
+      "createdAt": "string"
+    }
+  ],
+  "total": 0
+}
+```
+
+*Note: The response shape is similar across all database services, with the ID field varying (e.g., `mysqlId`, `mariadbId`, `mongoId`, `redisId`).*
+
+**Search Behavior:**
+- All searches use case-insensitive pattern matching with wildcards
+- Results are ordered by creation date (descending)
+- Members only see services they have access to
+- Returns total count for pagination UI
+
+## Whitelabeling Endpoints
+
+The whitelabeling endpoints allow enterprise/self-hosted Dokploy instances to customize branding, logos, colors, and UI appearance. These endpoints are only available in self-hosted mode (not cloud).
+
+### whitelabeling.get
+
+Get the current whitelabeling configuration.
+
+**Requirements:**
+- Enterprise license required
+- Only available for self-hosted (not cloud)
+
+**Response:**
+Returns the whitelabeling configuration object or null if not configured.
+
+```json
+{
+  "appName": "string | null",
+  "appDescription": "string | null",
+  "logoUrl": "string | null",
+  "faviconUrl": "string | null",
+  "primaryColor": "string | null",
+  "customCss": "string | null",
+  "loginLogoUrl": "string | null",
+  "supportUrl": "string | null",
+  "docsUrl": "string | null",
+  "errorPageTitle": "string | null",
+  "errorPageDescription": "string | null",
+  "metaTitle": "string | null",
+  "footerText": "string | null"
+}
+```
+
+### whitelabeling.update
+
+Update the whitelabeling configuration.
+
+**Requirements:**
+- Enterprise license required
+- Owner role required
+- Only available for self-hosted (not cloud)
+
+**Input:**
+```json
+{
+  "whitelabelingConfig": {
+    "appName": "string | null",
+    "appDescription": "string | null",
+    "logoUrl": "string | null",
+    "faviconUrl": "string | null",
+    "primaryColor": "string | null",
+    "customCss": "string | null",
+    "loginLogoUrl": "string | null",
+    "supportUrl": "string | null",
+    "docsUrl": "string | null",
+    "errorPageTitle": "string | null",
+    "errorPageDescription": "string | null",
+    "metaTitle": "string | null",
+    "footerText": "string | null"
+  }
+}
+```
+
+**Response:**
+```json
+{
+  "success": true
+}
+```
+
+### whitelabeling.reset
+
+Reset whitelabeling configuration to default values (all fields set to null).
+
+**Requirements:**
+- Enterprise license required
+- Owner role required
+- Only available for self-hosted (not cloud)
+
+**Response:**
+```json
+{
+  "success": true
+}
+```
+
+### whitelabeling.getPublic
+
+Public endpoint to fetch whitelabeling configuration. This endpoint can be accessed without authentication, allowing the whitelabeling settings to be applied globally (including on the login page before auth).
+
+**Requirements:**
+- No authentication required
+- Only available for self-hosted (not cloud)
+
+**Response:**
+Returns the whitelabeling configuration object or null if not configured. Response shape is identical to `whitelabeling.get`.
--- a/apps/dokploy/test/permissions/check-permission.test.ts
+++ b/apps/dokploy/test/permissions/check-permission.test.ts
@@ -1,144 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-
-const mockMemberData = (
-	role: string,
-	overrides: Record<string, boolean> = {},
-) => ({
-	id: "member-1",
-	role,
-	userId: "user-1",
-	organizationId: "org-1",
-	accessedProjects: [] as string[],
-	accessedServices: [] as string[],
-	accessedEnvironments: [] as string[],
-	canCreateProjects: overrides.canCreateProjects ?? false,
-	canDeleteProjects: overrides.canDeleteProjects ?? false,
-	canCreateServices: overrides.canCreateServices ?? false,
-	canDeleteServices: overrides.canDeleteServices ?? false,
-	canCreateEnvironments: overrides.canCreateEnvironments ?? false,
-	canDeleteEnvironments: overrides.canDeleteEnvironments ?? false,
-	canAccessToTraefikFiles: overrides.canAccessToTraefikFiles ?? false,
-	canAccessToDocker: overrides.canAccessToDocker ?? false,
-	canAccessToAPI: overrides.canAccessToAPI ?? false,
-	canAccessToSSHKeys: overrides.canAccessToSSHKeys ?? false,
-	canAccessToGitProviders: overrides.canAccessToGitProviders ?? false,
-	user: { id: "user-1", email: "test@test.com" },
-});
-
-let memberToReturn: ReturnType<typeof mockMemberData> =
-	mockMemberData("member");
-
-vi.mock("@dokploy/server/db", () => ({
-	db: {
-		query: {
-			member: {
-				findFirst: vi.fn(() => Promise.resolve(memberToReturn)),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-			organizationRole: {
-				findFirst: vi.fn(),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-		},
-	},
-}));
-
-vi.mock("@dokploy/server/services/proprietary/license-key", () => ({
-	hasValidLicense: vi.fn(() => Promise.resolve(false)),
-}));
-
-const { checkPermission } = await import("@dokploy/server/services/permission");
-
-const ctx = {
-	user: { id: "user-1" },
-	session: { activeOrganizationId: "org-1" },
-};
-
-beforeEach(() => {
-	vi.clearAllMocks();
-});
-
-describe("static roles bypass enterprise resources", () => {
-	it("owner bypasses deployment.read", async () => {
-		memberToReturn = mockMemberData("owner");
-		await expect(
-			checkPermission(ctx, { deployment: ["read"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("admin bypasses backup.create", async () => {
-		memberToReturn = mockMemberData("admin");
-		await expect(
-			checkPermission(ctx, { backup: ["create"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member bypasses schedule.delete", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(
-			checkPermission(ctx, { schedule: ["delete"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member bypasses multiple enterprise permissions at once", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(
-			checkPermission(ctx, {
-				deployment: ["read"],
-				backup: ["create"],
-				domain: ["delete"],
-			}),
-		).resolves.toBeUndefined();
-	});
-});
-
-describe("static roles validate free-tier resources", () => {
-	it("owner passes project.create", async () => {
-		memberToReturn = mockMemberData("owner");
-		await expect(
-			checkPermission(ctx, { project: ["create"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member fails project.create (no legacy override)", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(
-			checkPermission(ctx, { project: ["create"] }),
-		).rejects.toThrow();
-	});
-
-	it("member passes service.read", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(
-			checkPermission(ctx, { service: ["read"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member fails service.create", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(
-			checkPermission(ctx, { service: ["create"] }),
-		).rejects.toThrow();
-	});
-});
-
-describe("legacy boolean overrides for member", () => {
-	it("member passes project.create with canCreateProjects=true", async () => {
-		memberToReturn = mockMemberData("member", { canCreateProjects: true });
-		await expect(
-			checkPermission(ctx, { project: ["create"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member passes docker.read with canAccessToDocker=true", async () => {
-		memberToReturn = mockMemberData("member", { canAccessToDocker: true });
-		await expect(
-			checkPermission(ctx, { docker: ["read"] }),
-		).resolves.toBeUndefined();
-	});
-
-	it("member fails docker.read with canAccessToDocker=false", async () => {
-		memberToReturn = mockMemberData("member");
-		await expect(checkPermission(ctx, { docker: ["read"] })).rejects.toThrow();
-	});
-});
--- a/apps/dokploy/test/permissions/enterprise-only-resources.test.ts
+++ b/apps/dokploy/test/permissions/enterprise-only-resources.test.ts
@@ -1,78 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-	enterpriseOnlyResources,
-	statements,
-} from "@dokploy/server/lib/access-control";
-
-const FREE_TIER_RESOURCES = [
-	"organization",
-	"member",
-	"invitation",
-	"team",
-	"ac",
-	"project",
-	"service",
-	"environment",
-	"docker",
-	"sshKeys",
-	"gitProviders",
-	"traefikFiles",
-	"api",
-];
-
-const ENTERPRISE_RESOURCES = [
-	"volume",
-	"deployment",
-	"envVars",
-	"projectEnvVars",
-	"environmentEnvVars",
-	"server",
-	"registry",
-	"certificate",
-	"backup",
-	"volumeBackup",
-	"schedule",
-	"domain",
-	"destination",
-	"notification",
-	"logs",
-	"monitoring",
-	"auditLog",
-];
-
-describe("enterpriseOnlyResources set", () => {
-	it("contains all enterprise resources", () => {
-		for (const resource of ENTERPRISE_RESOURCES) {
-			expect(enterpriseOnlyResources.has(resource)).toBe(true);
-		}
-	});
-
-	it("does NOT contain free-tier resources", () => {
-		for (const resource of FREE_TIER_RESOURCES) {
-			expect(enterpriseOnlyResources.has(resource)).toBe(false);
-		}
-	});
-
-	it("every resource in statements is either free or enterprise", () => {
-		const allResources = Object.keys(statements);
-		for (const resource of allResources) {
-			const isFree = FREE_TIER_RESOURCES.includes(resource);
-			const isEnterprise = enterpriseOnlyResources.has(resource);
-			expect(isFree || isEnterprise).toBe(true);
-		}
-	});
-
-	it("free and enterprise sets don't overlap", () => {
-		for (const resource of FREE_TIER_RESOURCES) {
-			expect(enterpriseOnlyResources.has(resource)).toBe(false);
-		}
-	});
-
-	it("all statement resources are accounted for", () => {
-		const allResources = Object.keys(statements);
-		const categorized = [...FREE_TIER_RESOURCES, ...ENTERPRISE_RESOURCES];
-		for (const resource of allResources) {
-			expect(categorized).toContain(resource);
-		}
-	});
-});
--- a/apps/dokploy/test/permissions/resolve-permissions.test.ts
+++ b/apps/dokploy/test/permissions/resolve-permissions.test.ts
@@ -1,161 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-
-const mockMemberData = (
-	role: string,
-	overrides: Record<string, boolean> = {},
-) => ({
-	id: "member-1",
-	role,
-	userId: "user-1",
-	organizationId: "org-1",
-	accessedProjects: [] as string[],
-	accessedServices: [] as string[],
-	accessedEnvironments: [] as string[],
-	canCreateProjects: overrides.canCreateProjects ?? false,
-	canDeleteProjects: overrides.canDeleteProjects ?? false,
-	canCreateServices: overrides.canCreateServices ?? false,
-	canDeleteServices: overrides.canDeleteServices ?? false,
-	canCreateEnvironments: overrides.canCreateEnvironments ?? false,
-	canDeleteEnvironments: overrides.canDeleteEnvironments ?? false,
-	canAccessToTraefikFiles: overrides.canAccessToTraefikFiles ?? false,
-	canAccessToDocker: overrides.canAccessToDocker ?? false,
-	canAccessToAPI: overrides.canAccessToAPI ?? false,
-	canAccessToSSHKeys: overrides.canAccessToSSHKeys ?? false,
-	canAccessToGitProviders: overrides.canAccessToGitProviders ?? false,
-	user: { id: "user-1", email: "test@test.com" },
-});
-
-let memberToReturn: ReturnType<typeof mockMemberData> =
-	mockMemberData("member");
-
-vi.mock("@dokploy/server/db", () => ({
-	db: {
-		query: {
-			member: {
-				findFirst: vi.fn(() => Promise.resolve(memberToReturn)),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-			organizationRole: {
-				findFirst: vi.fn(),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-		},
-	},
-}));
-
-vi.mock("@dokploy/server/services/proprietary/license-key", () => ({
-	hasValidLicense: vi.fn(() => Promise.resolve(false)),
-}));
-
-const { resolvePermissions } = await import(
-	"@dokploy/server/services/permission"
-);
-const { enterpriseOnlyResources, statements } = await import(
-	"@dokploy/server/lib/access-control"
-);
-
-const ctx = {
-	user: { id: "user-1" },
-	session: { activeOrganizationId: "org-1" },
-};
-
-beforeEach(() => {
-	vi.clearAllMocks();
-});
-
-describe("enterprise resources for static roles", () => {
-	it("owner gets true for all enterprise resources", async () => {
-		memberToReturn = mockMemberData("owner");
-		const perms = await resolvePermissions(ctx);
-
-		for (const resource of enterpriseOnlyResources) {
-			const actions = statements[resource as keyof typeof statements];
-			for (const action of actions) {
-				expect((perms as any)[resource][action]).toBe(true);
-			}
-		}
-	});
-
-	it("admin gets true for all enterprise resources", async () => {
-		memberToReturn = mockMemberData("admin");
-		const perms = await resolvePermissions(ctx);
-
-		for (const resource of enterpriseOnlyResources) {
-			const actions = statements[resource as keyof typeof statements];
-			for (const action of actions) {
-				expect((perms as any)[resource][action]).toBe(true);
-			}
-		}
-	});
-
-	it("member gets true for service-level enterprise resources", async () => {
-		memberToReturn = mockMemberData("member");
-		const perms = await resolvePermissions(ctx);
-
-		expect(perms.deployment.read).toBe(true);
-		expect(perms.deployment.create).toBe(true);
-		expect(perms.domain.read).toBe(true);
-		expect(perms.backup.read).toBe(true);
-		expect(perms.logs.read).toBe(true);
-		expect(perms.monitoring.read).toBe(true);
-	});
-
-	it("member gets false for org-level enterprise resources", async () => {
-		memberToReturn = mockMemberData("member");
-		const perms = await resolvePermissions(ctx);
-
-		expect(perms.server.read).toBe(false);
-		expect(perms.registry.read).toBe(false);
-		expect(perms.certificate.read).toBe(false);
-		expect(perms.destination.read).toBe(false);
-		expect(perms.notification.read).toBe(false);
-		expect(perms.auditLog.read).toBe(false);
-	});
-});
-
-describe("free-tier resources for member", () => {
-	it("member gets service.read=true", async () => {
-		memberToReturn = mockMemberData("member");
-		const perms = await resolvePermissions(ctx);
-		expect(perms.service.read).toBe(true);
-	});
-
-	it("member gets project.create=false without legacy override", async () => {
-		memberToReturn = mockMemberData("member");
-		const perms = await resolvePermissions(ctx);
-		expect(perms.project.create).toBe(false);
-	});
-
-	it("member gets project.create=true with canCreateProjects", async () => {
-		memberToReturn = mockMemberData("member", { canCreateProjects: true });
-		const perms = await resolvePermissions(ctx);
-		expect(perms.project.create).toBe(true);
-	});
-
-	it("member gets docker.read=false without legacy override", async () => {
-		memberToReturn = mockMemberData("member");
-		const perms = await resolvePermissions(ctx);
-		expect(perms.docker.read).toBe(false);
-	});
-
-	it("member gets docker.read=true with canAccessToDocker", async () => {
-		memberToReturn = mockMemberData("member", { canAccessToDocker: true });
-		const perms = await resolvePermissions(ctx);
-		expect(perms.docker.read).toBe(true);
-	});
-});
-
-describe("free-tier resources for owner", () => {
-	it("owner gets all free-tier permissions as true", async () => {
-		memberToReturn = mockMemberData("owner");
-		const perms = await resolvePermissions(ctx);
-		expect(perms.project.create).toBe(true);
-		expect(perms.project.delete).toBe(true);
-		expect(perms.service.create).toBe(true);
-		expect(perms.service.read).toBe(true);
-		expect(perms.service.delete).toBe(true);
-		expect(perms.docker.read).toBe(true);
-		expect(perms.traefikFiles.read).toBe(true);
-		expect(perms.traefikFiles.write).toBe(true);
-	});
-});
--- a/apps/dokploy/test/permissions/service-access.test.ts
+++ b/apps/dokploy/test/permissions/service-access.test.ts
@@ -1,132 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-
-const mockMemberData = (
-	role: string,
-	accessedServices: string[] = [],
-	accessedProjects: string[] = [],
-) => ({
-	id: "member-1",
-	role,
-	userId: "user-1",
-	organizationId: "org-1",
-	accessedProjects,
-	accessedServices,
-	accessedEnvironments: [] as string[],
-	canCreateProjects: false,
-	canDeleteProjects: false,
-	canCreateServices: false,
-	canDeleteServices: false,
-	canCreateEnvironments: false,
-	canDeleteEnvironments: false,
-	canAccessToTraefikFiles: false,
-	canAccessToDocker: false,
-	canAccessToAPI: false,
-	canAccessToSSHKeys: false,
-	canAccessToGitProviders: false,
-	user: { id: "user-1", email: "test@test.com" },
-});
-
-let memberToReturn: ReturnType<typeof mockMemberData> =
-	mockMemberData("member");
-
-vi.mock("@dokploy/server/db", () => ({
-	db: {
-		query: {
-			member: {
-				findFirst: vi.fn(() => Promise.resolve(memberToReturn)),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-			organizationRole: {
-				findFirst: vi.fn(),
-				findMany: vi.fn(() => Promise.resolve([])),
-			},
-		},
-	},
-}));
-
-vi.mock("@dokploy/server/services/proprietary/license-key", () => ({
-	hasValidLicense: vi.fn(() => Promise.resolve(false)),
-}));
-
-const { checkServicePermissionAndAccess, checkServiceAccess } = await import(
-	"@dokploy/server/services/permission"
-);
-
-const ctx = {
-	user: { id: "user-1" },
-	session: { activeOrganizationId: "org-1" },
-};
-
-beforeEach(() => {
-	vi.clearAllMocks();
-});
-
-describe("checkServicePermissionAndAccess", () => {
-	it("owner bypasses accessedServices check", async () => {
-		memberToReturn = mockMemberData("owner", []);
-		await expect(
-			checkServicePermissionAndAccess(ctx, "service-123", {
-				deployment: ["read"],
-			}),
-		).resolves.toBeUndefined();
-	});
-
-	it("admin bypasses accessedServices check", async () => {
-		memberToReturn = mockMemberData("admin", []);
-		await expect(
-			checkServicePermissionAndAccess(ctx, "service-123", {
-				backup: ["create"],
-			}),
-		).resolves.toBeUndefined();
-	});
-
-	it("member with access to service passes", async () => {
-		memberToReturn = mockMemberData("member", ["service-123"]);
-		await expect(
-			checkServicePermissionAndAccess(ctx, "service-123", {
-				deployment: ["read"],
-			}),
-		).resolves.toBeUndefined();
-	});
-
-	it("member WITHOUT access to service fails", async () => {
-		memberToReturn = mockMemberData("member", ["other-service"]);
-		await expect(
-			checkServicePermissionAndAccess(ctx, "service-123", {
-				deployment: ["read"],
-			}),
-		).rejects.toThrow("You don't have access to this service");
-	});
-
-	it("member with empty accessedServices fails", async () => {
-		memberToReturn = mockMemberData("member", []);
-		await expect(
-			checkServicePermissionAndAccess(ctx, "service-123", {
-				domain: ["delete"],
-			}),
-		).rejects.toThrow("You don't have access to this service");
-	});
-});
-
-describe("checkServiceAccess", () => {
-	it("member with service access passes read check", async () => {
-		memberToReturn = mockMemberData("member", ["app-1"]);
-		await expect(
-			checkServiceAccess(ctx, "app-1", "read"),
-		).resolves.toBeUndefined();
-	});
-
-	it("member without service access fails read check", async () => {
-		memberToReturn = mockMemberData("member", []);
-		await expect(checkServiceAccess(ctx, "app-1", "read")).rejects.toThrow(
-			"You don't have access to this service",
-		);
-	});
-
-	it("owner bypasses all access checks", async () => {
-		memberToReturn = mockMemberData("owner", [], []);
-		await expect(
-			checkServiceAccess(ctx, "project-1", "create"),
-		).resolves.toBeUndefined();
-	});
-});
--- a/apps/dokploy/components/dashboard/application/advanced/traefik/show-traefik-config.tsx
+++ b/apps/dokploy/components/dashboard/application/advanced/traefik/show-traefik-config.tsx
@@ -15,17 +15,13 @@ interface Props {
 }

 export const ShowTraefikConfig = ({ applicationId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canRead = permissions?.traefikFiles.read ?? false;
 	const { data, isPending } = api.application.readTraefikConfig.useQuery(
 		{
 			applicationId,
 		},
-		{ enabled: !!applicationId && canRead },
+		{ enabled: !!applicationId },
 	);

-	if (!canRead) return null;
-
 	return (
 		<Card className="bg-background">
 			<CardHeader className="flex flex-row justify-between">
--- a/apps/dokploy/components/dashboard/application/advanced/traefik/update-traefik-config.tsx
+++ b/apps/dokploy/components/dashboard/application/advanced/traefik/update-traefik-config.tsx
@@ -60,8 +60,6 @@ export const validateAndFormatYAML = (yamlText: string) => {
 };

 export const UpdateTraefikConfig = ({ applicationId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canWrite = permissions?.traefikFiles.write ?? false;
 	const [open, setOpen] = useState(false);
 	const [skipYamlValidation, setSkipYamlValidation] = useState(false);
 	const { data, refetch } = api.application.readTraefikConfig.useQuery(
@@ -127,11 +125,9 @@ export const UpdateTraefikConfig = ({ applicationId }: Props) => {
 				}
 			}}
 		>
-			{canWrite && (
-				<DialogTrigger asChild>
-					<Button isLoading={isPending}>Modify</Button>
-				</DialogTrigger>
-			)}
+			<DialogTrigger asChild>
+				<Button isLoading={isPending}>Modify</Button>
+			</DialogTrigger>
 			<DialogContent className="sm:max-w-4xl">
 				<DialogHeader>
 					<DialogTitle>Update traefik config</DialogTitle>
--- a/apps/dokploy/components/dashboard/application/advanced/volumes/show-volumes.tsx
+++ b/apps/dokploy/components/dashboard/application/advanced/volumes/show-volumes.tsx
@@ -21,13 +21,6 @@ interface Props {
 }

 export const ShowVolumes = ({ id, type }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canRead = permissions?.volume.read ?? false;
-	const canCreate = permissions?.volume.create ?? false;
-	const canDelete = permissions?.volume.delete ?? false;
-
-	if (!canRead) return null;
-
 	const queryMap = {
 		postgres: () =>
 			api.postgres.one.useQuery({ postgresId: id }, { enabled: !!id }),
@@ -57,7 +50,7 @@ export const ShowVolumes = ({ id, type }: Props) => {
 					</CardDescription>
 				</div>

-				{canCreate && data && data?.mounts.length > 0 && (
+				{data && data?.mounts.length > 0 && (
 					<AddVolumes serviceId={id} refetch={refetch} serviceType={type}>
 						Add Volume
 					</AddVolumes>
@@ -70,11 +63,9 @@ export const ShowVolumes = ({ id, type }: Props) => {
 						<span className="text-base text-muted-foreground">
 							No volumes/mounts configured
 						</span>
-						{canCreate && (
-							<AddVolumes serviceId={id} refetch={refetch} serviceType={type}>
-								Add Volume
-							</AddVolumes>
-						)}
+						<AddVolumes serviceId={id} refetch={refetch} serviceType={type}>
+							Add Volume
+						</AddVolumes>
 					</div>
 				) : (
 					<div className="flex flex-col pt-2 gap-4">
@@ -139,42 +130,38 @@ export const ShowVolumes = ({ id, type }: Props) => {
 											</div>
 										</div>
 										<div className="flex flex-row gap-1">
-											{canCreate && (
-												<UpdateVolume
-													mountId={mount.mountId}
-													type={mount.type}
-													refetch={refetch}
-													serviceType={type}
-												/>
-											)}
-											{canDelete && (
-												<DialogAction
-													title="Delete Volume"
-													description="Are you sure you want to delete this volume?"
-													type="destructive"
-													onClick={async () => {
-														await deleteVolume({
-															mountId: mount.mountId,
+											<UpdateVolume
+												mountId={mount.mountId}
+												type={mount.type}
+												refetch={refetch}
+												serviceType={type}
+											/>
+											<DialogAction
+												title="Delete Volume"
+												description="Are you sure you want to delete this volume?"
+												type="destructive"
+												onClick={async () => {
+													await deleteVolume({
+														mountId: mount.mountId,
+													})
+														.then(() => {
+															refetch();
+															toast.success("Volume deleted successfully");
 														})
-															.then(() => {
-																refetch();
-																toast.success("Volume deleted successfully");
-															})
-															.catch(() => {
-																toast.error("Error deleting volume");
-															});
-													}}
+														.catch(() => {
+															toast.error("Error deleting volume");
+														});
+												}}
+											>
+												<Button
+													variant="ghost"
+													size="icon"
+													className="group hover:bg-red-500/10"
+													isLoading={isRemoving}
 												>
-													<Button
-														variant="ghost"
-														size="icon"
-														className="group hover:bg-red-500/10"
-														isLoading={isRemoving}
-													>
-														<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-													</Button>
-												</DialogAction>
-											)}
+													<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+												</Button>
+											</DialogAction>
 										</div>
 									</div>
 								</div>
--- a/apps/dokploy/components/dashboard/application/deployments/show-deployments.tsx
+++ b/apps/dokploy/components/dashboard/application/deployments/show-deployments.tsx
@@ -2,7 +2,6 @@ import {
 	ChevronDown,
 	ChevronUp,
 	Clock,
-	Copy,
 	Loader2,
 	RefreshCcw,
 	RocketIcon,
@@ -11,7 +10,6 @@ import {
 } from "lucide-react";
 import React, { useEffect, useMemo, useState } from "react";
 import { toast } from "sonner";
-import copy from "copy-to-clipboard";
 import { AlertBlock } from "@/components/shared/alert-block";
 import { DateTooltip } from "@/components/shared/date-tooltip";
 import { DialogAction } from "@/components/shared/dialog-action";
@@ -99,12 +97,6 @@ export const ShowDeployments = ({
 		new Set(),
 	);

-	const webhookUrl = useMemo(
-		() =>
-			`${url}/api/deploy${type === "compose" ? "/compose" : ""}/${refreshToken}`,
-		[url, refreshToken, type],
-	);
-
 	const MAX_DESCRIPTION_LENGTH = 200;

 	const truncateDescription = (description: string): string => {
@@ -232,27 +224,11 @@ export const ShowDeployments = ({
 						<div className="flex flex-row items-center gap-2 flex-wrap">
 							<span>Webhook URL: </span>
 							<div className="flex flex-row items-center gap-2">
-								<Badge
-									role="button"
-									tabIndex={0}
-									aria-label="Copy webhook URL to clipboard"
-									className="p-2 rounded-md ml-1 mr-1 hover:border-primary hover:text-primary-foreground hover:bg-primary hover:cursor-pointer whitespace-normal break-all"
-									variant="outline"
-									onKeyDown={(event) => {
-										if (event.key === "Enter" || event.key === " ") {
-											event.preventDefault();
-											copy(webhookUrl);
-											toast.success("Copied to clipboard.");
-										}
-									}}
-									onClick={() => {
-										copy(webhookUrl);
-										toast.success("Copied to clipboard.");
-									}}
-								>
-									{webhookUrl}
-									<Copy className="h-4 w-4 ml-2" />
-								</Badge>
+								<span className="break-all text-muted-foreground">
+									{`${url}/api/deploy${
+										type === "compose" ? "/compose" : ""
+									}/${refreshToken}`}
+								</span>
 								{(type === "application" || type === "compose") && (
 									<RefreshToken id={id} type={type} />
 								)}
--- a/apps/dokploy/components/dashboard/application/domains/show-domains.tsx
+++ b/apps/dokploy/components/dashboard/application/domains/show-domains.tsx
@@ -50,9 +50,6 @@ interface Props {
 }

 export const ShowDomains = ({ id, type }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canCreateDomain = permissions?.domain.create ?? false;
-	const canDeleteDomain = permissions?.domain.delete ?? false;
 	const { data: application } =
 		type === "application"
 			? api.application.one.useQuery(
@@ -152,7 +149,7 @@ export const ShowDomains = ({ id, type }: Props) => {
 					</div>

 					<div className="flex flex-row gap-4 flex-wrap">
-						{canCreateDomain && data && data?.length > 0 && (
+						{data && data?.length > 0 && (
 							<AddDomain id={id} type={type}>
 								<Button>
 									<GlobeIcon className="size-4" /> Add Domain
@@ -176,15 +173,13 @@ export const ShowDomains = ({ id, type }: Props) => {
 								To access the application it is required to set at least 1
 								domain
 							</span>
-							{canCreateDomain && (
-								<div className="flex flex-row gap-4 flex-wrap">
-									<AddDomain id={id} type={type}>
-										<Button>
-											<GlobeIcon className="size-4" /> Add Domain
-										</Button>
-									</AddDomain>
-								</div>
-							)}
+							<div className="flex flex-row gap-4 flex-wrap">
+								<AddDomain id={id} type={type}>
+									<Button>
+										<GlobeIcon className="size-4" /> Add Domain
+									</Button>
+								</AddDomain>
+							</div>
 						</div>
 					) : (
 						<div className="grid grid-cols-1 gap-4 xl:grid-cols-2 w-full min-h-[40vh] ">
@@ -219,51 +214,47 @@ export const ShowDomains = ({ id, type }: Props) => {
 																}
 															/>
 														)}
-														{canCreateDomain && (
-															<AddDomain
-																id={id}
-																type={type}
-																domainId={item.domainId}
+														<AddDomain
+															id={id}
+															type={type}
+															domainId={item.domainId}
+														>
+															<Button
+																variant="ghost"
+																size="icon"
+																className="group hover:bg-blue-500/10"
 															>
-																<Button
-																	variant="ghost"
-																	size="icon"
-																	className="group hover:bg-blue-500/10"
-																>
-																	<PenBoxIcon className="size-3.5 text-primary group-hover:text-blue-500" />
-																</Button>
-															</AddDomain>
-														)}
-														{canDeleteDomain && (
-															<DialogAction
-																title="Delete Domain"
-																description="Are you sure you want to delete this domain?"
-																type="destructive"
-																onClick={async () => {
-																	await deleteDomain({
-																		domainId: item.domainId,
+																<PenBoxIcon className="size-3.5 text-primary group-hover:text-blue-500" />
+															</Button>
+														</AddDomain>
+														<DialogAction
+															title="Delete Domain"
+															description="Are you sure you want to delete this domain?"
+															type="destructive"
+															onClick={async () => {
+																await deleteDomain({
+																	domainId: item.domainId,
+																})
+																	.then((_data) => {
+																		refetch();
+																		toast.success(
+																			"Domain deleted successfully",
+																		);
 																	})
-																		.then((_data) => {
-																			refetch();
-																			toast.success(
-																				"Domain deleted successfully",
-																			);
-																		})
-																		.catch(() => {
-																			toast.error("Error deleting domain");
-																		});
-																}}
+																	.catch(() => {
+																		toast.error("Error deleting domain");
+																	});
+															}}
+														>
+															<Button
+																variant="ghost"
+																size="icon"
+																className="group hover:bg-red-500/10"
+																isLoading={isRemoving}
 															>
-																<Button
-																	variant="ghost"
-																	size="icon"
-																	className="group hover:bg-red-500/10"
-																	isLoading={isRemoving}
-																>
-																	<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																</Button>
-															</DialogAction>
-														)}
+																<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+															</Button>
+														</DialogAction>
 													</div>
 												</div>
 												<div className="w-full break-all">
--- a/apps/dokploy/components/dashboard/application/environment/show-enviroment.tsx
+++ b/apps/dokploy/components/dashboard/application/environment/show-enviroment.tsx
@@ -36,8 +36,6 @@ interface Props {
 }

 export const ShowEnvironment = ({ id, type }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canWrite = permissions?.envVars.write ?? false;
 	const queryMap = {
 		postgres: () =>
 			api.postgres.one.useQuery({ postgresId: id }, { enabled: !!id }),
@@ -187,27 +185,25 @@ PORT=3000
 								)}
 							/>

-							{canWrite && (
-								<div className="flex flex-row justify-end gap-2">
-									{hasChanges && (
-										<Button
-											type="button"
-											variant="outline"
-											onClick={handleCancel}
-										>
-											Cancel
-										</Button>
-									)}
+							<div className="flex flex-row justify-end gap-2">
+								{hasChanges && (
 									<Button
-										isLoading={isPending}
-										className="w-fit"
-										type="submit"
-										disabled={!hasChanges}
+										type="button"
+										variant="outline"
+										onClick={handleCancel}
 									>
-										Save
+										Cancel
 									</Button>
-								</div>
-							)}
+								)}
+								<Button
+									isLoading={isPending}
+									className="w-fit"
+									type="submit"
+									disabled={!hasChanges}
+								>
+									Save
+								</Button>
+							</div>
 						</form>
 					</Form>
 				</CardContent>
--- a/apps/dokploy/components/dashboard/application/environment/show.tsx
+++ b/apps/dokploy/components/dashboard/application/environment/show.tsx
@@ -31,8 +31,6 @@ interface Props {
 }

 export const ShowEnvironment = ({ applicationId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canWrite = permissions?.envVars.write ?? false;
 	const { mutateAsync, isPending } =
 		api.application.saveEnvironment.useMutation();

@@ -203,30 +201,27 @@ export const ShowEnvironment = ({ applicationId }: Props) => {
 										<Switch
 											checked={field.value}
 											onCheckedChange={field.onChange}
-											disabled={!canWrite}
 										/>
 									</FormControl>
 								</FormItem>
 							)}
 						/>
 					)}
-					{canWrite && (
-						<div className="flex flex-row justify-end gap-2">
-							{hasChanges && (
-								<Button type="button" variant="outline" onClick={handleCancel}>
-									Cancel
-								</Button>
-							)}
-							<Button
-								isLoading={isPending}
-								className="w-fit"
-								type="submit"
-								disabled={!hasChanges}
-							>
-								Save
+					<div className="flex flex-row justify-end gap-2">
+						{hasChanges && (
+							<Button type="button" variant="outline" onClick={handleCancel}>
+								Cancel
 							</Button>
-						</div>
-					)}
+						)}
+						<Button
+							isLoading={isPending}
+							className="w-fit"
+							type="submit"
+							disabled={!hasChanges}
+						>
+							Save
+						</Button>
+					</div>
 				</form>
 			</Form>
 		</Card>
--- a/apps/dokploy/components/dashboard/application/general/generic/save-bitbucket-provider.tsx
+++ b/apps/dokploy/components/dashboard/application/general/generic/save-bitbucket-provider.tsx
@@ -1,5 +1,5 @@
 import { standardSchemaResolver as zodResolver } from "@hookform/resolvers/standard-schema";
-import { CheckIcon, ChevronsUpDown, HelpCircle, X } from "lucide-react";
+import { CheckIcon, ChevronsUpDown, X } from "lucide-react";
 import Link from "next/link";
 import { useEffect } from "react";
 import { useForm } from "react-hook-form";
@@ -416,8 +416,10 @@ export const SaveBitbucketProvider = ({ applicationId }: Props) => {
 										<FormLabel>Watch Paths</FormLabel>
 										<TooltipProvider>
 											<Tooltip>
-												<TooltipTrigger asChild>
-													<HelpCircle className="size-4 text-muted-foreground hover:text-foreground transition-colors cursor-pointer" />
+												<TooltipTrigger>
+													<div className="size-4 rounded-full bg-muted flex items-center justify-center text-[10px] font-bold">
+														?
+													</div>
 												</TooltipTrigger>
 												<TooltipContent>
 													<p>
--- a/apps/dokploy/components/dashboard/application/general/generic/save-git-provider.tsx
+++ b/apps/dokploy/components/dashboard/application/general/generic/save-git-provider.tsx
@@ -1,5 +1,5 @@
 import { standardSchemaResolver as zodResolver } from "@hookform/resolvers/standard-schema";
-import { HelpCircle, KeyRoundIcon, LockIcon, X } from "lucide-react";
+import { KeyRoundIcon, LockIcon, X } from "lucide-react";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import { useEffect } from "react";
@@ -228,8 +228,10 @@ export const SaveGitProvider = ({ applicationId }: Props) => {
 									<FormLabel>Watch Paths</FormLabel>
 									<TooltipProvider>
 										<Tooltip>
-											<TooltipTrigger asChild>
-												<HelpCircle className="size-4 text-muted-foreground hover:text-foreground transition-colors cursor-pointer" />
+											<TooltipTrigger>
+												<div className="size-4 rounded-full bg-muted flex items-center justify-center text-[10px] font-bold">
+													?
+												</div>
 											</TooltipTrigger>
 											<TooltipContent className="max-w-[300px]">
 												<p>
--- a/apps/dokploy/components/dashboard/application/general/show.tsx
+++ b/apps/dokploy/components/dashboard/application/general/show.tsx
@@ -30,9 +30,6 @@ interface Props {

 export const ShowGeneralApplication = ({ applicationId }: Props) => {
 	const router = useRouter();
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
-	const canUpdateService = permissions?.service.create ?? false;
 	const { data, refetch } = api.application.one.useQuery(
 		{
 			applicationId,
@@ -60,135 +57,128 @@ export const ShowGeneralApplication = ({ applicationId }: Props) => {
 				</CardHeader>
 				<CardContent className="flex flex-row gap-4 flex-wrap">
 					<TooltipProvider delayDuration={0} disableHoverableContent={false}>
-						{canDeploy && (
-							<DialogAction
-								title="Deploy Application"
-								description="Are you sure you want to deploy this application?"
-								type="default"
-								onClick={async () => {
-									await deploy({
-										applicationId: applicationId,
+						<DialogAction
+							title="Deploy Application"
+							description="Are you sure you want to deploy this application?"
+							type="default"
+							onClick={async () => {
+								await deploy({
+									applicationId: applicationId,
+								})
+									.then(() => {
+										toast.success("Application deployed successfully");
+										refetch();
+										router.push(
+											`/dashboard/project/${data?.environment.projectId}/environment/${data?.environmentId}/services/application/${applicationId}?tab=deployments`,
+										);
 									})
-										.then(() => {
-											toast.success("Application deployed successfully");
-											refetch();
-											router.push(
-												`/dashboard/project/${data?.environment.projectId}/environment/${data?.environmentId}/services/application/${applicationId}?tab=deployments`,
-											);
-										})
-										.catch(() => {
-											toast.error("Error deploying application");
-										});
-								}}
+									.catch(() => {
+										toast.error("Error deploying application");
+									});
+							}}
+						>
+							<Button
+								variant="default"
+								isLoading={data?.applicationStatus === "running"}
+								className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
 							>
-								<Button
-									variant="default"
-									isLoading={data?.applicationStatus === "running"}
-									className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
-								>
-									<Tooltip>
-										<TooltipTrigger asChild>
-											<div className="flex items-center">
-												<Rocket className="size-4 mr-1" />
-												Deploy
-											</div>
-										</TooltipTrigger>
-										<TooltipPrimitive.Portal>
-											<TooltipContent sideOffset={5} className="z-[60]">
-												<p>
-													Downloads the source code and performs a complete
-													build
-												</p>
-											</TooltipContent>
-										</TooltipPrimitive.Portal>
-									</Tooltip>
-								</Button>
-							</DialogAction>
-						)}
-						{canDeploy && (
-							<DialogAction
-								title="Reload Application"
-								description="Are you sure you want to reload this application?"
-								type="default"
-								onClick={async () => {
-									await reload({
-										applicationId: applicationId,
-										appName: data?.appName || "",
+								<Tooltip>
+									<TooltipTrigger asChild>
+										<div className="flex items-center">
+											<Rocket className="size-4 mr-1" />
+											Deploy
+										</div>
+									</TooltipTrigger>
+									<TooltipPrimitive.Portal>
+										<TooltipContent sideOffset={5} className="z-[60]">
+											<p>
+												Downloads the source code and performs a complete build
+											</p>
+										</TooltipContent>
+									</TooltipPrimitive.Portal>
+								</Tooltip>
+							</Button>
+						</DialogAction>
+						<DialogAction
+							title="Reload Application"
+							description="Are you sure you want to reload this application?"
+							type="default"
+							onClick={async () => {
+								await reload({
+									applicationId: applicationId,
+									appName: data?.appName || "",
+								})
+									.then(() => {
+										toast.success("Application reloaded successfully");
+										refetch();
 									})
-										.then(() => {
-											toast.success("Application reloaded successfully");
-											refetch();
-										})
-										.catch(() => {
-											toast.error("Error reloading application");
-										});
-								}}
+									.catch(() => {
+										toast.error("Error reloading application");
+									});
+							}}
+						>
+							<Button
+								variant="secondary"
+								isLoading={isReloading}
+								className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
 							>
-								<Button
-									variant="secondary"
-									isLoading={isReloading}
-									className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
-								>
-									<Tooltip>
-										<TooltipTrigger asChild>
-											<div className="flex items-center">
-												<RefreshCcw className="size-4 mr-1" />
-												Reload
-											</div>
-										</TooltipTrigger>
-										<TooltipPrimitive.Portal>
-											<TooltipContent sideOffset={5} className="z-[60]">
-												<p>Reload the application without rebuilding it</p>
-											</TooltipContent>
-										</TooltipPrimitive.Portal>
-									</Tooltip>
-								</Button>
-							</DialogAction>
-						)}
-						{canDeploy && (
-							<DialogAction
-								title="Rebuild Application"
-								description="Are you sure you want to rebuild this application?"
-								type="default"
-								onClick={async () => {
-									await redeploy({
-										applicationId: applicationId,
+								<Tooltip>
+									<TooltipTrigger asChild>
+										<div className="flex items-center">
+											<RefreshCcw className="size-4 mr-1" />
+											Reload
+										</div>
+									</TooltipTrigger>
+									<TooltipPrimitive.Portal>
+										<TooltipContent sideOffset={5} className="z-[60]">
+											<p>Reload the application without rebuilding it</p>
+										</TooltipContent>
+									</TooltipPrimitive.Portal>
+								</Tooltip>
+							</Button>
+						</DialogAction>
+						<DialogAction
+							title="Rebuild Application"
+							description="Are you sure you want to rebuild this application?"
+							type="default"
+							onClick={async () => {
+								await redeploy({
+									applicationId: applicationId,
+								})
+									.then(() => {
+										toast.success("Application rebuilt successfully");
+										refetch();
 									})
-										.then(() => {
-											toast.success("Application rebuilt successfully");
-											refetch();
-										})
-										.catch(() => {
-											toast.error("Error rebuilding application");
-										});
-								}}
+									.catch(() => {
+										toast.error("Error rebuilding application");
+									});
+							}}
+						>
+							<Button
+								variant="secondary"
+								isLoading={data?.applicationStatus === "running"}
+								className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
 							>
-								<Button
-									variant="secondary"
-									isLoading={data?.applicationStatus === "running"}
-									className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
-								>
-									<Tooltip>
-										<TooltipTrigger asChild>
-											<div className="flex items-center">
-												<Hammer className="size-4 mr-1" />
-												Rebuild
-											</div>
-										</TooltipTrigger>
-										<TooltipPrimitive.Portal>
-											<TooltipContent sideOffset={5} className="z-[60]">
-												<p>
-													Only rebuilds the application without downloading new
-													code
-												</p>
-											</TooltipContent>
-										</TooltipPrimitive.Portal>
-									</Tooltip>
-								</Button>
-							</DialogAction>
-						)}
+								<Tooltip>
+									<TooltipTrigger asChild>
+										<div className="flex items-center">
+											<Hammer className="size-4 mr-1" />
+											Rebuild
+										</div>
+									</TooltipTrigger>
+									<TooltipPrimitive.Portal>
+										<TooltipContent sideOffset={5} className="z-[60]">
+											<p>
+												Only rebuilds the application without downloading new
+												code
+											</p>
+										</TooltipContent>
+									</TooltipPrimitive.Portal>
+								</Tooltip>
+							</Button>
+						</DialogAction>

-						{canDeploy && data?.applicationStatus === "idle" ? (
+						{data?.applicationStatus === "idle" ? (
 							<DialogAction
 								title="Start Application"
 								description="Are you sure you want to start this application?"
@@ -229,7 +219,7 @@ export const ShowGeneralApplication = ({ applicationId }: Props) => {
 									</Tooltip>
 								</Button>
 							</DialogAction>
-						) : canDeploy ? (
+						) : (
 							<DialogAction
 								title="Stop Application"
 								description="Are you sure you want to stop this application?"
@@ -266,7 +256,7 @@ export const ShowGeneralApplication = ({ applicationId }: Props) => {
 									</Tooltip>
 								</Button>
 							</DialogAction>
-						) : null}
+						)}
 					</TooltipProvider>
 					<DockerTerminalModal
 						appName={data?.appName || ""}
@@ -280,53 +270,49 @@ export const ShowGeneralApplication = ({ applicationId }: Props) => {
 							Open Terminal
 						</Button>
 					</DockerTerminalModal>
-					{canUpdateService && (
-						<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
-							<span className="text-sm font-medium">Autodeploy</span>
-							<Switch
-								aria-label="Toggle autodeploy"
-								checked={data?.autoDeploy || false}
-								onCheckedChange={async (enabled) => {
-									await update({
-										applicationId,
-										autoDeploy: enabled,
+					<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
+						<span className="text-sm font-medium">Autodeploy</span>
+						<Switch
+							aria-label="Toggle autodeploy"
+							checked={data?.autoDeploy || false}
+							onCheckedChange={async (enabled) => {
+								await update({
+									applicationId,
+									autoDeploy: enabled,
+								})
+									.then(async () => {
+										toast.success("Auto Deploy Updated");
+										await refetch();
 									})
-										.then(async () => {
-											toast.success("Auto Deploy Updated");
-											await refetch();
-										})
-										.catch(() => {
-											toast.error("Error updating Auto Deploy");
-										});
-								}}
-								className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
-							/>
-						</div>
-					)}
+									.catch(() => {
+										toast.error("Error updating Auto Deploy");
+									});
+							}}
+							className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
+						/>
+					</div>

-					{canUpdateService && (
-						<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
-							<span className="text-sm font-medium">Clean Cache</span>
-							<Switch
-								aria-label="Toggle clean cache"
-								checked={data?.cleanCache || false}
-								onCheckedChange={async (enabled) => {
-									await update({
-										applicationId,
-										cleanCache: enabled,
+					<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
+						<span className="text-sm font-medium">Clean Cache</span>
+						<Switch
+							aria-label="Toggle clean cache"
+							checked={data?.cleanCache || false}
+							onCheckedChange={async (enabled) => {
+								await update({
+									applicationId,
+									cleanCache: enabled,
+								})
+									.then(async () => {
+										toast.success("Clean Cache Updated");
+										await refetch();
 									})
-										.then(async () => {
-											toast.success("Clean Cache Updated");
-											await refetch();
-										})
-										.catch(() => {
-											toast.error("Error updating Clean Cache");
-										});
-								}}
-								className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
-							/>
-						</div>
-					)}
+									.catch(() => {
+										toast.error("Error updating Clean Cache");
+									});
+							}}
+							className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
+						/>
+					</div>
 				</CardContent>
 			</Card>
 			<ShowProviderForm applicationId={applicationId} />
--- a/apps/dokploy/components/dashboard/compose/delete-service.tsx
+++ b/apps/dokploy/components/dashboard/compose/delete-service.tsx
@@ -46,8 +46,6 @@ interface Props {
 }

 export const DeleteService = ({ id, type }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDelete = permissions?.service.delete ?? false;
 	const [isOpen, setIsOpen] = useState(false);

 	const queryMap = {
@@ -125,8 +123,6 @@ export const DeleteService = ({ id, type }: Props) => {
 			data?.applicationStatus === "running") ||
 		(data && "composeStatus" in data && data?.composeStatus === "running");

-	if (!canDelete) return null;
-
 	return (
 		<Dialog open={isOpen} onOpenChange={setIsOpen}>
 			<DialogTrigger asChild>
--- a/apps/dokploy/components/dashboard/compose/general/actions.tsx
+++ b/apps/dokploy/components/dashboard/compose/general/actions.tsx
@@ -19,9 +19,6 @@ interface Props {
 }
 export const ComposeActions = ({ composeId }: Props) => {
 	const router = useRouter();
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
-	const canUpdateService = permissions?.service.create ?? false;
 	const { data, refetch } = api.compose.one.useQuery(
 		{
 			composeId,
@@ -38,169 +35,162 @@ export const ComposeActions = ({ composeId }: Props) => {
 	return (
 		<div className="flex flex-row gap-4 w-full flex-wrap ">
 			<TooltipProvider delayDuration={0} disableHoverableContent={false}>
-				{canDeploy && (
+				<DialogAction
+					title="Deploy Compose"
+					description="Are you sure you want to deploy this compose?"
+					type="default"
+					onClick={async () => {
+						await deploy({
+							composeId: composeId,
+						})
+							.then(() => {
+								toast.success("Compose deployed successfully");
+								refetch();
+								router.push(
+									`/dashboard/project/${data?.environment.projectId}/environment/${data?.environmentId}/services/compose/${composeId}?tab=deployments`,
+								);
+							})
+							.catch(() => {
+								toast.error("Error deploying compose");
+							});
+					}}
+				>
+					<Button
+						variant="default"
+						isLoading={data?.composeStatus === "running"}
+						className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
+					>
+						<Tooltip>
+							<TooltipTrigger asChild>
+								<div className="flex items-center">
+									<Rocket className="size-4 mr-1" />
+									Deploy
+								</div>
+							</TooltipTrigger>
+							<TooltipPrimitive.Portal>
+								<TooltipContent sideOffset={5} className="z-[60]">
+									<p>Downloads the source code and performs a complete build</p>
+								</TooltipContent>
+							</TooltipPrimitive.Portal>
+						</Tooltip>
+					</Button>
+				</DialogAction>
+				<DialogAction
+					title="Reload Compose"
+					description="Are you sure you want to reload this compose?"
+					type="default"
+					onClick={async () => {
+						await redeploy({
+							composeId: composeId,
+						})
+							.then(() => {
+								toast.success("Compose reloaded successfully");
+								refetch();
+							})
+							.catch(() => {
+								toast.error("Error reloading compose");
+							});
+					}}
+				>
+					<Button
+						variant="secondary"
+						isLoading={data?.composeStatus === "running"}
+						className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
+					>
+						<Tooltip>
+							<TooltipTrigger asChild>
+								<div className="flex items-center">
+									<RefreshCcw className="size-4 mr-1" />
+									Reload
+								</div>
+							</TooltipTrigger>
+							<TooltipPrimitive.Portal>
+								<TooltipContent sideOffset={5} className="z-[60]">
+									<p>Reload the compose without rebuilding it</p>
+								</TooltipContent>
+							</TooltipPrimitive.Portal>
+						</Tooltip>
+					</Button>
+				</DialogAction>
+				{data?.composeType === "docker-compose" &&
+				data?.composeStatus === "idle" ? (
 					<DialogAction
-						title="Deploy Compose"
-						description="Are you sure you want to deploy this compose?"
+						title="Start Compose"
+						description="Are you sure you want to start this compose?"
 						type="default"
 						onClick={async () => {
-							await deploy({
+							await start({
 								composeId: composeId,
 							})
 								.then(() => {
-									toast.success("Compose deployed successfully");
+									toast.success("Compose started successfully");
 									refetch();
-									router.push(
-										`/dashboard/project/${data?.environment.projectId}/environment/${data?.environmentId}/services/compose/${composeId}?tab=deployments`,
-									);
 								})
 								.catch(() => {
-									toast.error("Error deploying compose");
+									toast.error("Error starting compose");
 								});
 						}}
 					>
 						<Button
-							variant="default"
-							isLoading={data?.composeStatus === "running"}
+							variant="secondary"
+							isLoading={isStarting}
 							className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
 						>
 							<Tooltip>
 								<TooltipTrigger asChild>
 									<div className="flex items-center">
-										<Rocket className="size-4 mr-1" />
-										Deploy
+										<CheckCircle2 className="size-4 mr-1" />
+										Start
 									</div>
 								</TooltipTrigger>
 								<TooltipPrimitive.Portal>
 									<TooltipContent sideOffset={5} className="z-[60]">
 										<p>
-											Downloads the source code and performs a complete build
+											Start the compose (requires a previous successful build)
 										</p>
 									</TooltipContent>
 								</TooltipPrimitive.Portal>
 							</Tooltip>
 						</Button>
 					</DialogAction>
-				)}
-				{canDeploy && (
+				) : (
 					<DialogAction
-						title="Reload Compose"
-						description="Are you sure you want to reload this compose?"
-						type="default"
+						title="Stop Compose"
+						description="Are you sure you want to stop this compose?"
 						onClick={async () => {
-							await redeploy({
+							await stop({
 								composeId: composeId,
 							})
 								.then(() => {
-									toast.success("Compose reloaded successfully");
+									toast.success("Compose stopped successfully");
 									refetch();
 								})
 								.catch(() => {
-									toast.error("Error reloading compose");
+									toast.error("Error stopping compose");
 								});
 						}}
 					>
 						<Button
-							variant="secondary"
-							isLoading={data?.composeStatus === "running"}
+							variant="destructive"
+							isLoading={isStopping}
 							className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
 						>
 							<Tooltip>
 								<TooltipTrigger asChild>
 									<div className="flex items-center">
-										<RefreshCcw className="size-4 mr-1" />
-										Reload
+										<Ban className="size-4 mr-1" />
+										Stop
 									</div>
 								</TooltipTrigger>
 								<TooltipPrimitive.Portal>
 									<TooltipContent sideOffset={5} className="z-[60]">
-										<p>Reload the compose without rebuilding it</p>
+										<p>Stop the currently running compose</p>
 									</TooltipContent>
 								</TooltipPrimitive.Portal>
 							</Tooltip>
 						</Button>
 					</DialogAction>
 				)}
-				{canDeploy &&
-					(data?.composeType === "docker-compose" &&
-					data?.composeStatus === "idle" ? (
-						<DialogAction
-							title="Start Compose"
-							description="Are you sure you want to start this compose?"
-							type="default"
-							onClick={async () => {
-								await start({
-									composeId: composeId,
-								})
-									.then(() => {
-										toast.success("Compose started successfully");
-										refetch();
-									})
-									.catch(() => {
-										toast.error("Error starting compose");
-									});
-							}}
-						>
-							<Button
-								variant="secondary"
-								isLoading={isStarting}
-								className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
-							>
-								<Tooltip>
-									<TooltipTrigger asChild>
-										<div className="flex items-center">
-											<CheckCircle2 className="size-4 mr-1" />
-											Start
-										</div>
-									</TooltipTrigger>
-									<TooltipPrimitive.Portal>
-										<TooltipContent sideOffset={5} className="z-[60]">
-											<p>
-												Start the compose (requires a previous successful build)
-											</p>
-										</TooltipContent>
-									</TooltipPrimitive.Portal>
-								</Tooltip>
-							</Button>
-						</DialogAction>
-					) : (
-						<DialogAction
-							title="Stop Compose"
-							description="Are you sure you want to stop this compose?"
-							onClick={async () => {
-								await stop({
-									composeId: composeId,
-								})
-									.then(() => {
-										toast.success("Compose stopped successfully");
-										refetch();
-									})
-									.catch(() => {
-										toast.error("Error stopping compose");
-									});
-							}}
-						>
-							<Button
-								variant="destructive"
-								isLoading={isStopping}
-								className="flex items-center gap-1.5 group focus-visible:ring-2 focus-visible:ring-offset-2"
-							>
-								<Tooltip>
-									<TooltipTrigger asChild>
-										<div className="flex items-center">
-											<Ban className="size-4 mr-1" />
-											Stop
-										</div>
-									</TooltipTrigger>
-									<TooltipPrimitive.Portal>
-										<TooltipContent sideOffset={5} className="z-[60]">
-											<p>Stop the currently running compose</p>
-										</TooltipContent>
-									</TooltipPrimitive.Portal>
-								</Tooltip>
-							</Button>
-						</DialogAction>
-					))}
 			</TooltipProvider>
 			<DockerTerminalModal
 				appName={data?.appName || ""}
@@ -215,29 +205,27 @@ export const ComposeActions = ({ composeId }: Props) => {
 					Open Terminal
 				</Button>
 			</DockerTerminalModal>
-			{canUpdateService && (
-				<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
-					<span className="text-sm font-medium">Autodeploy</span>
-					<Switch
-						aria-label="Toggle autodeploy"
-						checked={data?.autoDeploy || false}
-						onCheckedChange={async (enabled) => {
-							await update({
-								composeId,
-								autoDeploy: enabled,
+			<div className="flex flex-row items-center gap-2 rounded-md px-4 py-2 border">
+				<span className="text-sm font-medium">Autodeploy</span>
+				<Switch
+					aria-label="Toggle autodeploy"
+					checked={data?.autoDeploy || false}
+					onCheckedChange={async (enabled) => {
+						await update({
+							composeId,
+							autoDeploy: enabled,
+						})
+							.then(async () => {
+								toast.success("Auto Deploy Updated");
+								await refetch();
 							})
-								.then(async () => {
-									toast.success("Auto Deploy Updated");
-									await refetch();
-								})
-								.catch(() => {
-									toast.error("Error updating Auto Deploy");
-								});
-						}}
-						className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
-					/>
-				</div>
-			)}
+							.catch(() => {
+								toast.error("Error updating Auto Deploy");
+							});
+					}}
+					className="flex flex-row gap-2 items-center data-[state=checked]:bg-primary"
+				/>
+			</div>
 		</div>
 	);
 };
--- a/apps/dokploy/components/dashboard/compose/general/compose-file-editor.tsx
+++ b/apps/dokploy/components/dashboard/compose/general/compose-file-editor.tsx
@@ -26,8 +26,6 @@ const AddComposeFile = z.object({
 type AddComposeFile = z.infer<typeof AddComposeFile>;

 export const ComposeFileEditor = ({ composeId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canUpdate = permissions?.service.create ?? false;
 	const utils = api.useUtils();
 	const { data, refetch } = api.compose.one.useQuery(
 		{
@@ -166,16 +164,14 @@ services:
 				</Form>
 				<div className="flex justify-between flex-col lg:flex-row gap-2">
 					<div className="w-full flex flex-col lg:flex-row gap-4 items-end" />
-					{canUpdate && (
-						<Button
-							type="submit"
-							form="hook-form-save-compose-file"
-							isLoading={isPending}
-							className="lg:w-fit w-full"
-						>
-							Save
-						</Button>
-					)}
+					<Button
+						type="submit"
+						form="hook-form-save-compose-file"
+						isLoading={isPending}
+						className="lg:w-fit w-full"
+					>
+						Save
+					</Button>
 				</div>
 			</div>
 		</>
--- a/apps/dokploy/components/dashboard/compose/general/generic/save-git-provider-compose.tsx
+++ b/apps/dokploy/components/dashboard/compose/general/generic/save-git-provider-compose.tsx
@@ -1,5 +1,5 @@
 import { standardSchemaResolver as zodResolver } from "@hookform/resolvers/standard-schema";
-import { HelpCircle, KeyRoundIcon, LockIcon, X } from "lucide-react";
+import { KeyRoundIcon, LockIcon, X } from "lucide-react";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import { useEffect } from "react";
@@ -230,8 +230,10 @@ export const SaveGitProviderCompose = ({ composeId }: Props) => {
 									<FormLabel>Watch Paths</FormLabel>
 									<TooltipProvider>
 										<Tooltip>
-											<TooltipTrigger asChild>
-												<HelpCircle className="size-4 text-muted-foreground hover:text-foreground transition-colors cursor-pointer" />
+											<TooltipTrigger>
+												<div className="size-4 rounded-full bg-muted flex items-center justify-center text-[10px] font-bold">
+													?
+												</div>
 											</TooltipTrigger>
 											<TooltipContent className="max-w-[300px]">
 												<p>
--- a/apps/dokploy/components/dashboard/mariadb/general/show-general-mariadb.tsx
+++ b/apps/dokploy/components/dashboard/mariadb/general/show-general-mariadb.tsx
@@ -21,8 +21,6 @@ interface Props {
 }

 export const ShowGeneralMariadb = ({ mariadbId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
 	const { data, refetch } = api.mariadb.one.useQuery(
 		{
 			mariadbId,
@@ -74,75 +72,154 @@ export const ShowGeneralMariadb = ({ mariadbId }: Props) => {
 						<CardTitle className="text-xl">Deploy Settings</CardTitle>
 					</CardHeader>
 					<CardContent className="flex flex-row gap-4 flex-wrap">
-						{canDeploy && (
-							<TooltipProvider delayDuration={0}>
-								<DialogAction
-									title="Deploy Mariadb"
-									description="Are you sure you want to deploy this mariadb?"
-									type="default"
-									onClick={async () => {
-										setIsDeploying(true);
-										await new Promise((resolve) => setTimeout(resolve, 1000));
-										refetch();
-									}}
+						<TooltipProvider delayDuration={0}>
+							<DialogAction
+								title="Deploy Mariadb"
+								description="Are you sure you want to deploy this mariadb?"
+								type="default"
+								onClick={async () => {
+									setIsDeploying(true);
+									await new Promise((resolve) => setTimeout(resolve, 1000));
+									refetch();
+								}}
+							>
+								<Button
+									variant="default"
+									isLoading={data?.applicationStatus === "running"}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 								>
-									<Button
-										variant="default"
-										isLoading={data?.applicationStatus === "running"}
-										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-									>
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<div className="flex items-center">
-													<Rocket className="size-4 mr-1" />
-													Deploy
-												</div>
-											</TooltipTrigger>
-											<TooltipPrimitive.Portal>
-												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Downloads and sets up the MariaDB database</p>
-												</TooltipContent>
-											</TooltipPrimitive.Portal>
-										</Tooltip>
-									</Button>
-								</DialogAction>
-							</TooltipProvider>
-						)}
-						{canDeploy && (
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<Rocket className="size-4 mr-1" />
+												Deploy
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Downloads and sets up the MariaDB database</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+						</TooltipProvider>
+						<TooltipProvider delayDuration={0}>
+							<DialogAction
+								title="Reload Mariadb"
+								description="Are you sure you want to reload this mariadb?"
+								type="default"
+								onClick={async () => {
+									await reload({
+										mariadbId: mariadbId,
+										appName: data?.appName || "",
+									})
+										.then(() => {
+											toast.success("Mariadb reloaded successfully");
+											refetch();
+										})
+										.catch(() => {
+											toast.error("Error reloading Mariadb");
+										});
+								}}
+							>
+								<Button
+									variant="secondary"
+									isLoading={isReloading}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+								>
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<RefreshCcw className="size-4 mr-1" />
+												Reload
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Restart the MariaDB service without rebuilding</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+						</TooltipProvider>
+						{data?.applicationStatus === "idle" ? (
 							<TooltipProvider delayDuration={0}>
 								<DialogAction
-									title="Reload Mariadb"
-									description="Are you sure you want to reload this mariadb?"
+									title="Start Mariadb"
+									description="Are you sure you want to start this mariadb?"
 									type="default"
 									onClick={async () => {
-										await reload({
+										await start({
 											mariadbId: mariadbId,
-											appName: data?.appName || "",
 										})
 											.then(() => {
-												toast.success("Mariadb reloaded successfully");
+												toast.success("Mariadb started successfully");
 												refetch();
 											})
 											.catch(() => {
-												toast.error("Error reloading Mariadb");
+												toast.error("Error starting Mariadb");
 											});
 									}}
 								>
 									<Button
 										variant="secondary"
-										isLoading={isReloading}
+										isLoading={isStarting}
 										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 									>
 										<Tooltip>
 											<TooltipTrigger asChild>
 												<div className="flex items-center">
-													<RefreshCcw className="size-4 mr-1" />
-													Reload
+													<CheckCircle2 className="size-4 mr-1" />
+													Start
 												</div>
 											</TooltipTrigger>
 											<TooltipPrimitive.Portal>
 												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Restart the MariaDB service without rebuilding</p>
+													<p>
+														Start the MariaDB database (requires a previous
+														successful setup)
+													</p>
+												</TooltipContent>
+											</TooltipPrimitive.Portal>
+										</Tooltip>
+									</Button>
+								</DialogAction>
+							</TooltipProvider>
+						) : (
+							<TooltipProvider delayDuration={0}>
+								<DialogAction
+									title="Stop Mariadb"
+									description="Are you sure you want to stop this mariadb?"
+									onClick={async () => {
+										await stop({
+											mariadbId: mariadbId,
+										})
+											.then(() => {
+												toast.success("Mariadb stopped successfully");
+												refetch();
+											})
+											.catch(() => {
+												toast.error("Error stopping Mariadb");
+											});
+									}}
+								>
+									<Button
+										variant="destructive"
+										isLoading={isStopping}
+										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+									>
+										<Tooltip>
+											<TooltipTrigger asChild>
+												<div className="flex items-center">
+													<Ban className="size-4 mr-1" />
+													Stop
+												</div>
+											</TooltipTrigger>
+											<TooltipPrimitive.Portal>
+												<TooltipContent sideOffset={5} className="z-[60]">
+													<p>Stop the currently running MariaDB database</p>
 												</TooltipContent>
 											</TooltipPrimitive.Portal>
 										</Tooltip>
@@ -150,90 +227,6 @@ export const ShowGeneralMariadb = ({ mariadbId }: Props) => {
 								</DialogAction>
 							</TooltipProvider>
 						)}
-						{canDeploy &&
-							(data?.applicationStatus === "idle" ? (
-								<TooltipProvider delayDuration={0}>
-									<DialogAction
-										title="Start Mariadb"
-										description="Are you sure you want to start this mariadb?"
-										type="default"
-										onClick={async () => {
-											await start({
-												mariadbId: mariadbId,
-											})
-												.then(() => {
-													toast.success("Mariadb started successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error starting Mariadb");
-												});
-										}}
-									>
-										<Button
-											variant="secondary"
-											isLoading={isStarting}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<CheckCircle2 className="size-4 mr-1" />
-														Start
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Start the MariaDB database (requires a previous
-															successful setup)
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								</TooltipProvider>
-							) : (
-								<TooltipProvider delayDuration={0}>
-									<DialogAction
-										title="Stop Mariadb"
-										description="Are you sure you want to stop this mariadb?"
-										onClick={async () => {
-											await stop({
-												mariadbId: mariadbId,
-											})
-												.then(() => {
-													toast.success("Mariadb stopped successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error stopping Mariadb");
-												});
-										}}
-									>
-										<Button
-											variant="destructive"
-											isLoading={isStopping}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<Ban className="size-4 mr-1" />
-														Stop
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>Stop the currently running MariaDB database</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								</TooltipProvider>
-							))}
 						<DockerTerminalModal
 							appName={data?.appName || ""}
 							serverId={data?.serverId || ""}
--- a/apps/dokploy/components/dashboard/mongo/general/show-general-mongo.tsx
+++ b/apps/dokploy/components/dashboard/mongo/general/show-general-mongo.tsx
@@ -21,8 +21,6 @@ interface Props {
 }

 export const ShowGeneralMongo = ({ mongoId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
 	const { data, refetch } = api.mongo.one.useQuery(
 		{
 			mongoId,
@@ -75,158 +73,153 @@ export const ShowGeneralMongo = ({ mongoId }: Props) => {
 					</CardHeader>
 					<CardContent className="flex flex-row gap-4 flex-wrap">
 						<TooltipProvider delayDuration={0}>
-							{canDeploy && (
-								<DialogAction
-									title="Deploy Mongo"
-									description="Are you sure you want to deploy this mongo?"
-									type="default"
-									onClick={async () => {
-										setIsDeploying(true);
-										await new Promise((resolve) => setTimeout(resolve, 1000));
-										refetch();
-									}}
+							<DialogAction
+								title="Deploy Mongo"
+								description="Are you sure you want to deploy this mongo?"
+								type="default"
+								onClick={async () => {
+									setIsDeploying(true);
+									await new Promise((resolve) => setTimeout(resolve, 1000));
+									refetch();
+								}}
+							>
+								<Button
+									variant="default"
+									isLoading={data?.applicationStatus === "running"}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 								>
-									<Button
-										variant="default"
-										isLoading={data?.applicationStatus === "running"}
-										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-									>
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<div className="flex items-center">
-													<Rocket className="size-4 mr-1" />
-													Deploy
-												</div>
-											</TooltipTrigger>
-											<TooltipPrimitive.Portal>
-												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Downloads and sets up the MongoDB database</p>
-												</TooltipContent>
-											</TooltipPrimitive.Portal>
-										</Tooltip>
-									</Button>
-								</DialogAction>
-							)}
-							{canDeploy && (
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<Rocket className="size-4 mr-1" />
+												Deploy
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Downloads and sets up the MongoDB database</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							<DialogAction
+								title="Reload Mongo"
+								description="Are you sure you want to reload this mongo?"
+								type="default"
+								onClick={async () => {
+									await reload({
+										mongoId: mongoId,
+										appName: data?.appName || "",
+									})
+										.then(() => {
+											toast.success("Mongo reloaded successfully");
+											refetch();
+										})
+										.catch(() => {
+											toast.error("Error reloading Mongo");
+										});
+								}}
+							>
+								<Button
+									variant="secondary"
+									isLoading={isReloading}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+								>
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<RefreshCcw className="size-4 mr-1" />
+												Reload
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Restart the MongoDB service without rebuilding</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							{data?.applicationStatus === "idle" ? (
 								<DialogAction
-									title="Reload Mongo"
-									description="Are you sure you want to reload this mongo?"
+									title="Start Mongo"
+									description="Are you sure you want to start this mongo?"
 									type="default"
 									onClick={async () => {
-										await reload({
+										await start({
 											mongoId: mongoId,
-											appName: data?.appName || "",
 										})
 											.then(() => {
-												toast.success("Mongo reloaded successfully");
+												toast.success("Mongo started successfully");
 												refetch();
 											})
 											.catch(() => {
-												toast.error("Error reloading Mongo");
+												toast.error("Error starting Mongo");
 											});
 									}}
 								>
 									<Button
 										variant="secondary"
-										isLoading={isReloading}
+										isLoading={isStarting}
 										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 									>
 										<Tooltip>
 											<TooltipTrigger asChild>
 												<div className="flex items-center">
-													<RefreshCcw className="size-4 mr-1" />
-													Reload
+													<CheckCircle2 className="size-4 mr-1" />
+													Start
 												</div>
 											</TooltipTrigger>
 											<TooltipPrimitive.Portal>
 												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Restart the MongoDB service without rebuilding</p>
+													<p>
+														Start the MongoDB database (requires a previous
+														successful setup)
+													</p>
+												</TooltipContent>
+											</TooltipPrimitive.Portal>
+										</Tooltip>
+									</Button>
+								</DialogAction>
+							) : (
+								<DialogAction
+									title="Stop Mongo"
+									description="Are you sure you want to stop this mongo?"
+									onClick={async () => {
+										await stop({
+											mongoId: mongoId,
+										})
+											.then(() => {
+												toast.success("Mongo stopped successfully");
+												refetch();
+											})
+											.catch(() => {
+												toast.error("Error stopping Mongo");
+											});
+									}}
+								>
+									<Button
+										variant="destructive"
+										isLoading={isStopping}
+										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+									>
+										<Tooltip>
+											<TooltipTrigger asChild>
+												<div className="flex items-center">
+													<Ban className="size-4 mr-1" />
+													Stop
+												</div>
+											</TooltipTrigger>
+											<TooltipPrimitive.Portal>
+												<TooltipContent sideOffset={5} className="z-[60]">
+													<p>Stop the currently running MongoDB database</p>
 												</TooltipContent>
 											</TooltipPrimitive.Portal>
 										</Tooltip>
 									</Button>
 								</DialogAction>
 							)}
-							{canDeploy &&
-								(data?.applicationStatus === "idle" ? (
-									<DialogAction
-										title="Start Mongo"
-										description="Are you sure you want to start this mongo?"
-										type="default"
-										onClick={async () => {
-											await start({
-												mongoId: mongoId,
-											})
-												.then(() => {
-													toast.success("Mongo started successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error starting Mongo");
-												});
-										}}
-									>
-										<Button
-											variant="secondary"
-											isLoading={isStarting}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<CheckCircle2 className="size-4 mr-1" />
-														Start
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Start the MongoDB database (requires a previous
-															successful setup)
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								) : (
-									<DialogAction
-										title="Stop Mongo"
-										description="Are you sure you want to stop this mongo?"
-										onClick={async () => {
-											await stop({
-												mongoId: mongoId,
-											})
-												.then(() => {
-													toast.success("Mongo stopped successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error stopping Mongo");
-												});
-										}}
-									>
-										<Button
-											variant="destructive"
-											isLoading={isStopping}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<Ban className="size-4 mr-1" />
-														Stop
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>Stop the currently running MongoDB database</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								))}
 						</TooltipProvider>
 						<DockerTerminalModal
 							appName={data?.appName || ""}
--- a/apps/dokploy/components/dashboard/mysql/general/show-general-mysql.tsx
+++ b/apps/dokploy/components/dashboard/mysql/general/show-general-mysql.tsx
@@ -21,8 +21,6 @@ interface Props {
 }

 export const ShowGeneralMysql = ({ mysqlId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
 	const { data, refetch } = api.mysql.one.useQuery(
 		{
 			mysqlId,
@@ -73,158 +71,153 @@ export const ShowGeneralMysql = ({ mysqlId }: Props) => {
 					</CardHeader>
 					<CardContent className="flex flex-row gap-4 flex-wrap">
 						<TooltipProvider delayDuration={0}>
-							{canDeploy && (
-								<DialogAction
-									title="Deploy MySQL"
-									description="Are you sure you want to deploy this mysql?"
-									type="default"
-									onClick={async () => {
-										setIsDeploying(true);
-										await new Promise((resolve) => setTimeout(resolve, 1000));
-										refetch();
-									}}
+							<DialogAction
+								title="Deploy MySQL"
+								description="Are you sure you want to deploy this mysql?"
+								type="default"
+								onClick={async () => {
+									setIsDeploying(true);
+									await new Promise((resolve) => setTimeout(resolve, 1000));
+									refetch();
+								}}
+							>
+								<Button
+									variant="default"
+									isLoading={data?.applicationStatus === "running"}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 								>
-									<Button
-										variant="default"
-										isLoading={data?.applicationStatus === "running"}
-										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-									>
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<div className="flex items-center">
-													<Rocket className="size-4 mr-1" />
-													Deploy
-												</div>
-											</TooltipTrigger>
-											<TooltipPrimitive.Portal>
-												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Downloads and sets up the MySQL database</p>
-												</TooltipContent>
-											</TooltipPrimitive.Portal>
-										</Tooltip>
-									</Button>
-								</DialogAction>
-							)}
-							{canDeploy && (
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<Rocket className="size-4 mr-1" />
+												Deploy
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Downloads and sets up the MySQL database</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							<DialogAction
+								title="Reload MySQL"
+								description="Are you sure you want to reload this mysql?"
+								type="default"
+								onClick={async () => {
+									await reload({
+										mysqlId: mysqlId,
+										appName: data?.appName || "",
+									})
+										.then(() => {
+											toast.success("MySQL reloaded successfully");
+											refetch();
+										})
+										.catch(() => {
+											toast.error("Error reloading MySQL");
+										});
+								}}
+							>
+								<Button
+									variant="secondary"
+									isLoading={isReloading}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+								>
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<RefreshCcw className="size-4 mr-1" />
+												Reload
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Restart the MySQL service without rebuilding</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							{data?.applicationStatus === "idle" ? (
 								<DialogAction
-									title="Reload MySQL"
-									description="Are you sure you want to reload this mysql?"
+									title="Start MySQL"
+									description="Are you sure you want to start this mysql?"
 									type="default"
 									onClick={async () => {
-										await reload({
+										await start({
 											mysqlId: mysqlId,
-											appName: data?.appName || "",
 										})
 											.then(() => {
-												toast.success("MySQL reloaded successfully");
+												toast.success("MySQL started successfully");
 												refetch();
 											})
 											.catch(() => {
-												toast.error("Error reloading MySQL");
+												toast.error("Error starting MySQL");
 											});
 									}}
 								>
 									<Button
 										variant="secondary"
-										isLoading={isReloading}
+										isLoading={isStarting}
 										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 									>
 										<Tooltip>
 											<TooltipTrigger asChild>
 												<div className="flex items-center">
-													<RefreshCcw className="size-4 mr-1" />
-													Reload
+													<CheckCircle2 className="size-4 mr-1" />
+													Start
 												</div>
 											</TooltipTrigger>
 											<TooltipPrimitive.Portal>
 												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Restart the MySQL service without rebuilding</p>
+													<p>
+														Start the MySQL database (requires a previous
+														successful setup)
+													</p>
+												</TooltipContent>
+											</TooltipPrimitive.Portal>
+										</Tooltip>
+									</Button>
+								</DialogAction>
+							) : (
+								<DialogAction
+									title="Stop MySQL"
+									description="Are you sure you want to stop this mysql?"
+									onClick={async () => {
+										await stop({
+											mysqlId: mysqlId,
+										})
+											.then(() => {
+												toast.success("MySQL stopped successfully");
+												refetch();
+											})
+											.catch(() => {
+												toast.error("Error stopping MySQL");
+											});
+									}}
+								>
+									<Button
+										variant="destructive"
+										isLoading={isStopping}
+										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+									>
+										<Tooltip>
+											<TooltipTrigger asChild>
+												<div className="flex items-center">
+													<Ban className="size-4 mr-1" />
+													Stop
+												</div>
+											</TooltipTrigger>
+											<TooltipPrimitive.Portal>
+												<TooltipContent sideOffset={5} className="z-[60]">
+													<p>Stop the currently running MySQL database</p>
 												</TooltipContent>
 											</TooltipPrimitive.Portal>
 										</Tooltip>
 									</Button>
 								</DialogAction>
 							)}
-							{canDeploy &&
-								(data?.applicationStatus === "idle" ? (
-									<DialogAction
-										title="Start MySQL"
-										description="Are you sure you want to start this mysql?"
-										type="default"
-										onClick={async () => {
-											await start({
-												mysqlId: mysqlId,
-											})
-												.then(() => {
-													toast.success("MySQL started successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error starting MySQL");
-												});
-										}}
-									>
-										<Button
-											variant="secondary"
-											isLoading={isStarting}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<CheckCircle2 className="size-4 mr-1" />
-														Start
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Start the MySQL database (requires a previous
-															successful setup)
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								) : (
-									<DialogAction
-										title="Stop MySQL"
-										description="Are you sure you want to stop this mysql?"
-										onClick={async () => {
-											await stop({
-												mysqlId: mysqlId,
-											})
-												.then(() => {
-													toast.success("MySQL stopped successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error stopping MySQL");
-												});
-										}}
-									>
-										<Button
-											variant="destructive"
-											isLoading={isStopping}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<Ban className="size-4 mr-1" />
-														Stop
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>Stop the currently running MySQL database</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								))}
 						</TooltipProvider>
 						<DockerTerminalModal
 							appName={data?.appName || ""}
--- a/apps/dokploy/components/dashboard/postgres/general/show-general-postgres.tsx
+++ b/apps/dokploy/components/dashboard/postgres/general/show-general-postgres.tsx
@@ -21,8 +21,6 @@ interface Props {
 }

 export const ShowGeneralPostgres = ({ postgresId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
 	const { data, refetch } = api.postgres.one.useQuery(
 		{
 			postgresId: postgresId,
@@ -75,162 +73,153 @@ export const ShowGeneralPostgres = ({ postgresId }: Props) => {
 					</CardHeader>
 					<CardContent className="flex flex-row gap-4 flex-wrap">
 						<TooltipProvider disableHoverableContent={false}>
-							{canDeploy && (
-								<DialogAction
-									title="Deploy PostgreSQL"
-									description="Are you sure you want to deploy this postgres?"
-									type="default"
-									onClick={async () => {
-										setIsDeploying(true);
-										await new Promise((resolve) => setTimeout(resolve, 1000));
-										refetch();
-									}}
+							<DialogAction
+								title="Deploy PostgreSQL"
+								description="Are you sure you want to deploy this postgres?"
+								type="default"
+								onClick={async () => {
+									setIsDeploying(true);
+									await new Promise((resolve) => setTimeout(resolve, 1000));
+									refetch();
+								}}
+							>
+								<Button
+									variant="default"
+									isLoading={data?.applicationStatus === "running"}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 								>
-									<Button
-										variant="default"
-										isLoading={data?.applicationStatus === "running"}
-										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-									>
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<div className="flex items-center">
-													<Rocket className="size-4 mr-1" />
-													Deploy
-												</div>
-											</TooltipTrigger>
-											<TooltipPrimitive.Portal>
-												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Downloads and sets up the PostgreSQL database</p>
-												</TooltipContent>
-											</TooltipPrimitive.Portal>
-										</Tooltip>
-									</Button>
-								</DialogAction>
-							)}
-							{canDeploy && (
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<Rocket className="size-4 mr-1" />
+												Deploy
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Downloads and sets up the PostgreSQL database</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							<DialogAction
+								title="Reload PostgreSQL"
+								description="Are you sure you want to reload this postgres?"
+								type="default"
+								onClick={async () => {
+									await reload({
+										postgresId: postgresId,
+										appName: data?.appName || "",
+									})
+										.then(() => {
+											toast.success("PostgreSQL reloaded successfully");
+											refetch();
+										})
+										.catch(() => {
+											toast.error("Error reloading PostgreSQL");
+										});
+								}}
+							>
+								<Button
+									variant="secondary"
+									isLoading={isReloading}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+								>
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<RefreshCcw className="size-4 mr-1" />
+												Reload
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Restart the PostgreSQL service without rebuilding</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							{data?.applicationStatus === "idle" ? (
 								<DialogAction
-									title="Reload PostgreSQL"
-									description="Are you sure you want to reload this postgres?"
+									title="Start PostgreSQL"
+									description="Are you sure you want to start this postgres?"
 									type="default"
 									onClick={async () => {
-										await reload({
+										await start({
 											postgresId: postgresId,
-											appName: data?.appName || "",
 										})
 											.then(() => {
-												toast.success("PostgreSQL reloaded successfully");
+												toast.success("PostgreSQL started successfully");
 												refetch();
 											})
 											.catch(() => {
-												toast.error("Error reloading PostgreSQL");
+												toast.error("Error starting PostgreSQL");
 											});
 									}}
 								>
 									<Button
 										variant="secondary"
-										isLoading={isReloading}
+										isLoading={isStarting}
 										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 									>
 										<Tooltip>
 											<TooltipTrigger asChild>
 												<div className="flex items-center">
-													<RefreshCcw className="size-4 mr-1" />
-													Reload
+													<CheckCircle2 className="size-4 mr-1" />
+													Start
 												</div>
 											</TooltipTrigger>
 											<TooltipPrimitive.Portal>
 												<TooltipContent sideOffset={5} className="z-[60]">
 													<p>
-														Restart the PostgreSQL service without rebuilding
+														Start the PostgreSQL database (requires a previous
+														successful setup)
 													</p>
 												</TooltipContent>
 											</TooltipPrimitive.Portal>
 										</Tooltip>
 									</Button>
 								</DialogAction>
+							) : (
+								<DialogAction
+									title="Stop PostgreSQL"
+									description="Are you sure you want to stop this postgres?"
+									onClick={async () => {
+										await stop({
+											postgresId: postgresId,
+										})
+											.then(() => {
+												toast.success("PostgreSQL stopped successfully");
+												refetch();
+											})
+											.catch(() => {
+												toast.error("Error stopping PostgreSQL");
+											});
+									}}
+								>
+									<Button
+										variant="destructive"
+										isLoading={isStopping}
+										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+									>
+										<Tooltip>
+											<TooltipTrigger asChild>
+												<div className="flex items-center">
+													<Ban className="size-4 mr-1" />
+													Stop
+												</div>
+											</TooltipTrigger>
+											<TooltipPrimitive.Portal>
+												<TooltipContent sideOffset={5} className="z-[60]">
+													<p>Stop the currently running PostgreSQL database</p>
+												</TooltipContent>
+											</TooltipPrimitive.Portal>
+										</Tooltip>
+									</Button>
+								</DialogAction>
 							)}
-							{canDeploy &&
-								(data?.applicationStatus === "idle" ? (
-									<DialogAction
-										title="Start PostgreSQL"
-										description="Are you sure you want to start this postgres?"
-										type="default"
-										onClick={async () => {
-											await start({
-												postgresId: postgresId,
-											})
-												.then(() => {
-													toast.success("PostgreSQL started successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error starting PostgreSQL");
-												});
-										}}
-									>
-										<Button
-											variant="secondary"
-											isLoading={isStarting}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<CheckCircle2 className="size-4 mr-1" />
-														Start
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Start the PostgreSQL database (requires a previous
-															successful setup)
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								) : (
-									<DialogAction
-										title="Stop PostgreSQL"
-										description="Are you sure you want to stop this postgres?"
-										onClick={async () => {
-											await stop({
-												postgresId: postgresId,
-											})
-												.then(() => {
-													toast.success("PostgreSQL stopped successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error stopping PostgreSQL");
-												});
-										}}
-									>
-										<Button
-											variant="destructive"
-											isLoading={isStopping}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<Ban className="size-4 mr-1" />
-														Stop
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Stop the currently running PostgreSQL database
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								))}
 						</TooltipProvider>
 						<DockerTerminalModal
 							appName={data?.appName || ""}
--- a/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx
+++ b/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx
@@ -57,13 +57,19 @@ export const AdvancedEnvironmentSelector = ({
 	const [description, setDescription] = useState("");

 	// Get current user's permissions
-	const { data: permissions } = api.user.getPermissions.useQuery();
+	const { data: currentUser } = api.user.get.useQuery();

 	// Check if user can create environments
-	const canCreateEnvironments = !!permissions?.environment.create;
+	const canCreateEnvironments =
+		currentUser?.role === "owner" ||
+		currentUser?.role === "admin" ||
+		currentUser?.canCreateEnvironments === true;

 	// Check if user can delete environments
-	const canDeleteEnvironments = !!permissions?.environment.delete;
+	const canDeleteEnvironments =
+		currentUser?.role === "owner" ||
+		currentUser?.role === "admin" ||
+		currentUser?.canDeleteEnvironments === true;

 	const haveServices =
 		selectedEnvironment &&
--- a/apps/dokploy/components/dashboard/project/environment-variables.tsx
+++ b/apps/dokploy/components/dashboard/project/environment-variables.tsx
@@ -39,9 +39,6 @@ interface Props {
 }

 export const EnvironmentVariables = ({ environmentId, children }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canRead = permissions?.environmentEnvVars.read ?? false;
-	const canWrite = permissions?.environmentEnvVars.write ?? false;
 	const [isOpen, setIsOpen] = useState(false);
 	const utils = api.useUtils();
 	const { mutateAsync, error, isError, isPending } =
@@ -100,10 +97,6 @@ export const EnvironmentVariables = ({ environmentId, children }: Props) => {
 		};
 	}, [form, onSubmit, isPending, isOpen]);

-	if (!canRead) {
-		return null;
-	}
-
 	return (
 		<Dialog open={isOpen} onOpenChange={setIsOpen}>
 			<DialogTrigger asChild>
@@ -148,7 +141,6 @@ export const EnvironmentVariables = ({ environmentId, children }: Props) => {
 												<CodeEditor
 													lineWrapping
 													language="properties"
-													readOnly={!canWrite}
 													wrapperClassName="h-[35rem] font-mono"
 													placeholder={`NODE_ENV=development
 DATABASE_URL=postgresql://localhost:5432/mydb
@@ -165,13 +157,11 @@ API_KEY=your-api-key-here
 										</FormItem>
 									)}
 								/>
-								{canWrite && (
-									<DialogFooter>
-										<Button isLoading={isPending} type="submit">
-											Update
-										</Button>
-									</DialogFooter>
-								)}
+								<DialogFooter>
+									<Button isLoading={isPending} type="submit">
+										Update
+									</Button>
+								</DialogFooter>
 							</form>
 						</Form>
 					</div>
--- a/apps/dokploy/components/dashboard/projects/project-environment.tsx
+++ b/apps/dokploy/components/dashboard/projects/project-environment.tsx
@@ -39,9 +39,6 @@ interface Props {
 }

 export const ProjectEnvironment = ({ projectId, children }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canRead = permissions?.projectEnvVars.read ?? false;
-	const canWrite = permissions?.projectEnvVars.write ?? false;
 	const [isOpen, setIsOpen] = useState(false);
 	const utils = api.useUtils();
 	const { mutateAsync, error, isError, isPending } =
@@ -99,10 +96,6 @@ export const ProjectEnvironment = ({ projectId, children }: Props) => {
 		};
 	}, [form, onSubmit, isPending, isOpen]);

-	if (!canRead) {
-		return null;
-	}
-
 	return (
 		<Dialog open={isOpen} onOpenChange={setIsOpen}>
 			<DialogTrigger asChild>
@@ -146,7 +139,6 @@ export const ProjectEnvironment = ({ projectId, children }: Props) => {
 												<CodeEditor
 													lineWrapping
 													language="properties"
-													readOnly={!canWrite}
 													wrapperClassName="h-[35rem] font-mono"
 													placeholder={`NODE_ENV=production
 PORT=3000
@@ -162,13 +154,11 @@ PORT=3000
 										</FormItem>
 									)}
 								/>
-								{canWrite && (
-									<DialogFooter>
-										<Button isLoading={isPending} type="submit">
-											Update
-										</Button>
-									</DialogFooter>
-								)}
+								<DialogFooter>
+									<Button isLoading={isPending} type="submit">
+										Update
+									</Button>
+								</DialogFooter>
 							</form>
 						</Form>
 					</div>
--- a/apps/dokploy/components/dashboard/projects/show.tsx
+++ b/apps/dokploy/components/dashboard/projects/show.tsx
@@ -61,7 +61,6 @@ export const ShowProjects = () => {
 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data, isPending } = api.project.all.useQuery();
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();
 	const { mutateAsync } = api.project.remove.useMutation();

 	const [searchQuery, setSearchQuery] = useState(
@@ -169,6 +168,11 @@ export const ShowProjects = () => {
 			<BreadcrumbSidebar
 				list={[{ name: "Projects", href: "/dashboard/projects" }]}
 			/>
+			{!isCloud && (
+				<div className="absolute top-4 right-4">
+					<TimeBadge />
+				</div>
+			)}
 			<div className="w-full">
 				<Card className="h-full bg-sidebar p-2.5 rounded-xl  ">
 					<div className="rounded-xl bg-background shadow-md ">
@@ -182,7 +186,9 @@ export const ShowProjects = () => {
 									Create and manage your projects
 								</CardDescription>
 							</CardHeader>
-							{permissions?.project.create && (
+							{(auth?.role === "owner" ||
+								auth?.role === "admin" ||
+								auth?.canCreateProjects) && (
 								<div className="">
 									<HandleProject />
 								</div>
@@ -355,7 +361,8 @@ export const ShowProjects = () => {
 																				<div
 																					onClick={(e) => e.stopPropagation()}
 																				>
-																					{permissions?.project.delete && (
+																					{(auth?.role === "owner" ||
+																						auth?.canDeleteProjects) && (
 																						<AlertDialog>
 																							<AlertDialogTrigger className="w-full">
 																								<DropdownMenuItem
--- a/apps/dokploy/components/dashboard/redis/general/show-general-redis.tsx
+++ b/apps/dokploy/components/dashboard/redis/general/show-general-redis.tsx
@@ -21,8 +21,6 @@ interface Props {
 }

 export const ShowGeneralRedis = ({ redisId }: Props) => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const canDeploy = permissions?.deployment.create ?? false;
 	const { data, refetch } = api.redis.one.useQuery(
 		{
 			redisId,
@@ -74,158 +72,153 @@ export const ShowGeneralRedis = ({ redisId }: Props) => {
 					</CardHeader>
 					<CardContent className="flex flex-row gap-4 flex-wrap">
 						<TooltipProvider delayDuration={0}>
-							{canDeploy && (
-								<DialogAction
-									title="Deploy Redis"
-									description="Are you sure you want to deploy this redis?"
-									type="default"
-									onClick={async () => {
-										setIsDeploying(true);
-										await new Promise((resolve) => setTimeout(resolve, 1000));
-										refetch();
-									}}
+							<DialogAction
+								title="Deploy Redis"
+								description="Are you sure you want to deploy this redis?"
+								type="default"
+								onClick={async () => {
+									setIsDeploying(true);
+									await new Promise((resolve) => setTimeout(resolve, 1000));
+									refetch();
+								}}
+							>
+								<Button
+									variant="default"
+									isLoading={data?.applicationStatus === "running"}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 								>
-									<Button
-										variant="default"
-										isLoading={data?.applicationStatus === "running"}
-										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-									>
-										<Tooltip>
-											<TooltipTrigger asChild>
-												<div className="flex items-center">
-													<Rocket className="size-4 mr-1" />
-													Deploy
-												</div>
-											</TooltipTrigger>
-											<TooltipPrimitive.Portal>
-												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Downloads and sets up the Redis database</p>
-												</TooltipContent>
-											</TooltipPrimitive.Portal>
-										</Tooltip>
-									</Button>
-								</DialogAction>
-							)}
-							{canDeploy && (
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<Rocket className="size-4 mr-1" />
+												Deploy
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Downloads and sets up the Redis database</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							<DialogAction
+								title="Reload Redis"
+								description="Are you sure you want to reload this redis?"
+								type="default"
+								onClick={async () => {
+									await reload({
+										redisId: redisId,
+										appName: data?.appName || "",
+									})
+										.then(() => {
+											toast.success("Redis reloaded successfully");
+											refetch();
+										})
+										.catch(() => {
+											toast.error("Error reloading Redis");
+										});
+								}}
+							>
+								<Button
+									variant="secondary"
+									isLoading={isReloading}
+									className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+								>
+									<Tooltip>
+										<TooltipTrigger asChild>
+											<div className="flex items-center">
+												<RefreshCcw className="size-4 mr-1" />
+												Reload
+											</div>
+										</TooltipTrigger>
+										<TooltipPrimitive.Portal>
+											<TooltipContent sideOffset={5} className="z-[60]">
+												<p>Restart the Redis service without rebuilding</p>
+											</TooltipContent>
+										</TooltipPrimitive.Portal>
+									</Tooltip>
+								</Button>
+							</DialogAction>
+							{data?.applicationStatus === "idle" ? (
 								<DialogAction
-									title="Reload Redis"
-									description="Are you sure you want to reload this redis?"
+									title="Start Redis"
+									description="Are you sure you want to start this redis?"
 									type="default"
 									onClick={async () => {
-										await reload({
+										await start({
 											redisId: redisId,
-											appName: data?.appName || "",
 										})
 											.then(() => {
-												toast.success("Redis reloaded successfully");
+												toast.success("Redis started successfully");
 												refetch();
 											})
 											.catch(() => {
-												toast.error("Error reloading Redis");
+												toast.error("Error starting Redis");
 											});
 									}}
 								>
 									<Button
 										variant="secondary"
-										isLoading={isReloading}
+										isLoading={isStarting}
 										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
 									>
 										<Tooltip>
 											<TooltipTrigger asChild>
 												<div className="flex items-center">
-													<RefreshCcw className="size-4 mr-1" />
-													Reload
+													<CheckCircle2 className="size-4 mr-1" />
+													Start
 												</div>
 											</TooltipTrigger>
 											<TooltipPrimitive.Portal>
 												<TooltipContent sideOffset={5} className="z-[60]">
-													<p>Restart the Redis service without rebuilding</p>
+													<p>
+														Start the Redis database (requires a previous
+														successful setup)
+													</p>
+												</TooltipContent>
+											</TooltipPrimitive.Portal>
+										</Tooltip>
+									</Button>
+								</DialogAction>
+							) : (
+								<DialogAction
+									title="Stop Redis"
+									description="Are you sure you want to stop this redis?"
+									onClick={async () => {
+										await stop({
+											redisId: redisId,
+										})
+											.then(() => {
+												toast.success("Redis stopped successfully");
+												refetch();
+											})
+											.catch(() => {
+												toast.error("Error stopping Redis");
+											});
+									}}
+								>
+									<Button
+										variant="destructive"
+										isLoading={isStopping}
+										className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
+									>
+										<Tooltip>
+											<TooltipTrigger asChild>
+												<div className="flex items-center">
+													<Ban className="size-4 mr-1" />
+													Stop
+												</div>
+											</TooltipTrigger>
+											<TooltipPrimitive.Portal>
+												<TooltipContent sideOffset={5} className="z-[60]">
+													<p>Stop the currently running Redis database</p>
 												</TooltipContent>
 											</TooltipPrimitive.Portal>
 										</Tooltip>
 									</Button>
 								</DialogAction>
 							)}
-							{canDeploy &&
-								(data?.applicationStatus === "idle" ? (
-									<DialogAction
-										title="Start Redis"
-										description="Are you sure you want to start this redis?"
-										type="default"
-										onClick={async () => {
-											await start({
-												redisId: redisId,
-											})
-												.then(() => {
-													toast.success("Redis started successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error starting Redis");
-												});
-										}}
-									>
-										<Button
-											variant="secondary"
-											isLoading={isStarting}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<CheckCircle2 className="size-4 mr-1" />
-														Start
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>
-															Start the Redis database (requires a previous
-															successful setup)
-														</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								) : (
-									<DialogAction
-										title="Stop Redis"
-										description="Are you sure you want to stop this redis?"
-										onClick={async () => {
-											await stop({
-												redisId: redisId,
-											})
-												.then(() => {
-													toast.success("Redis stopped successfully");
-													refetch();
-												})
-												.catch(() => {
-													toast.error("Error stopping Redis");
-												});
-										}}
-									>
-										<Button
-											variant="destructive"
-											isLoading={isStopping}
-											className="flex items-center gap-1.5 focus-visible:ring-2 focus-visible:ring-offset-2"
-										>
-											<Tooltip>
-												<TooltipTrigger asChild>
-													<div className="flex items-center">
-														<Ban className="size-4 mr-1" />
-														Stop
-													</div>
-												</TooltipTrigger>
-												<TooltipPrimitive.Portal>
-													<TooltipContent sideOffset={5} className="z-[60]">
-														<p>Stop the currently running Redis database</p>
-													</TooltipContent>
-												</TooltipPrimitive.Portal>
-											</Tooltip>
-										</Button>
-									</DialogAction>
-								))}
 						</TooltipProvider>
 						<DockerTerminalModal
 							appName={data?.appName || ""}
--- a/apps/dokploy/components/dashboard/settings/billing/show-billing.tsx
+++ b/apps/dokploy/components/dashboard/settings/billing/show-billing.tsx
@@ -91,10 +91,7 @@ export const ShowBilling = () => {
 		api.stripe.upgradeSubscription.useMutation();
 	const utils = api.useUtils();

-	const [hobbyServerQuantity, setHobbyServerQuantity] = useState(1);
-	const [startupServerQuantity, setStartupServerQuantity] = useState(
-		STARTUP_SERVERS_INCLUDED,
-	);
+	const [serverQuantity, setServerQuantity] = useState(3);
 	const [isAnnual, setIsAnnual] = useState(false);
 	const [upgradeTier, setUpgradeTier] = useState<"hobby" | "startup" | null>(
 		null,
@@ -114,12 +111,6 @@ export const ShowBilling = () => {
 		productId: string,
 	) => {
 		const stripe = await stripePromise;
-		const serverQuantity =
-			tier === "startup"
-				? startupServerQuantity
-				: tier === "hobby"
-					? hobbyServerQuantity
-					: hobbyServerQuantity;
 		if (data && data.subscriptions.length === 0) {
 			createCheckoutSession({
 				tier,
@@ -688,7 +679,7 @@ export const ShowBilling = () => {
 												<p className="text-2xl font-semibold text-foreground">
 													$
 													{calculatePriceHobby(
-														hobbyServerQuantity,
+														serverQuantity,
 														isAnnual,
 													).toFixed(2)}
 													/{isAnnual ? "yr" : "mo"}
@@ -701,8 +692,7 @@ export const ShowBilling = () => {
 													<p className="text-xs text-muted-foreground mt-2">
 														$
 														{(
-															calculatePriceHobby(hobbyServerQuantity, true) /
-															12
+															calculatePriceHobby(serverQuantity, true) / 12
 														).toFixed(2)}
 														/mo
 													</p>
@@ -734,19 +724,19 @@ export const ShowBilling = () => {
 														Servers:
 													</span>
 													<Button
-														disabled={hobbyServerQuantity <= 1}
+														disabled={serverQuantity <= 1}
 														variant="outline"
 														size="icon"
 														onClick={() =>
-															setHobbyServerQuantity((q) => Math.max(1, q - 1))
+															setServerQuantity((q) => Math.max(1, q - 1))
 														}
 													>
 														<MinusIcon className="h-4 w-4" />
 													</Button>
 													<NumberInput
-														value={hobbyServerQuantity}
+														value={serverQuantity}
 														onChange={(e) =>
-															setHobbyServerQuantity(
+															setServerQuantity(
 																Math.max(
 																	1,
 																	Number(
@@ -760,7 +750,7 @@ export const ShowBilling = () => {
 													<Button
 														variant="outline"
 														size="icon"
-														onClick={() => setHobbyServerQuantity((q) => q + 1)}
+														onClick={() => setServerQuantity((q) => q + 1)}
 													>
 														<PlusIcon className="h-4 w-4" />
 													</Button>
@@ -785,7 +775,7 @@ export const ShowBilling = () => {
 															onClick={() =>
 																handleCheckout("hobby", data!.hobbyProductId!)
 															}
-															disabled={hobbyServerQuantity < 1}
+															disabled={serverQuantity < 1}
 														>
 															Get Started
 														</Button>
@@ -816,7 +806,7 @@ export const ShowBilling = () => {
 												<p className="text-2xl font-semibold text-foreground">
 													$
 													{calculatePriceStartup(
-														startupServerQuantity,
+														serverQuantity,
 														isAnnual,
 													).toFixed(2)}
 													/{isAnnual ? "yr" : "mo"}
@@ -829,10 +819,7 @@ export const ShowBilling = () => {
 													<p className="text-xs text-muted-foreground mt-2">
 														$
 														{(
-															calculatePriceStartup(
-																startupServerQuantity,
-																true,
-															) / 12
+															calculatePriceStartup(serverQuantity, true) / 12
 														).toFixed(2)}
 														/mo
 													</p>
@@ -869,14 +856,13 @@ export const ShowBilling = () => {
 													<div className="flex items-center gap-2">
 														<Button
 															disabled={
-																startupServerQuantity <=
-																STARTUP_SERVERS_INCLUDED
+																serverQuantity <= STARTUP_SERVERS_INCLUDED
 															}
 															variant="outline"
 															size="icon"
 															className="h-8 w-8"
 															onClick={() =>
-																setStartupServerQuantity((q) =>
+																setServerQuantity((q) =>
 																	Math.max(STARTUP_SERVERS_INCLUDED, q - 1),
 																)
 															}
@@ -884,9 +870,9 @@ export const ShowBilling = () => {
 															<MinusIcon className="h-4 w-4" />
 														</Button>
 														<NumberInput
-															value={startupServerQuantity}
+															value={serverQuantity}
 															onChange={(e) =>
-																setStartupServerQuantity(
+																setServerQuantity(
 																	Math.max(
 																		STARTUP_SERVERS_INCLUDED,
 																		Number(
@@ -901,9 +887,7 @@ export const ShowBilling = () => {
 															variant="outline"
 															size="icon"
 															className="h-8 w-8"
-															onClick={() =>
-																setStartupServerQuantity((q) => q + 1)
-															}
+															onClick={() => setServerQuantity((q) => q + 1)}
 														>
 															<PlusIcon className="h-4 w-4" />
 														</Button>
@@ -933,7 +917,7 @@ export const ShowBilling = () => {
 																)
 															}
 															disabled={
-																startupServerQuantity < STARTUP_SERVERS_INCLUDED
+																serverQuantity < STARTUP_SERVERS_INCLUDED
 															}
 														>
 															Get Started
@@ -1025,7 +1009,7 @@ export const ShowBilling = () => {
 															<p className="text-2xl font-semibold tracking-tight text-primary ">
 																${" "}
 																{calculatePrice(
-																	hobbyServerQuantity,
+																	serverQuantity,
 																	isAnnual,
 																).toFixed(2)}{" "}
 																USD
@@ -1034,10 +1018,7 @@ export const ShowBilling = () => {
 															<p className="text-base font-semibold tracking-tight text-muted-foreground">
 																${" "}
 																{(
-																	calculatePrice(
-																		hobbyServerQuantity,
-																		isAnnual,
-																	) / 12
+																	calculatePrice(serverQuantity, isAnnual) / 12
 																).toFixed(2)}{" "}
 																/ Month USD
 															</p>
@@ -1045,10 +1026,9 @@ export const ShowBilling = () => {
 													) : (
 														<p className="text-2xl font-semibold tracking-tight text-primary ">
 															${" "}
-															{calculatePrice(
-																hobbyServerQuantity,
-																isAnnual,
-															).toFixed(2)}{" "}
+															{calculatePrice(serverQuantity, isAnnual).toFixed(
+																2,
+															)}{" "}
 															USD
 														</p>
 													)}
@@ -1091,28 +1071,26 @@ export const ShowBilling = () => {
 													<div className="flex flex-col gap-2 mt-4">
 														<div className="flex items-center gap-2 justify-center">
 															<span className="text-sm text-muted-foreground">
-																{hobbyServerQuantity} Servers
+																{serverQuantity} Servers
 															</span>
 														</div>

 														<div className="flex items-center space-x-2">
 															<Button
-																disabled={hobbyServerQuantity <= 1}
+																disabled={serverQuantity <= 1}
 																variant="outline"
 																onClick={() => {
-																	if (hobbyServerQuantity <= 1) return;
+																	if (serverQuantity <= 1) return;

-																	setHobbyServerQuantity(
-																		hobbyServerQuantity - 1,
-																	);
+																	setServerQuantity(serverQuantity - 1);
 																}}
 															>
 																<MinusIcon className="h-4 w-4" />
 															</Button>
 															<NumberInput
-																value={hobbyServerQuantity}
+																value={serverQuantity}
 																onChange={(e) => {
-																	setHobbyServerQuantity(
+																	setServerQuantity(
 																		e.target.value as unknown as number,
 																	);
 																}}
@@ -1121,9 +1099,7 @@ export const ShowBilling = () => {
 															<Button
 																variant="outline"
 																onClick={() => {
-																	setHobbyServerQuantity(
-																		hobbyServerQuantity + 1,
-																	);
+																	setServerQuantity(serverQuantity + 1);
 																}}
 															>
 																<PlusIcon className="h-4 w-4" />
@@ -1149,7 +1125,7 @@ export const ShowBilling = () => {
 																	onClick={async () => {
 																		handleCheckout("legacy", product.id);
 																	}}
-																	disabled={hobbyServerQuantity < 1}
+																	disabled={serverQuantity < 1}
 																>
 																	Subscribe
 																</Button>
--- a/apps/dokploy/components/dashboard/settings/certificates/show-certificates.tsx
+++ b/apps/dokploy/components/dashboard/settings/certificates/show-certificates.tsx
@@ -18,7 +18,6 @@ export const ShowCertificates = () => {
 	const { mutateAsync, isPending: isRemoving } =
 		api.certificates.remove.useMutation();
 	const { data, isPending, refetch } = api.certificates.all.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	return (
 		<div className="w-full">
@@ -54,7 +53,7 @@ export const ShowCertificates = () => {
 										<span className="text-base text-muted-foreground text-center">
 											You don't have any certificates created
 										</span>
-										{permissions?.certificate.create && <AddCertificate />}
+										<AddCertificate />
 									</div>
 								) : (
 									<div className="flex flex-col gap-4  min-h-[25vh]">
@@ -102,52 +101,47 @@ export const ShowCertificates = () => {
 																</div>
 															</div>

-															{permissions?.certificate.delete && (
-																<div className="flex flex-row gap-1">
-																	<DialogAction
-																		title="Delete Certificate"
-																		description="Are you sure you want to delete this certificate?"
-																		type="destructive"
-																		onClick={async () => {
-																			await mutateAsync({
-																				certificateId:
-																					certificate.certificateId,
+															<div className="flex flex-row gap-1">
+																<DialogAction
+																	title="Delete Certificate"
+																	description="Are you sure you want to delete this certificate?"
+																	type="destructive"
+																	onClick={async () => {
+																		await mutateAsync({
+																			certificateId: certificate.certificateId,
+																		})
+																			.then(() => {
+																				toast.success(
+																					"Certificate deleted successfully",
+																				);
+																				refetch();
 																			})
-																				.then(() => {
-																					toast.success(
-																						"Certificate deleted successfully",
-																					);
-																					refetch();
-																				})
-																				.catch(() => {
-																					toast.error(
-																						"Error deleting certificate",
-																					);
-																				});
-																		}}
+																			.catch(() => {
+																				toast.error(
+																					"Error deleting certificate",
+																				);
+																			});
+																	}}
+																>
+																	<Button
+																		variant="ghost"
+																		size="icon"
+																		className="group hover:bg-red-500/10 "
+																		isLoading={isRemoving}
 																	>
-																		<Button
-																			variant="ghost"
-																			size="icon"
-																			className="group hover:bg-red-500/10 "
-																			isLoading={isRemoving}
-																		>
-																			<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																		</Button>
-																	</DialogAction>
-																</div>
-															)}
+																		<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+																	</Button>
+																</DialogAction>
+															</div>
 														</div>
 													</div>
 												);
 											})}
 										</div>

-										{permissions?.certificate.create && (
-											<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
-												<AddCertificate />
-											</div>
-										)}
+										<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
+											<AddCertificate />
+										</div>
 									</div>
 								)}
 							</>
--- a/apps/dokploy/components/dashboard/settings/cluster/registry/show-registry.tsx
+++ b/apps/dokploy/components/dashboard/settings/cluster/registry/show-registry.tsx
@@ -16,7 +16,6 @@ export const ShowRegistry = () => {
 	const { mutateAsync, isPending: isRemoving } =
 		api.registry.remove.useMutation();
 	const { data, isPending, refetch } = api.registry.all.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	return (
 		<div className="w-full">
@@ -45,7 +44,7 @@ export const ShowRegistry = () => {
 										<span className="text-base text-muted-foreground text-center">
 											You don't have any registry configurations
 										</span>
-										{permissions?.registry.create && <HandleRegistry />}
+										<HandleRegistry />
 									</div>
 								) : (
 									<div className="flex flex-col gap-4  min-h-[25vh]">
@@ -74,49 +73,45 @@ export const ShowRegistry = () => {
 																registryId={registry.registryId}
 															/>

-															{permissions?.registry.delete && (
-																<DialogAction
-																	title="Delete Registry"
-																	description="Are you sure you want to delete this registry configuration?"
-																	type="destructive"
-																	onClick={async () => {
-																		await mutateAsync({
-																			registryId: registry.registryId,
+															<DialogAction
+																title="Delete Registry"
+																description="Are you sure you want to delete this registry configuration?"
+																type="destructive"
+																onClick={async () => {
+																	await mutateAsync({
+																		registryId: registry.registryId,
+																	})
+																		.then(() => {
+																			toast.success(
+																				"Registry configuration deleted successfully",
+																			);
+																			refetch();
 																		})
-																			.then(() => {
-																				toast.success(
-																					"Registry configuration deleted successfully",
-																				);
-																				refetch();
-																			})
-																			.catch(() => {
-																				toast.error(
-																					"Error deleting registry configuration",
-																				);
-																			});
-																	}}
+																		.catch(() => {
+																			toast.error(
+																				"Error deleting registry configuration",
+																			);
+																		});
+																}}
+															>
+																<Button
+																	variant="ghost"
+																	size="icon"
+																	className="group hover:bg-red-500/10 "
+																	isLoading={isRemoving}
 																>
-																	<Button
-																		variant="ghost"
-																		size="icon"
-																		className="group hover:bg-red-500/10 "
-																		isLoading={isRemoving}
-																	>
-																		<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																	</Button>
-																</DialogAction>
-															)}
+																	<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+																</Button>
+															</DialogAction>
 														</div>
 													</div>
 												</div>
 											))}
 										</div>

-										{permissions?.registry.create && (
-											<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
-												<HandleRegistry />
-											</div>
-										)}
+										<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
+											<HandleRegistry />
+										</div>
 									</div>
 								)}
 							</>
--- a/apps/dokploy/components/dashboard/settings/destination/show-destinations.tsx
+++ b/apps/dokploy/components/dashboard/settings/destination/show-destinations.tsx
@@ -16,7 +16,6 @@ export const ShowDestinations = () => {
 	const { data, isPending, refetch } = api.destination.all.useQuery();
 	const { mutateAsync, isPending: isRemoving } =
 		api.destination.remove.useMutation();
-	const { data: permissions } = api.user.getPermissions.useQuery();
 	return (
 		<div className="w-full">
 			<Card className="h-full bg-sidebar  p-2.5 rounded-xl  max-w-5xl mx-auto">
@@ -46,7 +45,7 @@ export const ShowDestinations = () => {
 											To create a backup it is required to set at least 1
 											provider.
 										</span>
-										{permissions?.destination.create && <HandleDestinations />}
+										<HandleDestinations />
 									</div>
 								) : (
 									<div className="flex flex-col gap-4  min-h-[25vh]">
@@ -72,49 +71,43 @@ export const ShowDestinations = () => {
 															<HandleDestinations
 																destinationId={destination.destinationId}
 															/>
-															{permissions?.destination.delete && (
-																<DialogAction
-																	title="Delete Destination"
-																	description="Are you sure you want to delete this destination?"
-																	type="destructive"
-																	onClick={async () => {
-																		await mutateAsync({
-																			destinationId: destination.destinationId,
+															<DialogAction
+																title="Delete Destination"
+																description="Are you sure you want to delete this destination?"
+																type="destructive"
+																onClick={async () => {
+																	await mutateAsync({
+																		destinationId: destination.destinationId,
+																	})
+																		.then(() => {
+																			toast.success(
+																				"Destination deleted successfully",
+																			);
+																			refetch();
 																		})
-																			.then(() => {
-																				toast.success(
-																					"Destination deleted successfully",
-																				);
-																				refetch();
-																			})
-																			.catch(() => {
-																				toast.error(
-																					"Error deleting destination",
-																				);
-																			});
-																	}}
+																		.catch(() => {
+																			toast.error("Error deleting destination");
+																		});
+																}}
+															>
+																<Button
+																	variant="ghost"
+																	size="icon"
+																	className="group hover:bg-red-500/10 "
+																	isLoading={isRemoving}
 																>
-																	<Button
-																		variant="ghost"
-																		size="icon"
-																		className="group hover:bg-red-500/10 "
-																		isLoading={isRemoving}
-																	>
-																		<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																	</Button>
-																</DialogAction>
-															)}
+																	<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+																</Button>
+															</DialogAction>
 														</div>
 													</div>
 												</div>
 											))}
 										</div>

-										{permissions?.destination.create && (
-											<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
-												<HandleDestinations />
-											</div>
-										)}
+										<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
+											<HandleDestinations />
+										</div>
 									</div>
 								)}
 							</>
--- a/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx
+++ b/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx
@@ -737,9 +737,6 @@ export const HandleNotifications = ({ notificationId }: Props) => {
 					});
 					setVisible(false);
 					await utils.notification.all.invalidate();
-					if (notificationId) {
-						await utils.notification.one.invalidate({ notificationId });
-					}
 				})
 				.catch(() => {
 					toast.error(
--- a/apps/dokploy/components/dashboard/settings/notifications/show-notifications.tsx
+++ b/apps/dokploy/components/dashboard/settings/notifications/show-notifications.tsx
@@ -26,7 +26,6 @@ export const ShowNotifications = () => {
 	const { data, isPending, refetch } = api.notification.all.useQuery();
 	const { mutateAsync, isPending: isRemoving } =
 		api.notification.remove.useMutation();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	return (
 		<div className="w-full">
@@ -57,9 +56,7 @@ export const ShowNotifications = () => {
 											To send notifications it is required to set at least 1
 											provider.
 										</span>
-										{permissions?.notification.create && (
-											<HandleNotifications />
-										)}
+										<HandleNotifications />
 									</div>
 								) : (
 									<div className="flex flex-col gap-4 min-h-[25vh]">
@@ -129,50 +126,45 @@ export const ShowNotifications = () => {
 																notificationId={notification.notificationId}
 															/>

-															{permissions?.notification.delete && (
-																<DialogAction
-																	title="Delete Notification"
-																	description="Are you sure you want to delete this notification?"
-																	type="destructive"
-																	onClick={async () => {
-																		await mutateAsync({
-																			notificationId:
-																				notification.notificationId,
+															<DialogAction
+																title="Delete Notification"
+																description="Are you sure you want to delete this notification?"
+																type="destructive"
+																onClick={async () => {
+																	await mutateAsync({
+																		notificationId: notification.notificationId,
+																	})
+																		.then(() => {
+																			toast.success(
+																				"Notification deleted successfully",
+																			);
+																			refetch();
 																		})
-																			.then(() => {
-																				toast.success(
-																					"Notification deleted successfully",
-																				);
-																				refetch();
-																			})
-																			.catch(() => {
-																				toast.error(
-																					"Error deleting notification",
-																				);
-																			});
-																	}}
+																		.catch(() => {
+																			toast.error(
+																				"Error deleting notification",
+																			);
+																		});
+																}}
+															>
+																<Button
+																	variant="ghost"
+																	size="icon"
+																	className="group hover:bg-red-500/10 "
+																	isLoading={isRemoving}
 																>
-																	<Button
-																		variant="ghost"
-																		size="icon"
-																		className="group hover:bg-red-500/10 "
-																		isLoading={isRemoving}
-																	>
-																		<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																	</Button>
-																</DialogAction>
-															)}
+																	<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+																</Button>
+															</DialogAction>
 														</div>
 													</div>
 												</div>
 											))}
 										</div>

-										{permissions?.notification.create && (
-											<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
-												<HandleNotifications />
-											</div>
-										)}
+										<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
+											<HandleNotifications />
+										</div>
 									</div>
 								)}
 							</>
--- a/apps/dokploy/components/dashboard/settings/servers/show-servers.tsx
+++ b/apps/dokploy/components/dashboard/settings/servers/show-servers.tsx
@@ -59,7 +59,6 @@ export const ShowServers = () => {
 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: canCreateMoreServers } =
 		api.stripe.canCreateMoreServers.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	return (
 		<div className="w-full">
@@ -116,7 +115,7 @@ export const ShowServers = () => {
 													Start adding servers to deploy your applications
 													remotely.
 												</span>
-												{permissions?.server.create && <HandleServers />}
+												<HandleServers />
 											</div>
 										) : (
 											<div className="flex flex-col gap-4 min-h-[25vh]">
@@ -363,71 +362,66 @@ export const ShowServers = () => {

 																				<div className="flex-1" />

-																				{permissions?.server.delete && (
-																					<Tooltip>
-																						<TooltipTrigger asChild>
-																							<div>
-																								<DialogAction
-																									disabled={!canDelete}
-																									title={
-																										canDelete
-																											? "Delete Server"
-																											: "Server has active services"
-																									}
-																									description={
-																										canDelete ? (
-																											"This will delete the server and all associated data"
-																										) : (
-																											<div className="flex flex-col gap-2">
-																												You can not delete this
-																												server because it has
-																												active services.
-																												<AlertBlock type="warning">
-																													You have active
-																													services associated
-																													with this server,
-																													please delete them
-																													first.
-																												</AlertBlock>
-																											</div>
-																										)
-																									}
-																									onClick={async () => {
-																										await mutateAsync({
-																											serverId: server.serverId,
+																				<Tooltip>
+																					<TooltipTrigger asChild>
+																						<div>
+																							<DialogAction
+																								disabled={!canDelete}
+																								title={
+																									canDelete
+																										? "Delete Server"
+																										: "Server has active services"
+																								}
+																								description={
+																									canDelete ? (
+																										"This will delete the server and all associated data"
+																									) : (
+																										<div className="flex flex-col gap-2">
+																											You can not delete this
+																											server because it has
+																											active services.
+																											<AlertBlock type="warning">
+																												You have active services
+																												associated with this
+																												server, please delete
+																												them first.
+																											</AlertBlock>
+																										</div>
+																									)
+																								}
+																								onClick={async () => {
+																									await mutateAsync({
+																										serverId: server.serverId,
+																									})
+																										.then(() => {
+																											refetch();
+																											toast.success(
+																												`Server ${server.name} deleted successfully`,
+																											);
 																										})
-																											.then(() => {
-																												refetch();
-																												toast.success(
-																													`Server ${server.name} deleted successfully`,
-																												);
-																											})
-																											.catch((err) => {
-																												toast.error(
-																													err.message,
-																												);
-																											});
-																									}}
+																										.catch((err) => {
+																											toast.error(err.message);
+																										});
+																								}}
+																							>
+																								<Button
+																									variant="ghost"
+																									size="icon"
+																									className={`h-9 w-9 ${canDelete ? "text-destructive hover:text-destructive hover:bg-destructive/10" : "text-muted-foreground hover:bg-muted"}`}
 																								>
-																									<Button
-																										variant="ghost"
-																										size="icon"
-																										className={`h-9 w-9 ${canDelete ? "text-destructive hover:text-destructive hover:bg-destructive/10" : "text-muted-foreground hover:bg-muted"}`}
-																									>
-																										<Trash2 className="h-4 w-4" />
-																									</Button>
-																								</DialogAction>
-																							</div>
-																						</TooltipTrigger>
-																						<TooltipContent>
-																							<p>
-																								{canDelete
-																									? "Delete Server"
-																									: "Cannot delete - has active services"}
-																							</p>
-																						</TooltipContent>
-																					</Tooltip>
-																				)}
+																									<Trash2 className="h-4 w-4" />
+																								</Button>
+																							</DialogAction>
+																						</div>
+																					</TooltipTrigger>
+																					<TooltipContent>
+																						<p>
+																							{canDelete
+																								? "Delete Server"
+																								: "Cannot delete - has active services"}
+																						</p>
+																					</TooltipContent>
+																				</Tooltip>
 																			</TooltipProvider>
 																		</div>
 																	)}
@@ -437,15 +431,13 @@ export const ShowServers = () => {
 													})}
 												</div>

-												{permissions?.server.create && (
-													<div className="flex flex-row gap-2 flex-wrap w-full justify-end mt-4">
-														{data && data?.length > 0 && (
-															<div>
-																<HandleServers />
-															</div>
-														)}
-													</div>
-												)}
+												<div className="flex flex-row gap-2 flex-wrap w-full justify-end mt-4">
+													{data && data?.length > 0 && (
+														<div>
+															<HandleServers />
+														</div>
+													)}
+												</div>
 											</div>
 										)}
 									</>
--- a/apps/dokploy/components/dashboard/settings/ssh-keys/show-ssh-keys.tsx
+++ b/apps/dokploy/components/dashboard/settings/ssh-keys/show-ssh-keys.tsx
@@ -17,7 +17,6 @@ export const ShowDestinations = () => {
 	const { data, isPending, refetch } = api.sshKey.all.useQuery();
 	const { mutateAsync, isPending: isRemoving } =
 		api.sshKey.remove.useMutation();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	return (
 		<div className="w-full">
@@ -47,7 +46,7 @@ export const ShowDestinations = () => {
 										<span className="text-base text-muted-foreground text-center">
 											You don't have any SSH keys
 										</span>
-										{permissions?.sshKeys.create && <HandleSSHKeys />}
+										<HandleSSHKeys />
 									</div>
 								) : (
 									<div className="flex flex-col gap-4  min-h-[25vh]">
@@ -85,47 +84,43 @@ export const ShowDestinations = () => {
 														<div className="flex flex-row gap-1">
 															<HandleSSHKeys sshKeyId={sshKey.sshKeyId} />

-															{permissions?.sshKeys.delete && (
-																<DialogAction
-																	title="Delete SSH Key"
-																	description="Are you sure you want to delete this SSH Key?"
-																	type="destructive"
-																	onClick={async () => {
-																		await mutateAsync({
-																			sshKeyId: sshKey.sshKeyId,
+															<DialogAction
+																title="Delete SSH Key"
+																description="Are you sure you want to delete this SSH Key?"
+																type="destructive"
+																onClick={async () => {
+																	await mutateAsync({
+																		sshKeyId: sshKey.sshKeyId,
+																	})
+																		.then(() => {
+																			toast.success(
+																				"SSH Key deleted successfully",
+																			);
+																			refetch();
 																		})
-																			.then(() => {
-																				toast.success(
-																					"SSH Key deleted successfully",
-																				);
-																				refetch();
-																			})
-																			.catch(() => {
-																				toast.error("Error deleting SSH Key");
-																			});
-																	}}
+																		.catch(() => {
+																			toast.error("Error deleting SSH Key");
+																		});
+																}}
+															>
+																<Button
+																	variant="ghost"
+																	size="icon"
+																	className="group hover:bg-red-500/10 "
+																	isLoading={isRemoving}
 																>
-																	<Button
-																		variant="ghost"
-																		size="icon"
-																		className="group hover:bg-red-500/10 "
-																		isLoading={isRemoving}
-																	>
-																		<Trash2 className="size-4 text-primary group-hover:text-red-500" />
-																	</Button>
-																</DialogAction>
-															)}
+																	<Trash2 className="size-4 text-primary group-hover:text-red-500" />
+																</Button>
+															</DialogAction>
 														</div>
 													</div>
 												</div>
 											))}
 										</div>

-										{permissions?.sshKeys.create && (
-											<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
-												<HandleSSHKeys />
-											</div>
-										)}
+										<div className="flex flex-row gap-2 flex-wrap w-full justify-end mr-4">
+											<HandleSSHKeys />
+										</div>
 									</div>
 								)}
 							</>
--- a/apps/dokploy/components/dashboard/settings/users/add-invitation.tsx
+++ b/apps/dokploy/components/dashboard/settings/users/add-invitation.tsx
@@ -32,6 +32,7 @@ import {
 	SelectTrigger,
 	SelectValue,
 } from "@/components/ui/select";
+import { authClient } from "@/lib/auth-client";
 import { api } from "@/utils/api";

 const addInvitation = z.object({
@@ -39,7 +40,7 @@ const addInvitation = z.object({
 		.string()
 		.min(1, "Email is required")
 		.email({ message: "Invalid email" }),
-	role: z.string().min(1, "Role is required"),
+	role: z.enum(["member", "admin"]),
 	notificationId: z.string().optional(),
 });

@@ -48,14 +49,13 @@ type AddInvitation = z.infer<typeof addInvitation>;
 export const AddInvitation = () => {
 	const [open, setOpen] = useState(false);
 	const utils = api.useUtils();
+	const [isLoading, setIsLoading] = useState(false);
 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: emailProviders } =
 		api.notification.getEmailProviders.useQuery();
-	const { mutateAsync: inviteMember, isPending: isInviting } =
-		api.organization.inviteMember.useMutation();
 	const { mutateAsync: sendInvitation } = api.user.sendInvitation.useMutation();
-	const { data: customRoles } = api.customRole.all.useQuery();
 	const [error, setError] = useState<string | null>(null);
+	const { data: activeOrganization } = api.organization.active.useQuery();

 	const form = useForm<AddInvitation>({
 		defaultValues: {
@@ -70,15 +70,19 @@ export const AddInvitation = () => {
 	}, [form, form.formState.isSubmitSuccessful, form.reset]);

 	const onSubmit = async (data: AddInvitation) => {
-		try {
-			const result = await inviteMember({
-				email: data.email.toLowerCase(),
-				role: data.role,
-			});
+		setIsLoading(true);
+		const result = await authClient.organization.inviteMember({
+			email: data.email.toLowerCase(),
+			role: data.role,
+			organizationId: activeOrganization?.id,
+		});

+		if (result.error) {
+			setError(result.error.message || "");
+		} else {
 			if (!isCloud && data.notificationId) {
 				await sendInvitation({
-					invitationId: result!.id,
+					invitationId: result.data.id,
 					notificationId: data.notificationId || "",
 				})
 					.then(() => {
@@ -92,11 +96,10 @@ export const AddInvitation = () => {
 			}
 			setError(null);
 			setOpen(false);
-		} catch (error: any) {
-			setError(error.message || "Failed to create invitation");
 		}

 		utils.organization.allInvitations.invalidate();
+		setIsLoading(false);
 	};
 	return (
 		<Dialog open={open} onOpenChange={setOpen}>
@@ -156,11 +159,6 @@ export const AddInvitation = () => {
 											<SelectContent>
 												<SelectItem value="member">Member</SelectItem>
 												<SelectItem value="admin">Admin</SelectItem>
-												{customRoles?.map((role) => (
-													<SelectItem key={role.role} value={role.role}>
-														{role.role}
-													</SelectItem>
-												))}
 											</SelectContent>
 										</Select>
 										<FormDescription>
@@ -214,7 +212,7 @@ export const AddInvitation = () => {
 						)}
 						<DialogFooter className="flex w-full flex-row">
 							<Button
-								isLoading={isInviting}
+								isLoading={isLoading}
 								form="hook-form-add-invitation"
 								type="submit"
 							>
--- a/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx
+++ b/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx
@@ -173,11 +173,9 @@ type AddPermissions = z.infer<typeof addPermissions>;

 interface Props {
 	userId: string;
-	role?: string;
 }

-export const AddUserPermissions = ({ userId, role }: Props) => {
-	const isCustomRole = !!role && !["owner", "admin", "member"].includes(role);
+export const AddUserPermissions = ({ userId }: Props) => {
 	const [isOpen, setIsOpen] = useState(false);
 	const { data: projects } = api.project.allForPermissions.useQuery(undefined, {
 		enabled: isOpen,
@@ -286,237 +284,226 @@ export const AddUserPermissions = ({ userId, role }: Props) => {
 						onSubmit={form.handleSubmit(onSubmit)}
 						className="grid  grid-cols-1 md:grid-cols-2  w-full gap-4"
 					>
-						{isCustomRole && (
-							<div className="md:col-span-2 rounded-lg border p-3 bg-muted/50 text-sm text-muted-foreground">
-								This user has a custom role assigned. Capabilities are defined
-								by the role. You can still manage which projects, environments,
-								and services they can access below.
-							</div>
-						)}
-						{!isCustomRole && (
-							<>
-								<FormField
-									control={form.control}
-									name="canCreateProjects"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Create Projects</FormLabel>
-												<FormDescription>
-													Allow the user to create projects
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canDeleteProjects"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Delete Projects</FormLabel>
-												<FormDescription>
-													Allow the user to delete projects
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canCreateServices"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Create Services</FormLabel>
-												<FormDescription>
-													Allow the user to create services
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canDeleteServices"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Delete Services</FormLabel>
-												<FormDescription>
-													Allow the user to delete services
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canCreateEnvironments"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Create Environments</FormLabel>
-												<FormDescription>
-													Allow the user to create environments
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canDeleteEnvironments"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Delete Environments</FormLabel>
-												<FormDescription>
-													Allow the user to delete environments
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canAccessToTraefikFiles"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Access to Traefik Files</FormLabel>
-												<FormDescription>
-													Allow the user to access to the Traefik Tab Files
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canAccessToDocker"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Access to Docker</FormLabel>
-												<FormDescription>
-													Allow the user to access to the Docker Tab
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canAccessToAPI"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Access to API/CLI</FormLabel>
-												<FormDescription>
-													Allow the user to access to the API/CLI
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canAccessToSSHKeys"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Access to SSH Keys</FormLabel>
-												<FormDescription>
-													Allow to users to access to the SSH Keys section
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-								<FormField
-									control={form.control}
-									name="canAccessToGitProviders"
-									render={({ field }) => (
-										<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
-											<div className="space-y-0.5">
-												<FormLabel>Access to Git Providers</FormLabel>
-												<FormDescription>
-													Allow to users to access to the Git Providers section
-												</FormDescription>
-											</div>
-											<FormControl>
-												<Switch
-													checked={field.value}
-													onCheckedChange={field.onChange}
-												/>
-											</FormControl>
-										</FormItem>
-									)}
-								/>
-							</>
-						)}
+						<FormField
+							control={form.control}
+							name="canCreateProjects"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Create Projects</FormLabel>
+										<FormDescription>
+											Allow the user to create projects
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canDeleteProjects"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Delete Projects</FormLabel>
+										<FormDescription>
+											Allow the user to delete projects
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canCreateServices"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Create Services</FormLabel>
+										<FormDescription>
+											Allow the user to create services
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canDeleteServices"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Delete Services</FormLabel>
+										<FormDescription>
+											Allow the user to delete services
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canCreateEnvironments"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Create Environments</FormLabel>
+										<FormDescription>
+											Allow the user to create environments
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canDeleteEnvironments"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Delete Environments</FormLabel>
+										<FormDescription>
+											Allow the user to delete environments
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canAccessToTraefikFiles"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to Traefik Files</FormLabel>
+										<FormDescription>
+											Allow the user to access to the Traefik Tab Files
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canAccessToDocker"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to Docker</FormLabel>
+										<FormDescription>
+											Allow the user to access to the Docker Tab
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canAccessToAPI"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to API/CLI</FormLabel>
+										<FormDescription>
+											Allow the user to access to the API/CLI
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canAccessToSSHKeys"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to SSH Keys</FormLabel>
+										<FormDescription>
+											Allow to users to access to the SSH Keys section
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="canAccessToGitProviders"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to Git Providers</FormLabel>
+										<FormDescription>
+											Allow to users to access to the Git Providers section
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
 						<FormField
 							control={form.control}
 							name="accessedProjects"
--- a/apps/dokploy/components/dashboard/settings/users/change-role.tsx
+++ b/apps/dokploy/components/dashboard/settings/users/change-role.tsx
@@ -34,14 +34,14 @@ import {
 import { api } from "@/utils/api";

 const changeRoleSchema = z.object({
-	role: z.string().min(1),
+	role: z.enum(["admin", "member"]),
 });

 type ChangeRoleSchema = z.infer<typeof changeRoleSchema>;

 interface Props {
 	memberId: string;
-	currentRole: string;
+	currentRole: "admin" | "member";
 	userEmail: string;
 }

@@ -49,10 +49,6 @@ export const ChangeRole = ({ memberId, currentRole, userEmail }: Props) => {
 	const [isOpen, setIsOpen] = useState(false);
 	const utils = api.useUtils();

-	const { data: customRoles } = api.customRole.all.useQuery(undefined, {
-		enabled: isOpen,
-	});
-
 	const { mutateAsync, isError, error, isPending } =
 		api.organization.updateMemberRole.useMutation();

@@ -129,14 +125,6 @@ export const ChangeRole = ({ memberId, currentRole, userEmail }: Props) => {
 										<SelectContent>
 											<SelectItem value="admin">Admin</SelectItem>
 											<SelectItem value="member">Member</SelectItem>
-											{customRoles?.map((customRole) => (
-												<SelectItem
-													key={customRole.role}
-													value={customRole.role}
-												>
-													{customRole.role}
-												</SelectItem>
-											))}
 										</SelectContent>
 									</Select>
 									<FormDescription>
@@ -144,13 +132,6 @@ export const ChangeRole = ({ memberId, currentRole, userEmail }: Props) => {
 										<br />
 										<strong>Member:</strong> Limited permissions, can be
 										customized.
-										{customRoles && customRoles.length > 0 && (
-											<>
-												<br />
-												<strong>Custom roles:</strong> Enterprise-defined
-												permissions.
-											</>
-										)}
 										<br />
 										<em className="text-muted-foreground text-xs">
 											Note: Owner role is intransferible.
--- a/apps/dokploy/components/dashboard/settings/users/show-users.tsx
+++ b/apps/dokploy/components/dashboard/settings/users/show-users.tsx
@@ -1,7 +1,6 @@
 import { format } from "date-fns";
 import { Loader2, MoreHorizontal, Users } from "lucide-react";
 import { toast } from "sonner";
-import { AlertBlock } from "@/components/shared/alert-block";
 import { DialogAction } from "@/components/shared/dialog-action";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
@@ -36,20 +35,10 @@ export const ShowUsers = () => {
 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data, isPending, refetch } = api.user.all.useQuery();
 	const { mutateAsync } = api.user.remove.useMutation();
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const { data: hasValidLicense } =
-		api.licenseKey.haveValidLicenseKey.useQuery();

 	const utils = api.useUtils();
 	const { data: session } = api.user.session.useQuery();

-	const FREE_ROLES = ["owner", "admin", "member"];
-	const membersWithCustomRoles = data?.filter(
-		(member) => !FREE_ROLES.includes(member.role),
-	);
-	const hasCustomRolesWithoutLicense =
-		!hasValidLicense && (membersWithCustomRoles?.length ?? 0) > 0;
-
 	return (
 		<div className="w-full">
 			<Card className="h-full bg-sidebar  p-2.5 rounded-xl  max-w-5xl mx-auto">
@@ -80,18 +69,6 @@ export const ShowUsers = () => {
 									</div>
 								) : (
 									<div className="flex flex-col gap-4  min-h-[25vh]">
-										{hasCustomRolesWithoutLicense && (
-											<AlertBlock type="warning">
-												You have{" "}
-												{membersWithCustomRoles?.length === 1
-													? "1 user"
-													: `${membersWithCustomRoles?.length} users`}{" "}
-												assigned to custom roles. Custom roles will not work
-												without a valid Enterprise license. Please activate your
-												license or change these users to a free role (Admin or
-												Member).
-											</AlertBlock>
-										)}
 										<Table>
 											<TableHeader>
 												<TableRow>
@@ -112,39 +89,40 @@ export const ShowUsers = () => {
 													)?.role;

 													// Owner never has "Edit Permissions" (they're absolute owner)
-													// Other users can edit permissions if target is not themselves and target is a member/custom role
-													const isStaticAdminOrOwner =
-														member.role === "owner" || member.role === "admin";
+													// Other users can edit permissions if target is not themselves and target is a member
 													const canEditPermissions =
-														!isStaticAdminOrOwner &&
+														member.role !== "owner" &&
+														member.role === "member" &&
 														member.user.id !== session?.user?.id;

 													// Can change role based on hierarchy:
 													// - Owner: Can change anyone's role (except themselves and other owners)
-													// - Admin: Can only change member/custom roles (not other admins or owners)
+													// - Admin: Can only change member roles (not other admins or owners)
 													// - Owner role is intransferible
 													const canChangeRole =
 														member.role !== "owner" &&
 														member.user.id !== session?.user?.id &&
 														(currentUserRole === "owner" ||
 															(currentUserRole === "admin" &&
-																member.role !== "admin"));
+																member.role === "member"));

-													const canDeleteMember =
-														permissions?.member.delete ?? false;
+													// Delete/Unlink follow same hierarchy as role changes
+													// - Owner: Can delete/unlink anyone (except themselves and owner can't be deleted)
+													// - Admin: Can only delete/unlink members (not other admins or owner)
+													const canDelete =
+														member.role !== "owner" &&
+														!isCloud &&
+														member.user.id !== session?.user?.id &&
+														(currentUserRole === "owner" ||
+															(currentUserRole === "admin" &&
+																member.role === "member"));

-													// Self-hosted: "Delete User" removes the user entirely
-													// Cloud: "Unlink User" removes from the organization only
-													const canRemove =
+													const canUnlink =
 														member.role !== "owner" &&
 														member.user.id !== session?.user?.id &&
 														(currentUserRole === "owner" ||
 															(currentUserRole === "admin" &&
-																member.role !== "admin") ||
-															(canDeleteMember && !isStaticAdminOrOwner));
-
-													const canDelete = canRemove && !isCloud;
-													const canUnlink = canRemove && !!isCloud;
+																member.role === "member"));

 													const hasAnyAction =
 														canEditPermissions ||
@@ -156,11 +134,6 @@ export const ShowUsers = () => {
 														<TableRow key={member.id}>
 															<TableCell className="w-[100px]">
 																{member.user.email}
-																{member.user.id === session?.user?.id && (
-																	<span className="text-muted-foreground ml-1">
-																		(You)
-																	</span>
-																)}
 															</TableCell>
 															<TableCell className="text-center">
 																<Badge
@@ -206,7 +179,9 @@ export const ShowUsers = () => {
 																			{canChangeRole && (
 																				<ChangeRole
 																					memberId={member.id}
-																					currentRole={member.role}
+																					currentRole={
+																						member.role as "admin" | "member"
+																					}
 																					userEmail={member.user.email}
 																				/>
 																			)}
@@ -214,7 +189,6 @@ export const ShowUsers = () => {
 																			{canEditPermissions && (
 																				<AddUserPermissions
 																					userId={member.user.id}
-																					role={member.role}
 																				/>
 																			)}

--- a/apps/dokploy/components/layouts/side.tsx
+++ b/apps/dokploy/components/layouts/side.tsx
@@ -11,7 +11,6 @@ import {
 	ChevronRight,
 	ChevronsUpDown,
 	CircleHelp,
-	ClipboardList,
 	Clock,
 	CreditCard,
 	Database,
@@ -93,21 +92,13 @@ import { UserNav } from "./user-nav";

 // The types of the queries we are going to use
 type AuthQueryOutput = inferRouterOutputs<AppRouter>["user"]["get"];
-type PermissionsOutput =
-	inferRouterOutputs<AppRouter>["user"]["getPermissions"];
-
-type EnabledOpts = {
-	auth?: AuthQueryOutput;
-	permissions?: PermissionsOutput;
-	isCloud: boolean;
-};

 type SingleNavItem = {
 	isSingle?: true;
 	title: string;
 	url: string;
 	icon?: LucideIcon;
-	isEnabled?: (opts: EnabledOpts) => boolean;
+	isEnabled?: (opts: { auth?: AuthQueryOutput; isCloud: boolean }) => boolean;
 };

 // NavItem type
@@ -121,7 +112,10 @@ type NavItem =
 			title: string;
 			icon: LucideIcon;
 			items: SingleNavItem[];
-			isEnabled?: (opts: EnabledOpts) => boolean;
+			isEnabled?: (opts: {
+				auth?: AuthQueryOutput;
+				isCloud: boolean;
+			}) => boolean;
 	  };

 // ExternalLink type
@@ -130,7 +124,7 @@ type ExternalLink = {
 	name: string;
 	url: string;
 	icon: React.ComponentType<{ className?: string }>;
-	isEnabled?: (opts: EnabledOpts) => boolean;
+	isEnabled?: (opts: { auth?: AuthQueryOutput; isCloud: boolean }) => boolean;
 };

 // Menu type
@@ -158,16 +152,14 @@ const MENU: Menu = {
 			title: "Deployments",
 			url: "/dashboard/deployments",
 			icon: Rocket,
-			isEnabled: ({ permissions }) => !!permissions?.deployment.read,
 		},
 		{
 			isSingle: true,
 			title: "Monitoring",
 			url: "/dashboard/monitoring",
 			icon: BarChartHorizontalBigIcon,
-			// Only enabled in non-cloud environments and if user has monitoring.read
-			isEnabled: ({ isCloud, permissions }) =>
-				!isCloud && !!permissions?.monitoring.read,
+			// Only enabled in non-cloud environments
+			isEnabled: ({ isCloud }) => !isCloud,
 		},
 		{
 			isSingle: true,
@@ -175,44 +167,64 @@ const MENU: Menu = {
 			url: "/dashboard/schedules",
 			icon: Clock,
 			// Only enabled in non-cloud environments
-			isEnabled: ({ isCloud, permissions }) =>
-				!isCloud && !!permissions?.organization.update,
+			isEnabled: ({ isCloud, auth }) =>
+				!isCloud && (auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "Traefik File System",
 			url: "/dashboard/traefik",
 			icon: GalleryVerticalEnd,
-			// Only enabled for users with access to Traefik files in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.traefikFiles.read && !isCloud),
+			// Only enabled for admins and users with access to Traefik files in non-cloud environments
+			isEnabled: ({ auth, isCloud }) =>
+				!!(
+					(auth?.role === "owner" ||
+						auth?.role === "admin" ||
+						auth?.canAccessToTraefikFiles) &&
+					!isCloud
+				),
 		},
 		{
 			isSingle: true,
 			title: "Docker",
 			url: "/dashboard/docker",
 			icon: BlocksIcon,
-			// Only enabled for users with access to Docker in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.docker.read && !isCloud),
+			// Only enabled for admins and users with access to Docker in non-cloud environments
+			isEnabled: ({ auth, isCloud }) =>
+				!!(
+					(auth?.role === "owner" ||
+						auth?.role === "admin" ||
+						auth?.canAccessToDocker) &&
+					!isCloud
+				),
 		},
 		{
 			isSingle: true,
 			title: "Swarm",
 			url: "/dashboard/swarm",
 			icon: PieChart,
-			// Only enabled for users with access to Docker in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.docker.read && !isCloud),
+			// Only enabled for admins and users with access to Docker in non-cloud environments
+			isEnabled: ({ auth, isCloud }) =>
+				!!(
+					(auth?.role === "owner" ||
+						auth?.role === "admin" ||
+						auth?.canAccessToDocker) &&
+					!isCloud
+				),
 		},
 		{
 			isSingle: true,
 			title: "Requests",
 			url: "/dashboard/requests",
 			icon: Forward,
-			// Only enabled for users with access to Docker in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.docker.read && !isCloud),
+			// Only enabled for admins and users with access to Docker in non-cloud environments
+			isEnabled: ({ auth, isCloud }) =>
+				!!(
+					(auth?.role === "owner" ||
+						auth?.role === "admin" ||
+						auth?.canAccessToDocker) &&
+					!isCloud
+				),
 		},

 		// Legacy unused menu, adjusted to the new structure
@@ -279,8 +291,8 @@ const MENU: Menu = {
 			url: "/dashboard/settings/server",
 			icon: Activity,
 			// Only enabled for admins in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.organization.update && !isCloud),
+			isEnabled: ({ auth, isCloud }) =>
+				!!((auth?.role === "owner" || auth?.role === "admin") && !isCloud),
 		},
 		{
 			isSingle: true,
@@ -293,59 +305,70 @@ const MENU: Menu = {
 			title: "Remote Servers",
 			url: "/dashboard/settings/servers",
 			icon: Server,
-			isEnabled: ({ permissions }) => !!permissions?.server.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "Users",
 			icon: Users,
 			url: "/dashboard/settings/users",
-			// Only enabled for users with member.read permission
-			isEnabled: ({ permissions }) => !!permissions?.member.read,
-		},
-		{
-			isSingle: true,
-			title: "Audit Logs",
-			icon: ClipboardList,
-			url: "/dashboard/settings/audit-logs",
-			isEnabled: ({ permissions }) => !!permissions?.auditLog.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "SSH Keys",
 			icon: KeyRound,
 			url: "/dashboard/settings/ssh-keys",
-			// Only enabled for users with access to SSH keys
-			isEnabled: ({ permissions }) => !!permissions?.sshKeys.read,
+			// Only enabled for admins and users with access to SSH keys
+			isEnabled: ({ auth }) =>
+				!!(
+					auth?.role === "owner" ||
+					auth?.canAccessToSSHKeys ||
+					auth?.role === "admin"
+				),
 		},
 		{
 			title: "AI",
 			icon: BotIcon,
 			url: "/dashboard/settings/ai",
 			isSingle: true,
-			isEnabled: ({ permissions }) => !!permissions?.organization.update,
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "Git",
 			url: "/dashboard/settings/git-providers",
 			icon: GitBranch,
-			// Only enabled for users with access to Git providers
-			isEnabled: ({ permissions }) => !!permissions?.gitProviders.read,
+			// Only enabled for admins and users with access to Git providers
+			isEnabled: ({ auth }) =>
+				!!(
+					auth?.role === "owner" ||
+					auth?.canAccessToGitProviders ||
+					auth?.role === "admin"
+				),
 		},
 		{
 			isSingle: true,
 			title: "Registry",
 			url: "/dashboard/settings/registry",
 			icon: Package,
-			isEnabled: ({ permissions }) => !!permissions?.registry.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "S3 Destinations",
 			url: "/dashboard/settings/destinations",
 			icon: Database,
-			isEnabled: ({ permissions }) => !!permissions?.destination.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},

 		{
@@ -353,7 +376,9 @@ const MENU: Menu = {
 			title: "Certificates",
 			url: "/dashboard/settings/certificates",
 			icon: ShieldCheck,
-			isEnabled: ({ permissions }) => !!permissions?.certificate.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
@@ -361,23 +386,24 @@ const MENU: Menu = {
 			url: "/dashboard/settings/cluster",
 			icon: Boxes,
 			// Only enabled for admins in non-cloud environments
-			isEnabled: ({ permissions, isCloud }) =>
-				!!(permissions?.organization.update && !isCloud),
+			isEnabled: ({ auth, isCloud }) =>
+				!!((auth?.role === "owner" || auth?.role === "admin") && !isCloud),
 		},
 		{
 			isSingle: true,
 			title: "Notifications",
 			url: "/dashboard/settings/notifications",
 			icon: Bell,
-			// Only enabled for users with access to notifications
-			isEnabled: ({ permissions }) => !!permissions?.notification.read,
+			// Only enabled for admins
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
 			title: "Billing",
 			url: "/dashboard/settings/billing",
 			icon: CreditCard,
-			// Only enabled for owners in cloud environments
+			// Only enabled for admins in cloud environments
 			isEnabled: ({ auth, isCloud }) => !!(auth?.role === "owner" && isCloud),
 		},
 		{
@@ -385,7 +411,7 @@ const MENU: Menu = {
 			title: "License",
 			url: "/dashboard/settings/license",
 			icon: Key,
-			// Only enabled for owners
+			// Only enabled for admins in non-cloud environments
 			isEnabled: ({ auth }) => !!(auth?.role === "owner"),
 		},
 		{
@@ -394,7 +420,8 @@ const MENU: Menu = {
 			url: "/dashboard/settings/sso",
 			icon: LogIn,
 			// Enabled for admins in both cloud and self-hosted (enterprise)
-			isEnabled: ({ permissions }) => !!permissions?.organization.update,
+			isEnabled: ({ auth }) =>
+				!!(auth?.role === "owner" || auth?.role === "admin"),
 		},
 		{
 			isSingle: true,
@@ -426,7 +453,6 @@ const MENU: Menu = {
 */
 function createMenuForAuthUser(opts: {
 	auth?: AuthQueryOutput;
-	permissions?: PermissionsOutput;
 	isCloud: boolean;
 	whitelabeling?: {
 		docsUrl?: string | null;
@@ -435,7 +461,7 @@ function createMenuForAuthUser(opts: {
 }): Menu {
 	const filterEnabled = <
 		T extends {
-			isEnabled?: (o: EnabledOpts) => boolean;
+			isEnabled?: (o: { auth?: AuthQueryOutput; isCloud: boolean }) => boolean;
 		},
 	>(
 		items: readonly T[],
@@ -443,11 +469,7 @@ function createMenuForAuthUser(opts: {
 		items.filter((item) =>
 			!item.isEnabled
 				? true
-				: item.isEnabled({
-						auth: opts.auth,
-						permissions: opts.permissions,
-						isCloud: opts.isCloud,
-					}),
+				: item.isEnabled({ auth: opts.auth, isCloud: opts.isCloud }),
 		) as T[];

 	// Apply whitelabeling URL overrides to help items
@@ -545,7 +567,6 @@ function SidebarLogo() {
 	const { mutateAsync: setDefaultOrganization, isPending: isSettingDefault } =
 		api.organization.setDefault.useMutation();
 	const { isMobile } = useSidebar();
-	const isCollapsed = state === "collapsed" && !isMobile;
 	const { data: activeOrganization } = api.organization.active.useQuery();

 	const { data: invitations, refetch: refetchInvitations } =
@@ -571,7 +592,9 @@ function SidebarLogo() {
 				<SidebarMenu
 					className={cn(
 						"flex gap-2",
-						isCollapsed ? "flex-col" : "flex-row justify-between items-center",
+						state === "collapsed"
+							? "flex-col"
+							: "flex-row justify-between items-center",
 					)}
 				>
 					{/* Organization Logo and Selector */}
@@ -579,17 +602,17 @@ function SidebarLogo() {
 						<DropdownMenu>
 							<DropdownMenuTrigger asChild>
 								<SidebarMenuButton
-									size={isCollapsed ? "sm" : "lg"}
+									size={state === "collapsed" ? "sm" : "lg"}
 									className={cn(
 										"data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground",
-										isCollapsed &&
+										state === "collapsed" &&
 											"flex justify-center items-center p-2 h-10 w-10 mx-auto",
 									)}
 								>
 									<div
 										className={cn(
 											"flex items-center gap-2",
-											isCollapsed && "justify-center",
+											state === "collapsed" && "justify-center",
 										)}
 									>
 										<div
@@ -601,7 +624,7 @@ function SidebarLogo() {
 											<Logo
 												className={cn(
 													"transition-all",
-													isCollapsed ? "size-4" : "size-5",
+													state === "collapsed" ? "size-4" : "size-5",
 												)}
 												logoUrl={activeOrganization?.logo || undefined}
 											/>
@@ -609,7 +632,7 @@ function SidebarLogo() {
 										<div
 											className={cn(
 												"flex flex-col items-start",
-												isCollapsed && "hidden",
+												state === "collapsed" && "hidden",
 											)}
 										>
 											<p className="text-sm font-medium leading-none">
@@ -618,7 +641,7 @@ function SidebarLogo() {
 										</div>
 									</div>
 									<ChevronsUpDown
-										className={cn("ml-auto", isCollapsed && "hidden")}
+										className={cn("ml-auto", state === "collapsed" && "hidden")}
 									/>
 								</SidebarMenuButton>
 							</DropdownMenuTrigger>
@@ -767,7 +790,7 @@ function SidebarLogo() {
 					</SidebarMenuItem>

 					{/* Notification Bell */}
-					<SidebarMenuItem className={cn(isCollapsed && "mt-2")}>
+					<SidebarMenuItem className={cn(state === "collapsed" && "mt-2")}>
 						<DropdownMenu>
 							<DropdownMenuTrigger asChild>
 								<Button
@@ -775,7 +798,7 @@ function SidebarLogo() {
 									size="icon"
 									className={cn(
 										"relative",
-										isCollapsed && "h-8 w-8 p-1.5 mx-auto",
+										state === "collapsed" && "h-8 w-8 p-1.5 mx-auto",
 									)}
 								>
 									<Bell className="size-4" />
@@ -871,7 +894,6 @@ export default function Page({ children }: Props) {

 	const pathname = usePathname();
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();
 	const { data: dokployVersion } = api.settings.getDokployVersion.useQuery();
 	const { data: whitelabeling } = api.whitelabeling.get.useQuery(undefined, {
 		staleTime: 5 * 60 * 1000,
@@ -885,12 +907,7 @@ export default function Page({ children }: Props) {
 		home: filteredHome,
 		settings: filteredSettings,
 		help,
-	} = createMenuForAuthUser({
-		auth,
-		permissions,
-		isCloud: !!isCloud,
-		whitelabeling,
-	});
+	} = createMenuForAuthUser({ auth, isCloud: !!isCloud, whitelabeling });

 	const activeItem = findActiveNavItem(
 		[...filteredHome, ...filteredSettings],
@@ -1130,7 +1147,7 @@ export default function Page({ children }: Props) {
 				</SidebarContent>
 				<SidebarFooter>
 					<SidebarMenu className="flex flex-col gap-2">
-						{!isCloud && permissions?.organization.update && (
+						{!isCloud && (auth?.role === "owner" || auth?.role === "admin") && (
 							<SidebarMenuItem>
 								<UpdateServerButton />
 							</SidebarMenuItem>
@@ -1144,9 +1161,14 @@ export default function Page({ children }: Props) {
 							</div>
 						)}
 						{dokployVersion && (
-							<div className="px-3 text-xs text-muted-foreground text-center group-data-[collapsible=icon]:hidden">
-								Version {dokployVersion}
-							</div>
+							<>
+								<div className="px-3 text-xs text-muted-foreground text-center group-data-[collapsible=icon]:hidden">
+									Version {dokployVersion}
+								</div>
+								<div className="hidden text-xs text-muted-foreground text-center group-data-[collapsible=icon]:block">
+									{dokployVersion}
+								</div>
+							</>
 						)}
 					</SidebarMenu>
 				</SidebarFooter>
--- a/apps/dokploy/components/layouts/user-nav.tsx
+++ b/apps/dokploy/components/layouts/user-nav.tsx
@@ -21,7 +21,6 @@ const _AUTO_CHECK_UPDATES_INTERVAL_MINUTES = 7;
 export const UserNav = () => {
 	const router = useRouter();
 	const { data } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();
 	const { data: isCloud } = api.settings.isCloud.useQuery();

 	// const { mutateAsync } = api.auth.logout.useMutation();
@@ -95,7 +94,9 @@ export const UserNav = () => {
 							>
 								Monitoring
 							</DropdownMenuItem>
-							{permissions?.traefikFiles.read && (
+							{(data?.role === "owner" ||
+								data?.role === "admin" ||
+								data?.canAccessToTraefikFiles) && (
 								<DropdownMenuItem
 									className="cursor-pointer"
 									onClick={() => {
@@ -105,7 +106,9 @@ export const UserNav = () => {
 									Traefik
 								</DropdownMenuItem>
 							)}
-							{permissions?.docker.read && (
+							{(data?.role === "owner" ||
+								data?.role === "admin" ||
+								data?.canAccessToDocker) && (
 								<DropdownMenuItem
 									className="cursor-pointer"
 									onClick={() => {
@@ -119,7 +122,7 @@ export const UserNav = () => {
 							)}
 						</>
 					) : (
-						permissions?.organization.update && (
+						(data?.role === "owner" || data?.role === "admin") && (
 							<DropdownMenuItem
 								className="cursor-pointer"
 								onClick={() => {
--- a/apps/dokploy/components/proprietary/audit-logs/columns.tsx
+++ b/apps/dokploy/components/proprietary/audit-logs/columns.tsx
@@ -1,230 +0,0 @@
-"use client";
-
-import type { AuditLog } from "@dokploy/server/db/schema";
-import type { ColumnDef } from "@tanstack/react-table";
-import { format } from "date-fns";
-import {
-	ArrowUpDown,
-	FileJson,
-	LogIn,
-	LogOut,
-	PlusCircle,
-	RefreshCw,
-	RotateCcw,
-	Trash2,
-	Upload,
-	XCircle,
-} from "lucide-react";
-import React from "react";
-import { CodeEditor } from "@/components/shared/code-editor";
-import { Button } from "@/components/ui/button";
-import {
-	Dialog,
-	DialogContent,
-	DialogHeader,
-	DialogTitle,
-	DialogTrigger,
-} from "@/components/ui/dialog";
-
-const ACTION_CONFIG: Record<
-	string,
-	{ label: string; icon: React.ElementType; className: string }
-> = {
-	create: {
-		label: "Created",
-		icon: PlusCircle,
-		className:
-			"bg-emerald-500/10 text-emerald-600 dark:text-emerald-400 border-emerald-500/20",
-	},
-	update: {
-		label: "Updated",
-		icon: RefreshCw,
-		className:
-			"bg-blue-500/10 text-blue-600 dark:text-blue-400 border-blue-500/20",
-	},
-	delete: {
-		label: "Deleted",
-		icon: Trash2,
-		className: "bg-red-500/10 text-red-600 dark:text-red-400 border-red-500/20",
-	},
-	deploy: {
-		label: "Deployed",
-		icon: Upload,
-		className:
-			"bg-violet-500/10 text-violet-600 dark:text-violet-400 border-violet-500/20",
-	},
-	cancel: {
-		label: "Cancelled",
-		icon: XCircle,
-		className:
-			"bg-orange-500/10 text-orange-600 dark:text-orange-400 border-orange-500/20",
-	},
-	redeploy: {
-		label: "Redeployed",
-		icon: RotateCcw,
-		className:
-			"bg-violet-500/10 text-violet-600 dark:text-violet-400 border-violet-500/20",
-	},
-	login: {
-		label: "Login",
-		icon: LogIn,
-		className:
-			"bg-teal-500/10 text-teal-600 dark:text-teal-400 border-teal-500/20",
-	},
-	logout: {
-		label: "Logout",
-		icon: LogOut,
-		className:
-			"bg-slate-500/10 text-slate-600 dark:text-slate-400 border-slate-500/20",
-	},
-};
-
-const RESOURCE_LABELS: Record<string, string> = {
-	project: "Project",
-	service: "Service",
-	environment: "Environment",
-	deployment: "Deployment",
-	user: "User",
-	customRole: "Custom Role",
-	domain: "Domain",
-	certificate: "Certificate",
-	registry: "Registry",
-	server: "Server",
-	sshKey: "SSH Key",
-	gitProvider: "Git Provider",
-	notification: "Notification",
-	settings: "Settings",
-	session: "Session",
-};
-
-function MetadataCell({ metadata }: { metadata: string | null }) {
-	if (!metadata)
-		return <span className="text-muted-foreground text-sm">—</span>;
-
-	const formatted = React.useMemo(() => {
-		try {
-			return JSON.stringify(JSON.parse(metadata), null, 2);
-		} catch {
-			return metadata;
-		}
-	}, [metadata]);
-
-	return (
-		<Dialog>
-			<DialogTrigger asChild>
-				<Button variant="ghost" size="sm" className="h-7 gap-1.5 text-xs">
-					<FileJson className="h-3.5 w-3.5" />
-					View
-				</Button>
-			</DialogTrigger>
-			<DialogContent className="max-w-lg">
-				<DialogHeader>
-					<DialogTitle>Metadata</DialogTitle>
-				</DialogHeader>
-				<CodeEditor
-					value={formatted}
-					language="json"
-					lineNumbers={false}
-					readOnly
-					className="min-h-[200px] max-h-[400px] overflow-auto rounded-md"
-				/>
-			</DialogContent>
-		</Dialog>
-	);
-}
-
-export const columns: ColumnDef<AuditLog>[] = [
-	{
-		accessorKey: "createdAt",
-		header: ({ column }) => (
-			<Button
-				variant="ghost"
-				onClick={() => column.toggleSorting(column.getIsSorted() === "asc")}
-			>
-				Date
-				<ArrowUpDown className="ml-2 h-4 w-4" />
-			</Button>
-		),
-		cell: ({ row }) => (
-			<span className="text-sm text-muted-foreground whitespace-nowrap">
-				{format(new Date(row.getValue("createdAt")), "MMM d, yyyy HH:mm")}
-			</span>
-		),
-	},
-	{
-		accessorKey: "userEmail",
-		header: ({ column }) => (
-			<Button
-				variant="ghost"
-				onClick={() => column.toggleSorting(column.getIsSorted() === "asc")}
-			>
-				User
-				<ArrowUpDown className="ml-2 h-4 w-4" />
-			</Button>
-		),
-		cell: ({ row }) => (
-			<span className="text-sm">{row.getValue("userEmail")}</span>
-		),
-	},
-	{
-		accessorKey: "action",
-		header: ({ column }) => (
-			<Button
-				variant="ghost"
-				onClick={() => column.toggleSorting(column.getIsSorted() === "asc")}
-			>
-				Action
-				<ArrowUpDown className="ml-2 h-4 w-4" />
-			</Button>
-		),
-		cell: ({ row }) => {
-			const action = row.getValue("action") as string;
-			const config = ACTION_CONFIG[action];
-			if (!config) {
-				return <span className="text-xs text-muted-foreground">{action}</span>;
-			}
-			const Icon = config.icon;
-			return (
-				<span
-					className={`inline-flex items-center gap-1.5 rounded-full border px-2.5 py-0.5 text-xs font-medium ${config.className}`}
-				>
-					<Icon className="size-3" />
-					{config.label}
-				</span>
-			);
-		},
-	},
-	{
-		accessorKey: "resourceType",
-		header: "Resource",
-		cell: ({ row }) => (
-			<span className="text-sm text-muted-foreground">
-				{RESOURCE_LABELS[row.getValue("resourceType") as string] ??
-					row.getValue("resourceType")}
-			</span>
-		),
-	},
-	{
-		accessorKey: "resourceName",
-		header: "Name",
-		cell: ({ row }) => (
-			<span className="text-sm font-medium">
-				{(row.getValue("resourceName") as string) ?? "—"}
-			</span>
-		),
-	},
-	{
-		accessorKey: "userRole",
-		header: "Role",
-		cell: ({ row }) => (
-			<span className="text-sm text-muted-foreground capitalize">
-				{row.getValue("userRole")}
-			</span>
-		),
-	},
-	{
-		accessorKey: "metadata",
-		header: "Metadata",
-		cell: ({ row }) => <MetadataCell metadata={row.getValue("metadata")} />,
-	},
-];
--- a/apps/dokploy/components/proprietary/audit-logs/data-table.tsx
+++ b/apps/dokploy/components/proprietary/audit-logs/data-table.tsx
@@ -1,400 +0,0 @@
-"use client";
-
-import type { AuditLog } from "@dokploy/server/db/schema";
-import { DropdownMenuTrigger } from "@radix-ui/react-dropdown-menu";
-import {
-	type ColumnDef,
-	flexRender,
-	getCoreRowModel,
-	getSortedRowModel,
-	type SortingState,
-	useReactTable,
-	type VisibilityState,
-} from "@tanstack/react-table";
-import { format } from "date-fns";
-import { CalendarIcon, ChevronDown, X } from "lucide-react";
-import React from "react";
-import type { DateRange } from "react-day-picker";
-import { Button } from "@/components/ui/button";
-import { Calendar } from "@/components/ui/calendar";
-import {
-	DropdownMenu,
-	DropdownMenuCheckboxItem,
-	DropdownMenuContent,
-} from "@/components/ui/dropdown-menu";
-import { Input } from "@/components/ui/input";
-import {
-	Popover,
-	PopoverContent,
-	PopoverTrigger,
-} from "@/components/ui/popover";
-import {
-	Select,
-	SelectContent,
-	SelectItem,
-	SelectTrigger,
-	SelectValue,
-} from "@/components/ui/select";
-import {
-	Table,
-	TableBody,
-	TableCell,
-	TableHead,
-	TableHeader,
-	TableRow,
-} from "@/components/ui/table";
-
-const ACTION_OPTIONS = [
-	{ value: "create", label: "Created" },
-	{ value: "update", label: "Updated" },
-	{ value: "delete", label: "Deleted" },
-	{ value: "deploy", label: "Deployed" },
-	{ value: "cancel", label: "Cancelled" },
-	{ value: "redeploy", label: "Redeployed" },
-	{ value: "login", label: "Login" },
-	{ value: "logout", label: "Logout" },
-];
-
-const RESOURCE_OPTIONS = [
-	{ value: "project", label: "Projects" },
-	{ value: "service", label: "Applications / Services" },
-	{ value: "environment", label: "Environments" },
-	{ value: "deployment", label: "Deployments" },
-	{ value: "user", label: "Users" },
-	{ value: "customRole", label: "Custom Roles" },
-	{ value: "domain", label: "Domains" },
-	{ value: "certificate", label: "Certificates" },
-	{ value: "registry", label: "Registries" },
-	{ value: "server", label: "Remote Servers" },
-	{ value: "sshKey", label: "SSH Keys" },
-	{ value: "gitProvider", label: "Git Providers" },
-	{ value: "notification", label: "Notifications" },
-	{ value: "settings", label: "Settings" },
-	{ value: "session", label: "Sessions (Login/Logout)" },
-];
-
-const PAGE_SIZE_OPTIONS = [25, 50, 100, 200];
-
-type AuditAction =
-	| "create"
-	| "update"
-	| "delete"
-	| "deploy"
-	| "cancel"
-	| "redeploy"
-	| "login"
-	| "logout";
-type AuditResourceType =
-	| "project"
-	| "service"
-	| "environment"
-	| "deployment"
-	| "user"
-	| "customRole"
-	| "domain"
-	| "certificate"
-	| "registry"
-	| "server"
-	| "sshKey"
-	| "gitProvider"
-	| "notification"
-	| "settings"
-	| "session";
-
-export interface AuditLogFilters {
-	userEmail: string;
-	resourceName: string;
-	action: AuditAction | "";
-	resourceType: AuditResourceType | "";
-	dateRange: DateRange | undefined;
-}
-
-interface DataTableProps {
-	columns: ColumnDef<AuditLog>[];
-	data: AuditLog[];
-	total: number;
-	pageIndex: number;
-	pageSize: number;
-	filters: AuditLogFilters;
-	onPageChange: (page: number) => void;
-	onPageSizeChange: (size: number) => void;
-	onFilterChange: <K extends keyof AuditLogFilters>(
-		key: K,
-		value: AuditLogFilters[K],
-	) => void;
-	isLoading?: boolean;
-}
-
-export function DataTable({
-	columns,
-	data,
-	total,
-	pageIndex,
-	pageSize,
-	filters,
-	onPageChange,
-	onPageSizeChange,
-	onFilterChange,
-	isLoading,
-}: DataTableProps) {
-	const [sorting, setSorting] = React.useState<SortingState>([
-		{ id: "createdAt", desc: true },
-	]);
-	const [columnVisibility, setColumnVisibility] =
-		React.useState<VisibilityState>({});
-
-	const table = useReactTable({
-		data,
-		columns,
-		onSortingChange: setSorting,
-		getCoreRowModel: getCoreRowModel(),
-		getSortedRowModel: getSortedRowModel(),
-		onColumnVisibilityChange: setColumnVisibility,
-		manualPagination: true,
-		manualFiltering: true,
-		rowCount: total,
-		state: {
-			sorting,
-			columnVisibility,
-		},
-	});
-
-	const pageCount = Math.ceil(total / pageSize);
-	const hasFilters =
-		filters.userEmail ||
-		filters.resourceName ||
-		filters.action ||
-		filters.resourceType ||
-		filters.dateRange;
-
-	return (
-		<div className="flex flex-col gap-4 w-full">
-			<div className="flex items-center gap-2 flex-wrap">
-				<Input
-					placeholder="Filter by user..."
-					value={filters.userEmail}
-					onChange={(e) => onFilterChange("userEmail", e.target.value)}
-					className="max-w-xs"
-				/>
-				<Input
-					placeholder="Filter by name..."
-					value={filters.resourceName}
-					onChange={(e) => onFilterChange("resourceName", e.target.value)}
-					className="max-w-xs"
-				/>
-				<Select
-					value={filters.action || "__all__"}
-					onValueChange={(value) =>
-						onFilterChange(
-							"action",
-							value === "__all__" ? "" : (value as AuditAction),
-						)
-					}
-				>
-					<SelectTrigger className="w-[160px]">
-						<SelectValue placeholder="All actions" />
-					</SelectTrigger>
-					<SelectContent>
-						<SelectItem value="__all__">All actions</SelectItem>
-						{ACTION_OPTIONS.map((opt) => (
-							<SelectItem key={opt.value} value={opt.value}>
-								{opt.label}
-							</SelectItem>
-						))}
-					</SelectContent>
-				</Select>
-				<Select
-					value={filters.resourceType || "__all__"}
-					onValueChange={(value) =>
-						onFilterChange(
-							"resourceType",
-							value === "__all__" ? "" : (value as AuditResourceType),
-						)
-					}
-				>
-					<SelectTrigger className="w-[200px]">
-						<SelectValue placeholder="All resources" />
-					</SelectTrigger>
-					<SelectContent>
-						<SelectItem value="__all__">All resources</SelectItem>
-						{RESOURCE_OPTIONS.map((opt) => (
-							<SelectItem key={opt.value} value={opt.value}>
-								{opt.label}
-							</SelectItem>
-						))}
-					</SelectContent>
-				</Select>
-				<Popover>
-					<PopoverTrigger asChild>
-						<Button
-							variant="outline"
-							size="sm"
-							className="h-9 gap-1.5 text-sm font-normal"
-						>
-							<CalendarIcon className="h-4 w-4" />
-							{filters.dateRange?.from ? (
-								filters.dateRange.to ? (
-									`${format(filters.dateRange.from, "MMM d")} – ${format(filters.dateRange.to, "MMM d, yyyy")}`
-								) : (
-									format(filters.dateRange.from, "MMM d, yyyy")
-								)
-							) : (
-								<span className="text-muted-foreground">Date range</span>
-							)}
-						</Button>
-					</PopoverTrigger>
-					<PopoverContent className="w-auto p-0" align="start">
-						<Calendar
-							mode="range"
-							selected={filters.dateRange}
-							onSelect={(range) => onFilterChange("dateRange", range)}
-							numberOfMonths={2}
-							initialFocus
-						/>
-					</PopoverContent>
-				</Popover>
-				{hasFilters && (
-					<Button
-						variant="ghost"
-						size="sm"
-						onClick={() => {
-							onFilterChange("userEmail", "");
-							onFilterChange("resourceName", "");
-							onFilterChange("action", "");
-							onFilterChange("resourceType", "");
-							onFilterChange("dateRange", undefined);
-						}}
-						className="text-muted-foreground"
-					>
-						<X className="h-4 w-4 mr-1" />
-						Clear
-					</Button>
-				)}
-				<DropdownMenu>
-					<DropdownMenuTrigger asChild>
-						<Button variant="outline" className="ml-auto">
-							Columns <ChevronDown className="ml-2 h-4 w-4" />
-						</Button>
-					</DropdownMenuTrigger>
-					<DropdownMenuContent align="end">
-						{table
-							.getAllColumns()
-							.filter((col) => col.getCanHide())
-							.map((col) => (
-								<DropdownMenuCheckboxItem
-									key={col.id}
-									className="capitalize"
-									checked={col.getIsVisible()}
-									onCheckedChange={(value) => col.toggleVisibility(!!value)}
-								>
-									{col.id}
-								</DropdownMenuCheckboxItem>
-							))}
-					</DropdownMenuContent>
-				</DropdownMenu>
-			</div>
-
-			<div className="rounded-md border overflow-auto">
-				<Table>
-					<TableHeader>
-						{table.getHeaderGroups().map((headerGroup) => (
-							<TableRow key={headerGroup.id}>
-								{headerGroup.headers.map((header) => (
-									<TableHead key={header.id}>
-										{header.isPlaceholder
-											? null
-											: flexRender(
-													header.column.columnDef.header,
-													header.getContext(),
-												)}
-									</TableHead>
-								))}
-							</TableRow>
-						))}
-					</TableHeader>
-					<TableBody>
-						{isLoading ? (
-							<TableRow>
-								<TableCell
-									colSpan={columns.length}
-									className="h-24 text-center text-muted-foreground"
-								>
-									Loading...
-								</TableCell>
-							</TableRow>
-						) : table.getRowModel().rows.length ? (
-							table.getRowModel().rows.map((row) => (
-								<TableRow key={row.id}>
-									{row.getVisibleCells().map((cell) => (
-										<TableCell key={cell.id}>
-											{flexRender(
-												cell.column.columnDef.cell,
-												cell.getContext(),
-											)}
-										</TableCell>
-									))}
-								</TableRow>
-							))
-						) : (
-							<TableRow>
-								<TableCell
-									colSpan={columns.length}
-									className="h-24 text-center text-muted-foreground"
-								>
-									No audit logs found.
-								</TableCell>
-							</TableRow>
-						)}
-					</TableBody>
-				</Table>
-			</div>
-
-			<div className="flex items-center justify-between text-sm text-muted-foreground">
-				<span>
-					{total} {total === 1 ? "entry" : "entries"} total
-				</span>
-				<div className="flex items-center gap-3">
-					<div className="flex items-center gap-2">
-						<span className="text-sm whitespace-nowrap">Rows per page</span>
-						<Select
-							value={String(pageSize)}
-							onValueChange={(value) => onPageSizeChange(Number(value))}
-						>
-							<SelectTrigger className="w-[80px] h-8">
-								<SelectValue />
-							</SelectTrigger>
-							<SelectContent>
-								{PAGE_SIZE_OPTIONS.map((size) => (
-									<SelectItem key={size} value={String(size)}>
-										{size}
-									</SelectItem>
-								))}
-							</SelectContent>
-						</Select>
-					</div>
-					<span className="whitespace-nowrap">
-						Page {pageIndex + 1} of {Math.max(1, pageCount)}
-					</span>
-					<div className="flex gap-2">
-						<Button
-							variant="outline"
-							size="sm"
-							onClick={() => onPageChange(pageIndex - 1)}
-							disabled={pageIndex === 0}
-						>
-							Previous
-						</Button>
-						<Button
-							variant="outline"
-							size="sm"
-							onClick={() => onPageChange(pageIndex + 1)}
-							disabled={pageIndex + 1 >= pageCount}
-						>
-							Next
-						</Button>
-					</div>
-				</div>
-			</div>
-		</div>
-	);
-}
--- a/apps/dokploy/components/proprietary/audit-logs/show-audit-logs.tsx
+++ b/apps/dokploy/components/proprietary/audit-logs/show-audit-logs.tsx
@@ -1,112 +0,0 @@
-import { ClipboardList } from "lucide-react";
-import React from "react";
-import { EnterpriseFeatureGate } from "@/components/proprietary/enterprise-feature-gate";
-import {
-	Card,
-	CardContent,
-	CardDescription,
-	CardHeader,
-	CardTitle,
-} from "@/components/ui/card";
-import { api } from "@/utils/api";
-import { columns } from "./columns";
-import { type AuditLogFilters, DataTable } from "./data-table";
-
-function AuditLogsContent() {
-	const [pageIndex, setPageIndex] = React.useState(0);
-	const [pageSize, setPageSize] = React.useState(50);
-	const [filters, setFilters] = React.useState<AuditLogFilters>({
-		userEmail: "",
-		resourceName: "",
-		action: "",
-		resourceType: "",
-		dateRange: undefined,
-	});
-
-	const [debouncedText, setDebouncedText] = React.useState({
-		userEmail: "",
-		resourceName: "",
-	});
-
-	React.useEffect(() => {
-		const t = setTimeout(() => {
-			setDebouncedText({
-				userEmail: filters.userEmail,
-				resourceName: filters.resourceName,
-			});
-			setPageIndex(0);
-		}, 400);
-		return () => clearTimeout(t);
-	}, [filters.userEmail, filters.resourceName]);
-
-	const handleFilterChange = <K extends keyof AuditLogFilters>(
-		key: K,
-		value: AuditLogFilters[K],
-	) => {
-		setFilters((prev) => ({ ...prev, [key]: value }));
-		if (key !== "userEmail" && key !== "resourceName") {
-			setPageIndex(0);
-		}
-	};
-
-	const handlePageSizeChange = (size: number) => {
-		setPageSize(size);
-		setPageIndex(0);
-	};
-
-	const { data, isLoading } = api.auditLog.all.useQuery({
-		userEmail: debouncedText.userEmail || undefined,
-		resourceName: debouncedText.resourceName || undefined,
-		action: filters.action || undefined,
-		resourceType: filters.resourceType || undefined,
-		from: filters.dateRange?.from,
-		to: filters.dateRange?.to,
-		limit: pageSize,
-		offset: pageIndex * pageSize,
-	});
-
-	return (
-		<DataTable
-			columns={columns}
-			data={data?.logs ?? []}
-			total={data?.total ?? 0}
-			pageIndex={pageIndex}
-			pageSize={pageSize}
-			filters={filters}
-			onPageChange={setPageIndex}
-			onPageSizeChange={handlePageSizeChange}
-			onFilterChange={handleFilterChange}
-			isLoading={isLoading}
-		/>
-	);
-}
-
-export function ShowAuditLogs() {
-	return (
-		<Card className="h-full bg-sidebar p-2.5 rounded-xl max-w-6xl w-full mx-auto">
-			<div className="rounded-xl bg-background shadow-md ">
-				<EnterpriseFeatureGate
-					lockedProps={{
-						title: "Audit Logs",
-						description:
-							"Get full visibility into every action performed across your organization. Audit logs are available as part of Dokploy Enterprise.",
-						ctaLabel: "Manage License",
-					}}
-				>
-					<CardHeader>
-						<CardTitle className="text-xl flex flex-row gap-2">
-							<ClipboardList className="h-5 w-5 text-muted-foreground self-center" />
-							Audit Logs
-						</CardTitle>
-						<CardDescription>
-							Track all actions performed by members in your organization.
-						</CardDescription>
-					</CardHeader>
-					<CardContent className="space-y-2 py-8 border-t">
-						<AuditLogsContent />
-					</CardContent>
-				</EnterpriseFeatureGate>
-			</div>
-		</Card>
-	);
-}
--- a/apps/dokploy/components/proprietary/roles/manage-custom-roles.tsx
+++ b/apps/dokploy/components/proprietary/roles/manage-custom-roles.tsx
--- a/apps/dokploy/components/shared/breadcrumb-sidebar.tsx
+++ b/apps/dokploy/components/shared/breadcrumb-sidebar.tsx
@@ -17,8 +17,6 @@ import {
 } from "@/components/ui/dropdown-menu";
 import { Separator } from "@/components/ui/separator";
 import { SidebarTrigger } from "@/components/ui/sidebar";
-import { TimeBadge } from "@/components/ui/time-badge";
-import { api } from "@/utils/api";

 interface BreadcrumbEntry {
 	name: string;
@@ -34,11 +32,9 @@ interface Props {
 }

 export const BreadcrumbSidebar = ({ list }: Props) => {
-	const { data: isCloud } = api.settings.isCloud.useQuery();
-
 	return (
 		<header className="flex h-16 shrink-0 items-center gap-2 transition-[width,height] ease-linear group-has-[[data-collapsible=icon]]/sidebar-wrapper:h-12">
-			<div className="flex items-center justify-between w-full px-4">
+			<div className="flex items-center justify-between w-full">
 				<div className="flex items-center gap-2">
 					<SidebarTrigger className="-ml-1" />
 					<Separator orientation="vertical" className="mr-2 h-4" />
@@ -79,7 +75,6 @@ export const BreadcrumbSidebar = ({ list }: Props) => {
 						</BreadcrumbList>
 					</Breadcrumb>
 				</div>
-				{!isCloud && <TimeBadge />}
 			</div>
 		</header>
 	);
--- a/apps/dokploy/components/ui/sidebar.tsx
+++ b/apps/dokploy/components/ui/sidebar.tsx
@@ -213,9 +213,7 @@ const Sidebar = React.forwardRef<
 						}
 						side={side}
 					>
-						<div className="flex h-full w-full flex-col overflow-hidden">
-							{children}
-						</div>
+						<div className="flex h-full w-full flex-col">{children}</div>
 					</SheetContent>
 				</Sheet>
 			);
@@ -414,7 +412,7 @@ const SidebarContent = React.forwardRef<
 			ref={ref}
 			data-sidebar="content"
 			className={cn(
-				"flex min-h-0 flex-1 flex-col gap-2 overflow-auto group-data-[collapsible=icon]:overflow-y-auto",
+				"flex min-h-0 flex-1 flex-col gap-2 overflow-auto group-data-[collapsible=icon]:overflow-hidden",
 				className,
 			)}
 			{...props}
--- a/apps/dokploy/drizzle/0149_rare_radioactive_man.sql
+++ b/apps/dokploy/drizzle/0149_rare_radioactive_man.sql
@@ -1,31 +0,0 @@
-CREATE TABLE "organization_role" (
-	"id" text PRIMARY KEY NOT NULL,
-	"organization_id" text NOT NULL,
-	"role" text NOT NULL,
-	"permission" text NOT NULL,
-	"created_at" timestamp DEFAULT now() NOT NULL,
-	"updated_at" timestamp
-);
--> statement-breakpoint
-CREATE TABLE "audit_log" (
-	"id" text PRIMARY KEY NOT NULL,
-	"organization_id" text,
-	"user_id" text,
-	"user_email" text NOT NULL,
-	"user_role" text NOT NULL,
-	"action" text NOT NULL,
-	"resource_type" text NOT NULL,
-	"resource_id" text,
-	"resource_name" text,
-	"metadata" text,
-	"created_at" timestamp DEFAULT now() NOT NULL
-);
--> statement-breakpoint
-ALTER TABLE "organization_role" ADD CONSTRAINT "organization_role_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "audit_log" ADD CONSTRAINT "audit_log_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "audit_log" ADD CONSTRAINT "audit_log_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
-CREATE INDEX "organizationRole_organizationId_idx" ON "organization_role" USING btree ("organization_id");--> statement-breakpoint
-CREATE INDEX "organizationRole_role_idx" ON "organization_role" USING btree ("role");--> statement-breakpoint
-CREATE INDEX "auditLog_organizationId_idx" ON "audit_log" USING btree ("organization_id");--> statement-breakpoint
-CREATE INDEX "auditLog_userId_idx" ON "audit_log" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "auditLog_createdAt_idx" ON "audit_log" USING btree ("created_at");
--- a/apps/dokploy/drizzle/0150_nappy_blue_blade.sql
+++ b/apps/dokploy/drizzle/0150_nappy_blue_blade.sql
@@ -1,5 +0,0 @@
-ALTER TABLE "apikey" ALTER COLUMN "user_id" DROP NOT NULL;--> statement-breakpoint
-ALTER TABLE "apikey" ADD COLUMN "config_id" text DEFAULT 'default' NOT NULL;--> statement-breakpoint
-ALTER TABLE "apikey" ADD COLUMN "reference_id" text;--> statement-breakpoint
-UPDATE "apikey" SET "reference_id" = "user_id" WHERE "reference_id" IS NULL;--> statement-breakpoint
-ALTER TABLE "apikey" ALTER COLUMN "reference_id" SET NOT NULL;
--- a/apps/dokploy/drizzle/0151_modern_sunfire.sql
+++ b/apps/dokploy/drizzle/0151_modern_sunfire.sql
@@ -1,4 +0,0 @@
-ALTER TABLE "apikey" DROP CONSTRAINT "apikey_user_id_user_id_fk";
--> statement-breakpoint
-ALTER TABLE "apikey" ADD CONSTRAINT "apikey_reference_id_user_id_fk" FOREIGN KEY ("reference_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "apikey" DROP COLUMN "user_id";
--- a/apps/dokploy/drizzle/meta/0149_snapshot.json
+++ b/apps/dokploy/drizzle/meta/0149_snapshot.json
--- a/apps/dokploy/drizzle/meta/0150_snapshot.json
+++ b/apps/dokploy/drizzle/meta/0150_snapshot.json
--- a/apps/dokploy/drizzle/meta/0151_snapshot.json
+++ b/apps/dokploy/drizzle/meta/0151_snapshot.json
--- a/apps/dokploy/drizzle/meta/_journal.json
+++ b/apps/dokploy/drizzle/meta/_journal.json
@@ -1044,27 +1044,6 @@
      "when": 1773129798212,
      "tag": "0148_futuristic_bullseye",
      "breakpoints": true
-    },
-    {
-      "idx": 149,
-      "version": "7",
-      "when": 1773637297592,
-      "tag": "0149_rare_radioactive_man",
-      "breakpoints": true
-    },
-    {
-      "idx": 150,
-      "version": "7",
-      "when": 1773870095817,
-      "tag": "0150_nappy_blue_blade",
-      "breakpoints": true
-    },
-    {
-      "idx": 151,
-      "version": "7",
-      "when": 1773872561300,
-      "tag": "0151_modern_sunfire",
-      "breakpoints": true
    }
  ]
 }
--- a/apps/dokploy/lib/auth-client.ts
+++ b/apps/dokploy/lib/auth-client.ts
@@ -1,7 +1,7 @@
 import { ssoClient } from "@better-auth/sso/client";
-import { apiKeyClient } from "@better-auth/api-key/client";
 import {
 	adminClient,
+	apiKeyClient,
 	inferAdditionalFields,
 	organizationClient,
 	twoFactorClient,
--- a/apps/dokploy/package.json
+++ b/apps/dokploy/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "dokploy",
-	"version": "v0.28.8",
+	"version": "v0.28.5",
 	"private": true,
 	"license": "Apache-2.0",
 	"type": "module",
@@ -46,8 +46,7 @@
 		"@ai-sdk/mistral": "^3.0.20",
 		"@ai-sdk/openai": "^3.0.29",
 		"@ai-sdk/openai-compatible": "^2.0.30",
-		"@better-auth/api-key": "1.5.4",
-		"@better-auth/sso": "1.5.4",
+		"@better-auth/sso": "1.5.0-beta.16",
 		"@codemirror/autocomplete": "^6.18.6",
 		"@codemirror/lang-css": "^6.3.1",
 		"@codemirror/lang-json": "^6.0.1",
@@ -100,7 +99,7 @@
 		"ai": "^6.0.86",
 		"ai-sdk-ollama": "^3.7.0",
 		"bcrypt": "5.1.1",
-		"better-auth": "1.5.4",
+		"better-auth": "1.5.0-beta.16",
 		"bl": "6.0.11",
 		"boxen": "^7.1.1",
 		"bullmq": "5.67.3",
--- a/apps/dokploy/pages/dashboard/deployments.tsx
+++ b/apps/dokploy/pages/dashboard/deployments.tsx
@@ -1,5 +1,4 @@
 import { validateRequest } from "@dokploy/server/lib/auth";
-import { hasPermission } from "@dokploy/server/services/permission";
 import { Rocket } from "lucide-react";
 import type { GetServerSidePropsContext } from "next";
 import { useRouter } from "next/router";
@@ -80,7 +79,7 @@ DeploymentsPage.getLayout = (page: ReactElement) => {
 };

 export async function getServerSideProps(ctx: GetServerSidePropsContext) {
-	const { user, session } = await validateRequest(ctx.req);
+	const { user } = await validateRequest(ctx.req);
 	if (!user) {
 		return {
 			redirect: {
@@ -89,24 +88,6 @@ export async function getServerSideProps(ctx: GetServerSidePropsContext) {
 			},
 		};
 	}
-
-	const canView = await hasPermission(
-		{
-			user: { id: user.id },
-			session: { activeOrganizationId: session?.activeOrganizationId || "" },
-		},
-		{ deployment: ["read"] },
-	);
-
-	if (!canView) {
-		return {
-			redirect: {
-				permanent: false,
-				destination: "/dashboard/projects",
-			},
-		};
-	}
-
 	return {
 		props: {},
 	};
--- a/apps/dokploy/pages/dashboard/docker.tsx
+++ b/apps/dokploy/pages/dashboard/docker.tsx
@@ -53,15 +53,19 @@ export async function getServerSideProps(
 	try {
 		await helpers.project.all.prefetch();

-		const userPermissions = await helpers.user.getPermissions.fetch();
+		if (user.role === "member") {
+			const userR = await helpers.user.one.fetch({
+				userId: user.id,
+			});

-		if (!userPermissions?.docker.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
+			if (!userR?.canAccessToDocker) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
 		}
 		return {
 			props: {
--- a/apps/dokploy/pages/dashboard/monitoring.tsx
+++ b/apps/dokploy/pages/dashboard/monitoring.tsx
@@ -1,6 +1,5 @@
 import { IS_CLOUD } from "@dokploy/server/constants";
 import { validateRequest } from "@dokploy/server/lib/auth";
-import { hasPermission } from "@dokploy/server/services/permission";
 import { Loader2 } from "lucide-react";
 import type { GetServerSidePropsContext } from "next";
 import type { ReactElement } from "react";
@@ -100,7 +99,7 @@ export async function getServerSideProps(
 			},
 		};
 	}
-	const { user, session } = await validateRequest(ctx.req);
+	const { user } = await validateRequest(ctx.req);
 	if (!user) {
 		return {
 			redirect: {
@@ -110,23 +109,6 @@ export async function getServerSideProps(
 		};
 	}

-	const canView = await hasPermission(
-		{
-			user: { id: user.id },
-			session: { activeOrganizationId: session?.activeOrganizationId || "" },
-		},
-		{ monitoring: ["read"] },
-	);
-
-	if (!canView) {
-		return {
-			redirect: {
-				permanent: false,
-				destination: "/dashboard/projects",
-			},
-		};
-	}
-
 	return {
 		props: {},
 	};
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId].tsx
@@ -272,7 +272,6 @@ const EnvironmentPage = (
 	const [isBulkActionLoading, setIsBulkActionLoading] = useState(false);
 	const { projectId, environmentId } = props;
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: environments } = api.environment.byProjectId.useQuery({
 		projectId: projectId,
@@ -906,7 +905,9 @@ const EnvironmentPage = (
 									<ProjectEnvironment projectId={projectId}>
 										<Button variant="outline">Project Environment</Button>
 									</ProjectEnvironment>
-									{permissions?.service.create && (
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canCreateServices) && (
 										<DropdownMenu>
 											<DropdownMenuTrigger asChild>
 												<Button>
@@ -1028,7 +1029,9 @@ const EnvironmentPage = (
 														Stop
 													</Button>
 												</DialogAction>
-												{permissions?.service.delete && (
+												{(auth?.role === "owner" ||
+													auth?.role === "admin" ||
+													auth?.canDeleteServices) && (
 													<>
 														<DialogAction
 															title="Delete Services"
@@ -1621,7 +1624,6 @@ export async function getServerSideProps(
 					environmentId: params.environmentId,
 				});
 			} catch (error) {
-				console.log(error);
 				// If user doesn't have access to requested environment, redirect to accessible one
 				const accessibleEnvironments =
 					await helpers.environment.byProjectId.fetch({
@@ -1641,11 +1643,11 @@ export async function getServerSideProps(
 						},
 					};
 				}
-				// No accessible environments, redirect to projects
+				// No accessible environments, redirect to home
 				return {
 					redirect: {
 						permanent: false,
-						destination: "/dashboard/projects",
+						destination: "/",
 					},
 				};
 			}
@@ -1661,8 +1663,7 @@ export async function getServerSideProps(
 					environmentId: params.environmentId,
 				},
 			};
-		} catch (error) {
-			console.log(error);
+		} catch {
 			return {
 				redirect: {
 					permanent: false,
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/application/[applicationId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/application/[applicationId].tsx
@@ -92,7 +92,6 @@ const Service = (

 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: environments } = api.environment.byProjectId.useQuery({
 		projectId: data?.environment?.project?.projectId || "",
@@ -198,10 +197,10 @@ const Service = (
 								</div>

 								<div className="flex flex-row gap-2 justify-end">
-									{permissions?.service.create && (
-										<UpdateApplication applicationId={applicationId} />
-									)}
-									{permissions?.service.delete && (
+									<UpdateApplication applicationId={applicationId} />
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canDeleteServices) && (
 										<DeleteService id={applicationId} type="application" />
 									)}
 								</div>
@@ -243,47 +242,24 @@ const Service = (
 									<div className="flex flex-row items-center justify-between w-full overflow-auto">
 										<TabsList className="flex gap-8 max-md:gap-4 justify-start">
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
-											)}
-											{permissions?.domain.read && (
-												<TabsTrigger value="domains">Domains</TabsTrigger>
-											)}
-											{permissions?.deployment.read && (
-												<TabsTrigger value="deployments">
-													Deployments
-												</TabsTrigger>
-											)}
-											{permissions?.deployment.read && (
-												<TabsTrigger value="preview-deployments">
-													Preview Deployments
-												</TabsTrigger>
-											)}
-											{permissions?.schedule.read && (
-												<TabsTrigger value="schedules">Schedules</TabsTrigger>
-											)}
-											{permissions?.volumeBackup.read && (
-												<TabsTrigger value="volume-backups">
-													Volume Backups
-												</TabsTrigger>
-											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="domains">Domains</TabsTrigger>
+											<TabsTrigger value="deployments">Deployments</TabsTrigger>
+											<TabsTrigger value="preview-deployments">
+												Preview Deployments
+											</TabsTrigger>
+											<TabsTrigger value="schedules">Schedules</TabsTrigger>
+											<TabsTrigger value="volume-backups">
+												Volume Backups
+											</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
 											{data?.sourceType !== "docker" && (
 												<TabsTrigger value="patches">Patches</TabsTrigger>
 											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -292,29 +268,26 @@ const Service = (
 											<ShowGeneralApplication applicationId={applicationId} />
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment applicationId={applicationId} />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment applicationId={applicationId} />
+										</div>
+									</TabsContent>

-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col gap-4 border rounded-lg p-6">
-													{data?.serverId && isCloud ? (
-														<ContainerPaidMonitoring
-															appName={data?.appName || ""}
-															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
-														/>
-													) : (
-														<>
-															{/* {monitoring?.enabledFeatures &&
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col gap-4 border rounded-lg p-6">
+												{data?.serverId && isCloud ? (
+													<ContainerPaidMonitoring
+														appName={data?.appName || ""}
+														baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+													/>
+												) : (
+													<>
+														{/* {monitoring?.enabledFeatures &&
 															isCloud &&
 															data?.serverId && (
 																<div className="flex flex-row border w-fit p-4 rounded-lg items-center gap-2">
@@ -328,7 +301,7 @@ const Service = (
 																</div>
 															)} */}

-															{/* {toggleMonitoring ? (
+														{/* {toggleMonitoring ? (
 															<ContainerPaidMonitoring
 																appName={data?.appName || ""}
 																baseUrl={`http://${monitoring?.serverIp}:${monitoring?.metricsConfig?.server?.port}`}
@@ -337,102 +310,84 @@ const Service = (
 																}
 															/>
 														) : ( */}
-															<div>
-																<ContainerFreeMonitoring
-																	appName={data?.appName || ""}
-																/>
-															</div>
-															{/* )} */}
-														</>
-													)}
-												</div>
+														<div>
+															<ContainerFreeMonitoring
+																appName={data?.appName || ""}
+															/>
+														</div>
+														{/* )} */}
+													</>
+												)}
 											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>

-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDockerLogs
-													appName={data?.appName || ""}
-													serverId={data?.serverId || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.schedule.read && (
-										<TabsContent value="schedules">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowSchedules
-													id={applicationId}
-													scheduleType="application"
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.deployment.read && (
-										<TabsContent value="deployments" className="w-full pt-2.5">
-											<div className="flex flex-col gap-4 border rounded-lg">
-												<ShowDeployments
-													id={applicationId}
-													type="application"
-													serverId={data?.serverId || ""}
-													refreshToken={data?.refreshToken || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.volumeBackup.read && (
-										<TabsContent
-											value="volume-backups"
-											className="w-full pt-2.5"
-										>
-											<div className="flex flex-col gap-4 border rounded-lg">
-												<ShowVolumeBackups
-													id={applicationId}
-													type="application"
-													serverId={data?.serverId || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.deployment.read && (
-										<TabsContent value="preview-deployments" className="w-full">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowPreviewDeployments applicationId={applicationId} />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.domain.read && (
-										<TabsContent value="domains" className="w-full">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDomains id={applicationId} type="application" />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDockerLogs
+												appName={data?.appName || ""}
+												serverId={data?.serverId || ""}
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="schedules">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowSchedules
+												id={applicationId}
+												scheduleType="application"
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="deployments" className="w-full pt-2.5">
+										<div className="flex flex-col gap-4 border rounded-lg">
+											<ShowDeployments
+												id={applicationId}
+												type="application"
+												serverId={data?.serverId || ""}
+												refreshToken={data?.refreshToken || ""}
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="volume-backups" className="w-full pt-2.5">
+										<div className="flex flex-col gap-4 border rounded-lg">
+											<ShowVolumeBackups
+												id={applicationId}
+												type="application"
+												serverId={data?.serverId || ""}
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="preview-deployments" className="w-full">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowPreviewDeployments applicationId={applicationId} />
+										</div>
+									</TabsContent>
+									<TabsContent value="domains" className="w-full">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDomains id={applicationId} type="application" />
+										</div>
+									</TabsContent>
 									<TabsContent value="patches" className="w-full">
 										<div className="flex flex-col gap-4 pt-2.5">
 											<ShowPatches id={applicationId} type="application" />
 										</div>
 									</TabsContent>
-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<AddCommand applicationId={applicationId} />
-												<ShowClusterSettings
-													id={applicationId}
-													type="application"
-												/>
-												<ShowBuildServer applicationId={applicationId} />
-												<ShowResources id={applicationId} type="application" />
-												<ShowVolumes id={applicationId} type="application" />
-												<ShowRedirects applicationId={applicationId} />
-												<ShowSecurity applicationId={applicationId} />
-												<ShowPorts applicationId={applicationId} />
-												<ShowTraefikConfig applicationId={applicationId} />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<AddCommand applicationId={applicationId} />
+											<ShowClusterSettings
+												id={applicationId}
+												type="application"
+											/>
+											<ShowBuildServer applicationId={applicationId} />
+											<ShowResources id={applicationId} type="application" />
+											<ShowVolumes id={applicationId} type="application" />
+											<ShowRedirects applicationId={applicationId} />
+											<ShowSecurity applicationId={applicationId} />
+											<ShowPorts applicationId={applicationId} />
+											<ShowTraefikConfig applicationId={applicationId} />
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/compose/[composeId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/compose/[composeId].tsx
@@ -81,7 +81,6 @@ const Service = (
 	const { data } = api.compose.one.useQuery({ composeId });

 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();
 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: environments } = api.environment.byProjectId.useQuery({
 		projectId: data?.environment?.projectId || "",
@@ -186,11 +185,11 @@ const Service = (
 										)}
 									</div>
 									<div className="flex flex-row gap-2 justify-end">
-										{permissions?.service.create && (
-											<UpdateCompose composeId={composeId} />
-										)}
+										<UpdateCompose composeId={composeId} />

-										{permissions?.service.delete && (
+										{(auth?.role === "owner" ||
+											auth?.role === "admin" ||
+											auth?.canDeleteServices) && (
 											<DeleteService id={composeId} type="compose" />
 										)}
 									</div>
@@ -233,45 +232,22 @@ const Service = (
 									<div className="flex flex-row items-center w-full overflow-auto">
 										<TabsList className="flex gap-8 max-md:gap-4 justify-start">
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
-											)}
-											{permissions?.domain.read && (
-												<TabsTrigger value="domains">Domains</TabsTrigger>
-											)}
-											{permissions?.deployment.read && (
-												<TabsTrigger value="deployments">
-													Deployments
-												</TabsTrigger>
-											)}
-											{permissions?.service.create && (
-												<TabsTrigger value="backups">Backups</TabsTrigger>
-											)}
-											{permissions?.schedule.read && (
-												<TabsTrigger value="schedules">Schedules</TabsTrigger>
-											)}
-											{permissions?.volumeBackup.read && (
-												<TabsTrigger value="volumeBackups">
-													Volume Backups
-												</TabsTrigger>
-											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="domains">Domains</TabsTrigger>
+											<TabsTrigger value="deployments">Deployments</TabsTrigger>
+											<TabsTrigger value="backups">Backups</TabsTrigger>
+											<TabsTrigger value="schedules">Schedules</TabsTrigger>
+											<TabsTrigger value="volumeBackups">
+												Volume Backups
+											</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
 											{data?.sourceType !== "raw" && (
 												<TabsTrigger value="patches">Patches</TabsTrigger>
 											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -280,56 +256,47 @@ const Service = (
 											<ShowGeneralCompose composeId={composeId} />
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment id={composeId} type="compose" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.service.create && (
-										<TabsContent value="backups">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowBackups id={composeId} backupType="compose" />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment id={composeId} type="compose" />
+										</div>
+									</TabsContent>
+									<TabsContent value="backups">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowBackups id={composeId} backupType="compose" />
+										</div>
+									</TabsContent>

-									{permissions?.schedule.read && (
-										<TabsContent value="schedules">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowSchedules id={composeId} scheduleType="compose" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.volumeBackup.read && (
-										<TabsContent value="volumeBackups">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowVolumeBackups
-													id={composeId}
-													type="compose"
-													serverId={data?.serverId || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col border rounded-lg ">
-													{data?.serverId && isCloud ? (
-														<ComposePaidMonitoring
-															serverId={data?.serverId || ""}
-															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-															appName={data?.appName || ""}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
-															appType={data?.composeType || "docker-compose"}
-														/>
-													) : (
-														<>
-															{/* {monitoring?.enabledFeatures &&
+									<TabsContent value="schedules">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowSchedules id={composeId} scheduleType="compose" />
+										</div>
+									</TabsContent>
+									<TabsContent value="volumeBackups">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowVolumeBackups
+												id={composeId}
+												type="compose"
+												serverId={data?.serverId || ""}
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col border rounded-lg ">
+												{data?.serverId && isCloud ? (
+													<ComposePaidMonitoring
+														serverId={data?.serverId || ""}
+														baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+														appName={data?.appName || ""}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+														appType={data?.composeType || "docker-compose"}
+													/>
+												) : (
+													<>
+														{/* {monitoring?.enabledFeatures &&
 															isCloud &&
 															data?.serverId && (
 																<div className="flex flex-row border w-fit p-4 rounded-lg items-center gap-2 m-4">
@@ -353,60 +320,53 @@ const Service = (
 																appType={data?.composeType || "docker-compose"}
 															/>
 														) : ( */}
-															{/* <div> */}
-															<ComposeFreeMonitoring
-																serverId={data?.serverId || ""}
-																appName={data?.appName || ""}
-																appType={data?.composeType || "docker-compose"}
-															/>
-															{/* </div> */}
-															{/* )} */}
-														</>
-													)}
-												</div>
-											</div>
-										</TabsContent>
-									)}
-
-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4 pt-2.5">
-												{data?.composeType === "docker-compose" ? (
-													<ShowDockerLogsCompose
-														serverId={data?.serverId || ""}
-														appName={data?.appName || ""}
-														appType={data?.composeType || "docker-compose"}
-													/>
-												) : (
-													<ShowDockerLogsStack
-														serverId={data?.serverId || ""}
-														appName={data?.appName || ""}
-													/>
+														{/* <div> */}
+														<ComposeFreeMonitoring
+															serverId={data?.serverId || ""}
+															appName={data?.appName || ""}
+															appType={data?.composeType || "docker-compose"}
+														/>
+														{/* </div> */}
+														{/* )} */}
+													</>
 												)}
 											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>

-									{permissions?.deployment.read && (
-										<TabsContent value="deployments" className="w-full pt-2.5">
-											<div className="flex flex-col gap-4 border rounded-lg">
-												<ShowDeployments
-													id={composeId}
-													type="compose"
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4 pt-2.5">
+											{data?.composeType === "docker-compose" ? (
+												<ShowDockerLogsCompose
 													serverId={data?.serverId || ""}
-													refreshToken={data?.refreshToken || ""}
+													appName={data?.appName || ""}
+													appType={data?.composeType || "docker-compose"}
 												/>
-											</div>
-										</TabsContent>
-									)}
+											) : (
+												<ShowDockerLogsStack
+													serverId={data?.serverId || ""}
+													appName={data?.appName || ""}
+												/>
+											)}
+										</div>
+									</TabsContent>

-									{permissions?.domain.read && (
-										<TabsContent value="domains">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDomains id={composeId} type="compose" />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="deployments" className="w-full pt-2.5">
+										<div className="flex flex-col gap-4 border rounded-lg">
+											<ShowDeployments
+												id={composeId}
+												type="compose"
+												serverId={data?.serverId || ""}
+												refreshToken={data?.refreshToken || ""}
+											/>
+										</div>
+									</TabsContent>
+
+									<TabsContent value="domains">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDomains id={composeId} type="compose" />
+										</div>
+									</TabsContent>

 									<TabsContent value="patches" className="w-full">
 										<div className="flex flex-col gap-4 pt-2.5">
@@ -414,16 +374,14 @@ const Service = (
 										</div>
 									</TabsContent>

-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<AddCommandCompose composeId={composeId} />
-												<ShowVolumes id={composeId} type="compose" />
-												<ShowImport composeId={composeId} />
-												<IsolatedDeploymentTab composeId={composeId} />
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<AddCommandCompose composeId={composeId} />
+											<ShowVolumes id={composeId} type="compose" />
+											<ShowImport composeId={composeId} />
+											<IsolatedDeploymentTab composeId={composeId} />
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mariadb/[mariadbId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mariadb/[mariadbId].tsx
@@ -60,7 +60,6 @@ const Mariadb = (
 	const [tab, setSab] = useState<TabState>(activeTab);
 	const { data } = api.mariadb.one.useQuery({ mariadbId });
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: isCloud } = api.settings.isCloud.useQuery();

@@ -160,10 +159,10 @@ const Mariadb = (
 									)}
 								</div>
 								<div className="flex flex-row gap-2 justify-end">
-									{permissions?.service.create && (
-										<UpdateMariadb mariadbId={mariadbId} />
-									)}
-									{permissions?.service.delete && (
+									<UpdateMariadb mariadbId={mariadbId} />
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canDeleteServices) && (
 										<DeleteService id={mariadbId} type="mariadb" />
 									)}
 								</div>
@@ -215,24 +214,13 @@ const Mariadb = (
 											)}
 										>
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
 											<TabsTrigger value="backups">Backups</TabsTrigger>
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
-											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -243,28 +231,25 @@ const Mariadb = (
 											<ShowExternalMariadbCredentials mariadbId={mariadbId} />
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment id={mariadbId} type="mariadb" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col gap-4 border rounded-lg p-6">
-													{data?.serverId && isCloud ? (
-														<ContainerPaidMonitoring
-															appName={data?.appName || ""}
-															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
-														/>
-													) : (
-														<>
-															{/* {monitoring?.enabledFeatures && (
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment id={mariadbId} type="mariadb" />
+										</div>
+									</TabsContent>
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col gap-4 border rounded-lg p-6">
+												{data?.serverId && isCloud ? (
+													<ContainerPaidMonitoring
+														appName={data?.appName || ""}
+														baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+													/>
+												) : (
+													<>
+														{/* {monitoring?.enabledFeatures && (
 															<div className="flex flex-row border w-fit p-4 rounded-lg items-center gap-2">
 																<Label className="text-muted-foreground">
 																	Change Monitoring
@@ -286,42 +271,37 @@ const Mariadb = (
 															/>
 														) : (
 															<div> */}
-															<ContainerFreeMonitoring
-																appName={data?.appName || ""}
-															/>
-															{/* </div> */}
-															{/* )} */}
-														</>
-													)}
-												</div>
+														<ContainerFreeMonitoring
+															appName={data?.appName || ""}
+														/>
+														{/* </div> */}
+														{/* )} */}
+													</>
+												)}
 											</div>
-										</TabsContent>
-									)}
-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4  pt-2.5">
-												<ShowDockerLogs
-													serverId={data?.serverId || ""}
-													appName={data?.appName || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4  pt-2.5">
+											<ShowDockerLogs
+												serverId={data?.serverId || ""}
+												appName={data?.appName || ""}
+											/>
+										</div>
+									</TabsContent>
 									<TabsContent value="backups">
 										<div className="flex flex-col gap-4 pt-2.5">
 											<ShowBackups id={mariadbId} databaseType="mariadb" />
 										</div>
 									</TabsContent>
-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDatabaseAdvancedSettings
-													id={mariadbId}
-													type="mariadb"
-												/>
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDatabaseAdvancedSettings
+												id={mariadbId}
+												type="mariadb"
+											/>
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mongo/[mongoId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mongo/[mongoId].tsx
@@ -60,7 +60,6 @@ const Mongo = (
 	const { data } = api.mongo.one.useQuery({ mongoId });

 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: environments } = api.environment.byProjectId.useQuery({
@@ -160,10 +159,10 @@ const Mongo = (
 								</div>

 								<div className="flex flex-row gap-2 justify-end">
-									{permissions?.service.create && (
-										<UpdateMongo mongoId={mongoId} />
-									)}
-									{permissions?.service.delete && (
+									<UpdateMongo mongoId={mongoId} />
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canDeleteServices) && (
 										<DeleteService id={mongoId} type="mongo" />
 									)}
 								</div>
@@ -215,24 +214,13 @@ const Mongo = (
 											)}
 										>
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
 											<TabsTrigger value="backups">Backups</TabsTrigger>
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
-											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -243,28 +231,25 @@ const Mongo = (
 											<ShowExternalMongoCredentials mongoId={mongoId} />
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment id={mongoId} type="mongo" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col gap-4 border rounded-lg p-6">
-													{data?.serverId && isCloud ? (
-														<ContainerPaidMonitoring
-															appName={data?.appName || ""}
-															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
-														/>
-													) : (
-														<>
-															{/* {monitoring?.enabledFeatures && (
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment id={mongoId} type="mongo" />
+										</div>
+									</TabsContent>
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col gap-4 border rounded-lg p-6">
+												{data?.serverId && isCloud ? (
+													<ContainerPaidMonitoring
+														appName={data?.appName || ""}
+														baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+													/>
+												) : (
+													<>
+														{/* {monitoring?.enabledFeatures && (
 															<div className="flex flex-row border w-fit p-4 rounded-lg items-center gap-2">
 																<Label className="text-muted-foreground">
 																	Change Monitoring
@@ -286,27 +271,24 @@ const Mongo = (
 															/>
 														) : (
 															<div> */}
-															<ContainerFreeMonitoring
-																appName={data?.appName || ""}
-															/>
-															{/* </div> */}
-															{/* )} */}
-														</>
-													)}
-												</div>
+														<ContainerFreeMonitoring
+															appName={data?.appName || ""}
+														/>
+														{/* </div> */}
+														{/* )} */}
+													</>
+												)}
 											</div>
-										</TabsContent>
-									)}
-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4  pt-2.5">
-												<ShowDockerLogs
-													serverId={data?.serverId || ""}
-													appName={data?.appName || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4  pt-2.5">
+											<ShowDockerLogs
+												serverId={data?.serverId || ""}
+												appName={data?.appName || ""}
+											/>
+										</div>
+									</TabsContent>
 									<TabsContent value="backups">
 										<div className="flex flex-col gap-4 pt-2.5">
 											<ShowBackups
@@ -316,16 +298,11 @@ const Mongo = (
 											/>
 										</div>
 									</TabsContent>
-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDatabaseAdvancedSettings
-													id={mongoId}
-													type="mongo"
-												/>
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDatabaseAdvancedSettings id={mongoId} type="mongo" />
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mysql/[mysqlId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/mysql/[mysqlId].tsx
@@ -59,7 +59,6 @@ const MySql = (
 	const [tab, setSab] = useState<TabState>(activeTab);
 	const { data } = api.mysql.one.useQuery({ mysqlId });
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: environments } = api.environment.byProjectId.useQuery({
@@ -160,10 +159,10 @@ const MySql = (
 									</div>

 									<div className="flex flex-row gap-2 justify-end">
-										{permissions?.service.create && (
-											<UpdateMysql mysqlId={mysqlId} />
-										)}
-										{permissions?.service.delete && (
+										<UpdateMysql mysqlId={mysqlId} />
+										{(auth?.role === "owner" ||
+											auth?.role === "admin" ||
+											auth?.canDeleteServices) && (
 											<DeleteService id={mysqlId} type="mysql" />
 										)}
 									</div>
@@ -215,24 +214,17 @@ const MySql = (
 												)}
 											>
 												<TabsTrigger value="general">General</TabsTrigger>
-												{permissions?.envVars.read && (
-													<TabsTrigger value="environment">
-														Environment
+												<TabsTrigger value="environment">
+													Environment
+												</TabsTrigger>
+												<TabsTrigger value="logs">Logs</TabsTrigger>
+												{((data?.serverId && isCloud) || !data?.server) && (
+													<TabsTrigger value="monitoring">
+														Monitoring
 													</TabsTrigger>
 												)}
-												{permissions?.logs.read && (
-													<TabsTrigger value="logs">Logs</TabsTrigger>
-												)}
-												{permissions?.monitoring.read &&
-													((data?.serverId && isCloud) || !data?.server) && (
-														<TabsTrigger value="monitoring">
-															Monitoring
-														</TabsTrigger>
-													)}
 												<TabsTrigger value="backups">Backups</TabsTrigger>
-												{permissions?.service.create && (
-													<TabsTrigger value="advanced">Advanced</TabsTrigger>
-												)}
+												<TabsTrigger value="advanced">Advanced</TabsTrigger>
 											</TabsList>
 										</div>

@@ -243,47 +235,40 @@ const MySql = (
 												<ShowExternalMysqlCredentials mysqlId={mysqlId} />
 											</div>
 										</TabsContent>
-										{permissions?.envVars.read && (
-											<TabsContent value="environment" className="w-full">
-												<div className="flex flex-col gap-4 pt-2.5">
-													<ShowEnvironment id={mysqlId} type="mysql" />
-												</div>
-											</TabsContent>
-										)}
-										{permissions?.monitoring.read && (
-											<TabsContent value="monitoring">
-												<div className="pt-2.5">
-													<div className="flex flex-col gap-4 border rounded-lg p-6">
-														{data?.serverId && isCloud ? (
-															<ContainerPaidMonitoring
+										<TabsContent value="environment" className="w-full">
+											<div className="flex flex-col gap-4 pt-2.5">
+												<ShowEnvironment id={mysqlId} type="mysql" />
+											</div>
+										</TabsContent>
+										<TabsContent value="monitoring">
+											<div className="pt-2.5">
+												<div className="flex flex-col gap-4 border rounded-lg p-6">
+													{data?.serverId && isCloud ? (
+														<ContainerPaidMonitoring
+															appName={data?.appName || ""}
+															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+															token={
+																data?.server?.metricsConfig?.server?.token || ""
+															}
+														/>
+													) : (
+														<>
+															<ContainerFreeMonitoring
 																appName={data?.appName || ""}
-																baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-																token={
-																	data?.server?.metricsConfig?.server?.token ||
-																	""
-																}
 															/>
-														) : (
-															<>
-																<ContainerFreeMonitoring
-																	appName={data?.appName || ""}
-																/>
-															</>
-														)}
-													</div>
+														</>
+													)}
 												</div>
-											</TabsContent>
-										)}
-										{permissions?.logs.read && (
-											<TabsContent value="logs">
-												<div className="flex flex-col gap-4  pt-2.5">
-													<ShowDockerLogs
-														serverId={data?.serverId || ""}
-														appName={data?.appName || ""}
-													/>
-												</div>
-											</TabsContent>
-										)}
+											</div>
+										</TabsContent>
+										<TabsContent value="logs">
+											<div className="flex flex-col gap-4  pt-2.5">
+												<ShowDockerLogs
+													serverId={data?.serverId || ""}
+													appName={data?.appName || ""}
+												/>
+											</div>
+										</TabsContent>
 										<TabsContent value="backups">
 											<div className="flex flex-col gap-4 pt-2.5">
 												<ShowBackups
@@ -293,16 +278,14 @@ const MySql = (
 												/>
 											</div>
 										</TabsContent>
-										{permissions?.service.create && (
-											<TabsContent value="advanced">
-												<div className="flex flex-col gap-4 pt-2.5">
-													<ShowDatabaseAdvancedSettings
-														id={mysqlId}
-														type="mysql"
-													/>
-												</div>
-											</TabsContent>
-										)}
+										<TabsContent value="advanced">
+											<div className="flex flex-col gap-4 pt-2.5">
+												<ShowDatabaseAdvancedSettings
+													id={mysqlId}
+													type="mysql"
+												/>
+											</div>
+										</TabsContent>
 									</Tabs>
 								)}
 							</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/postgres/[postgresId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/postgres/[postgresId].tsx
@@ -59,7 +59,6 @@ const Postgresql = (
 	const [tab, setSab] = useState<TabState>(activeTab);
 	const { data } = api.postgres.one.useQuery({ postgresId });
 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: environments } = api.environment.byProjectId.useQuery({
@@ -159,10 +158,10 @@ const Postgresql = (
 								</div>

 								<div className="flex flex-row gap-2 justify-end">
-									{permissions?.service.create && (
-										<UpdatePostgres postgresId={postgresId} />
-									)}
-									{permissions?.service.delete && (
+									<UpdatePostgres postgresId={postgresId} />
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canDeleteServices) && (
 										<DeleteService id={postgresId} type="postgres" />
 									)}
 								</div>
@@ -216,24 +215,13 @@ const Postgresql = (
 											)}
 										>
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
 											<TabsTrigger value="backups">Backups</TabsTrigger>
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
-											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -248,50 +236,44 @@ const Postgresql = (
 											/>
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment id={postgresId} type="postgres" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col gap-4 border rounded-lg p-6">
-													{data?.serverId && isCloud ? (
-														<ContainerPaidMonitoring
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment id={postgresId} type="postgres" />
+										</div>
+									</TabsContent>
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col gap-4 border rounded-lg p-6">
+												{data?.serverId && isCloud ? (
+													<ContainerPaidMonitoring
+														appName={data?.appName || ""}
+														baseUrl={`${
+															data?.serverId
+																? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}`
+																: "http://localhost:4500"
+														}`}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+													/>
+												) : (
+													<>
+														<ContainerFreeMonitoring
 															appName={data?.appName || ""}
-															baseUrl={`${
-																data?.serverId
-																	? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}`
-																	: "http://localhost:4500"
-															}`}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
 														/>
-													) : (
-														<>
-															<ContainerFreeMonitoring
-																appName={data?.appName || ""}
-															/>
-														</>
-													)}
-												</div>
+													</>
+												)}
 											</div>
-										</TabsContent>
-									)}
-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4  pt-2.5">
-												<ShowDockerLogs
-													serverId={data?.serverId || ""}
-													appName={data?.appName || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4  pt-2.5">
+											<ShowDockerLogs
+												serverId={data?.serverId || ""}
+												appName={data?.appName || ""}
+											/>
+										</div>
+									</TabsContent>
 									<TabsContent value="backups">
 										<div className="flex flex-col gap-4 pt-2.5">
 											<ShowBackups
@@ -301,16 +283,14 @@ const Postgresql = (
 											/>
 										</div>
 									</TabsContent>
-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDatabaseAdvancedSettings
-													id={postgresId}
-													type="postgres"
-												/>
-											</div>
-										</TabsContent>
-									)}
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDatabaseAdvancedSettings
+												id={postgresId}
+												type="postgres"
+											/>
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/redis/[redisId].tsx
+++ b/apps/dokploy/pages/dashboard/project/[projectId]/environment/[environmentId]/services/redis/[redisId].tsx
@@ -59,7 +59,6 @@ const Redis = (
 	const { data } = api.redis.one.useQuery({ redisId });

 	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();

 	const { data: isCloud } = api.settings.isCloud.useQuery();
 	const { data: environments } = api.environment.byProjectId.useQuery({
@@ -159,10 +158,10 @@ const Redis = (
 								</div>

 								<div className="flex flex-row gap-2 justify-end">
-									{permissions?.service.create && (
-										<UpdateRedis redisId={redisId} />
-									)}
-									{permissions?.service.delete && (
+									<UpdateRedis redisId={redisId} />
+									{(auth?.role === "owner" ||
+										auth?.role === "admin" ||
+										auth?.canDeleteServices) && (
 										<DeleteService id={redisId} type="redis" />
 									)}
 								</div>
@@ -214,23 +213,12 @@ const Redis = (
 											)}
 										>
 											<TabsTrigger value="general">General</TabsTrigger>
-											{permissions?.envVars.read && (
-												<TabsTrigger value="environment">
-													Environment
-												</TabsTrigger>
-											)}
-											{permissions?.logs.read && (
-												<TabsTrigger value="logs">Logs</TabsTrigger>
-											)}
-											{permissions?.monitoring.read &&
-												((data?.serverId && isCloud) || !data?.server) && (
-													<TabsTrigger value="monitoring">
-														Monitoring
-													</TabsTrigger>
-												)}
-											{permissions?.service.create && (
-												<TabsTrigger value="advanced">Advanced</TabsTrigger>
+											<TabsTrigger value="environment">Environment</TabsTrigger>
+											<TabsTrigger value="logs">Logs</TabsTrigger>
+											{((data?.serverId && isCloud) || !data?.server) && (
+												<TabsTrigger value="monitoring">Monitoring</TabsTrigger>
 											)}
+											<TabsTrigger value="advanced">Advanced</TabsTrigger>
 										</TabsList>
 									</div>

@@ -241,28 +229,25 @@ const Redis = (
 											<ShowExternalRedisCredentials redisId={redisId} />
 										</div>
 									</TabsContent>
-									{permissions?.envVars.read && (
-										<TabsContent value="environment">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowEnvironment id={redisId} type="redis" />
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.monitoring.read && (
-										<TabsContent value="monitoring">
-											<div className="pt-2.5">
-												<div className="flex flex-col gap-4 border rounded-lg p-6">
-													{data?.serverId && isCloud ? (
-														<ContainerPaidMonitoring
-															appName={data?.appName || ""}
-															baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
-															token={
-																data?.server?.metricsConfig?.server?.token || ""
-															}
-														/>
-													) : (
-														<>
-															{/* {monitoring?.enabledFeatures && (
+									<TabsContent value="environment">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowEnvironment id={redisId} type="redis" />
+										</div>
+									</TabsContent>
+									<TabsContent value="monitoring">
+										<div className="pt-2.5">
+											<div className="flex flex-col gap-4 border rounded-lg p-6">
+												{data?.serverId && isCloud ? (
+													<ContainerPaidMonitoring
+														appName={data?.appName || ""}
+														baseUrl={`${data?.serverId ? `http://${data?.server?.ipAddress}:${data?.server?.metricsConfig?.server?.port}` : "http://localhost:4500"}`}
+														token={
+															data?.server?.metricsConfig?.server?.token || ""
+														}
+													/>
+												) : (
+													<>
+														{/* {monitoring?.enabledFeatures && (
 															<div className="flex flex-row border w-fit p-4 rounded-lg items-center gap-2">
 																<Label className="text-muted-foreground">
 																	Change Monitoring
@@ -284,37 +269,29 @@ const Redis = (
 															/>
 														) : (
 															<div> */}
-															<ContainerFreeMonitoring
-																appName={data?.appName || ""}
-															/>
-															{/* </div> */}
-															{/* )} */}
-														</>
-													)}
-												</div>
+														<ContainerFreeMonitoring
+															appName={data?.appName || ""}
+														/>
+														{/* </div> */}
+														{/* )} */}
+													</>
+												)}
 											</div>
-										</TabsContent>
-									)}
-									{permissions?.logs.read && (
-										<TabsContent value="logs">
-											<div className="flex flex-col gap-4  pt-2.5">
-												<ShowDockerLogs
-													serverId={data?.serverId || ""}
-													appName={data?.appName || ""}
-												/>
-											</div>
-										</TabsContent>
-									)}
-									{permissions?.service.create && (
-										<TabsContent value="advanced">
-											<div className="flex flex-col gap-4 pt-2.5">
-												<ShowDatabaseAdvancedSettings
-													id={redisId}
-													type="redis"
-												/>
-											</div>
-										</TabsContent>
-									)}
+										</div>
+									</TabsContent>
+									<TabsContent value="logs">
+										<div className="flex flex-col gap-4  pt-2.5">
+											<ShowDockerLogs
+												serverId={data?.serverId || ""}
+												appName={data?.appName || ""}
+											/>
+										</div>
+									</TabsContent>
+									<TabsContent value="advanced">
+										<div className="flex flex-col gap-4 pt-2.5">
+											<ShowDatabaseAdvancedSettings id={redisId} type="redis" />
+										</div>
+									</TabsContent>
 								</Tabs>
 							)}
 						</CardContent>
--- a/apps/dokploy/pages/dashboard/settings/audit-logs.tsx
+++ b/apps/dokploy/pages/dashboard/settings/audit-logs.tsx
@@ -1,66 +0,0 @@
-import { validateRequest } from "@dokploy/server";
-import { createServerSideHelpers } from "@trpc/react-query/server";
-import type { GetServerSidePropsContext } from "next";
-import type { ReactElement } from "react";
-import superjson from "superjson";
-import { DashboardLayout } from "@/components/layouts/dashboard-layout";
-import { ShowAuditLogs } from "@/components/proprietary/audit-logs/show-audit-logs";
-import { appRouter } from "@/server/api/root";
-
-const Page = () => {
-	return (
-		<div className="flex flex-col gap-4 w-full">
-			<ShowAuditLogs />
-		</div>
-	);
-};
-
-export default Page;
-
-Page.getLayout = (page: ReactElement) => {
-	return <DashboardLayout metaName="Audit Logs">{page}</DashboardLayout>;
-};
-
-export async function getServerSideProps(ctx: GetServerSidePropsContext) {
-	const { req, res } = ctx;
-	const { user, session } = await validateRequest(req);
-
-	if (!user) {
-		return {
-			redirect: { destination: "/", permanent: true },
-		};
-	}
-
-	const helpers = createServerSideHelpers({
-		router: appRouter,
-		ctx: {
-			req: req as any,
-			res: res as any,
-			db: null as any,
-			session: session as any,
-			user: user as any,
-		},
-		transformer: superjson,
-	});
-
-	try {
-		const userPermissions = await helpers.user.getPermissions.fetch();
-
-		if (!userPermissions?.auditLog.read) {
-			return {
-				redirect: {
-					destination: "/dashboard/settings/profile",
-					permanent: false,
-				},
-			};
-		}
-
-		return {
-			props: {
-				trpcState: helpers.dehydrate(),
-			},
-		};
-	} catch {
-		return { props: {} };
-	}
-}
--- a/apps/dokploy/pages/dashboard/settings/git-providers.tsx
+++ b/apps/dokploy/pages/dashboard/settings/git-providers.tsx
@@ -48,15 +48,19 @@ export async function getServerSideProps(
 	try {
 		await helpers.project.all.prefetch();
 		await helpers.settings.isCloud.prefetch();
-		const userPermissions = await helpers.user.getPermissions.fetch();
+		if (user.role === "member") {
+			const userR = await helpers.user.one.fetch({
+				userId: user.id,
+			});

-		if (!userPermissions?.gitProviders.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
+			if (!userR?.canAccessToGitProviders) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
 		}
 		return {
 			props: {
--- a/apps/dokploy/pages/dashboard/settings/profile.tsx
+++ b/apps/dokploy/pages/dashboard/settings/profile.tsx
@@ -11,7 +11,7 @@ import { appRouter } from "@/server/api/root";
 import { api } from "@/utils/api";

 const Page = () => {
-	const { data: permissions } = api.user.getPermissions.useQuery();
+	const { data } = api.user.get.useQuery();
 	const { data: isCloud } = api.settings.isCloud.useQuery();

 	return (
@@ -19,7 +19,9 @@ const Page = () => {
 			<div className="h-full rounded-xl max-w-5xl mx-auto flex flex-col gap-4">
 				<ProfileForm />
 				{isCloud && <LinkingAccount />}
-				{permissions?.api.read && <ShowApiKeys />}
+				{(data?.canAccessToAPI ||
+					data?.role === "owner" ||
+					data?.role === "admin") && <ShowApiKeys />}
 			</div>
 		</div>
 	);
--- a/apps/dokploy/pages/dashboard/settings/ssh-keys.tsx
+++ b/apps/dokploy/pages/dashboard/settings/ssh-keys.tsx
@@ -49,15 +49,19 @@ export async function getServerSideProps(
 		await helpers.project.all.prefetch();
 		await helpers.settings.isCloud.prefetch();

-		const userPermissions = await helpers.user.getPermissions.fetch();
+		if (user.role === "member") {
+			const userR = await helpers.user.one.fetch({
+				userId: user.id,
+			});

-		if (!userPermissions?.sshKeys.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
+			if (!userR?.canAccessToSSHKeys) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
 		}
 		return {
 			props: {
--- a/apps/dokploy/pages/dashboard/settings/users.tsx
+++ b/apps/dokploy/pages/dashboard/settings/users.tsx
@@ -3,24 +3,16 @@ import { createServerSideHelpers } from "@trpc/react-query/server";
 import type { GetServerSidePropsContext } from "next";
 import type { ReactElement } from "react";
 import superjson from "superjson";
-import { DashboardLayout } from "@/components/layouts/dashboard-layout";
-import { ManageCustomRoles } from "@/components/proprietary/roles/manage-custom-roles";
 import { ShowInvitations } from "@/components/dashboard/settings/users/show-invitations";
 import { ShowUsers } from "@/components/dashboard/settings/users/show-users";
+import { DashboardLayout } from "@/components/layouts/dashboard-layout";
 import { appRouter } from "@/server/api/root";
-import { api } from "@/utils/api";

 const Page = () => {
-	const { data: auth } = api.user.get.useQuery();
-	const { data: permissions } = api.user.getPermissions.useQuery();
-	const isOwnerOrAdmin = auth?.role === "owner" || auth?.role === "admin";
-	const canCreateMembers = permissions?.member.create ?? false;
-
 	return (
 		<div className="flex flex-col gap-4 w-full">
 			<ShowUsers />
-			{canCreateMembers && <ShowInvitations />}
-			{isOwnerOrAdmin && <ManageCustomRoles />}
+			<ShowInvitations />
 		</div>
 	);
 };
@@ -36,7 +28,7 @@ export async function getServerSideProps(
 	const { req, res } = ctx;
 	const { user, session } = await validateRequest(req);

-	if (!user) {
+	if (!user || user.role === "member") {
 		return {
 			redirect: {
 				permanent: true,
@@ -56,30 +48,12 @@ export async function getServerSideProps(
 		},
 		transformer: superjson,
 	});
+	await helpers.user.get.prefetch();
+	await helpers.settings.isCloud.prefetch();

-	try {
-		await helpers.user.get.prefetch();
-		await helpers.settings.isCloud.prefetch();
-
-		const userPermissions = await helpers.user.getPermissions.fetch();
-
-		if (!userPermissions?.member.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
-		}
-
-		return {
-			props: {
-				trpcState: helpers.dehydrate(),
-			},
-		};
-	} catch {
-		return {
-			props: {},
-		};
-	}
+	return {
+		props: {
+			trpcState: helpers.dehydrate(),
+		},
+	};
 }
--- a/apps/dokploy/pages/dashboard/swarm.tsx
+++ b/apps/dokploy/pages/dashboard/swarm.tsx
@@ -53,15 +53,19 @@ export async function getServerSideProps(
 	try {
 		await helpers.project.all.prefetch();

-		const userPermissions = await helpers.user.getPermissions.fetch();
+		if (user.role === "member") {
+			const userR = await helpers.user.one.fetch({
+				userId: user.id,
+			});

-		if (!userPermissions?.docker.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
+			if (!userR?.canAccessToDocker) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
 		}
 		return {
 			props: {
--- a/apps/dokploy/pages/dashboard/traefik.tsx
+++ b/apps/dokploy/pages/dashboard/traefik.tsx
@@ -53,15 +53,19 @@ export async function getServerSideProps(
 	try {
 		await helpers.project.all.prefetch();

-		const userPermissions = await helpers.user.getPermissions.fetch();
+		if (user.role === "member") {
+			const userR = await helpers.user.one.fetch({
+				userId: user.id,
+			});

-		if (!userPermissions?.traefikFiles.read) {
-			return {
-				redirect: {
-					permanent: true,
-					destination: "/",
-				},
-			};
+			if (!userR?.canAccessToTraefikFiles) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
 		}
 		return {
 			props: {
--- a/apps/dokploy/pages/swagger.tsx
+++ b/apps/dokploy/pages/swagger.tsx
@@ -98,15 +98,19 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
 		},
 		transformer: superjson,
 	});
-	const userPermissions = await helpers.user.getPermissions.fetch();
+	if (user.role === "member") {
+		const userR = await helpers.user.one.fetch({
+			userId: user.id,
+		});

-	if (!userPermissions?.api.read) {
-		return {
-			redirect: {
-				permanent: true,
-				destination: "/",
-			},
-		};
+		if (!userR?.canAccessToAPI) {
+			return {
+				redirect: {
+					permanent: true,
+					destination: "/",
+				},
+			};
+		}
 	}

 	return {
--- a/apps/dokploy/server/api/root.ts
+++ b/apps/dokploy/server/api/root.ts
@@ -23,8 +23,6 @@ import { mysqlRouter } from "./routers/mysql";
 import { notificationRouter } from "./routers/notification";
 import { organizationRouter } from "./routers/organization";
 import { patchRouter } from "./routers/patch";
-import { auditLogRouter } from "./routers/proprietary/audit-log";
-import { customRoleRouter } from "./routers/proprietary/custom-role";
 import { licenseKeyRouter } from "./routers/proprietary/license-key";
 import { ssoRouter } from "./routers/proprietary/sso";
 import { whitelabelingRouter } from "./routers/proprietary/whitelabeling";
@@ -91,8 +89,6 @@ export const appRouter = createTRPCRouter({
 	licenseKey: licenseKeyRouter,
 	sso: ssoRouter,
 	whitelabeling: whitelabelingRouter,
-	customRole: customRoleRouter,
-	auditLog: auditLogRouter,
 	schedule: scheduleRouter,
 	rollback: rollbackRouter,
 	volumeBackups: volumeBackupsRouter,
--- a/apps/dokploy/server/api/routers/ai.ts
+++ b/apps/dokploy/server/api/routers/ai.ts
@@ -21,7 +21,7 @@ import { findProjectById } from "@dokploy/server/services/project";
 import {
 	addNewService,
 	checkServiceAccess,
-} from "@dokploy/server/services/permission";
+} from "@dokploy/server/services/user";
 import {
 	getProviderHeaders,
 	getProviderName,
@@ -38,10 +38,17 @@ import {
 import { generatePassword } from "@/templates/utils";

 export const aiRouter = createTRPCRouter({
-	one: adminProcedure
+	one: protectedProcedure
 		.input(z.object({ aiId: z.string() }))
-		.query(async ({ input }) => {
-			return await getAiSettingById(input.aiId);
+		.query(async ({ ctx, input }) => {
+			const aiSetting = await getAiSettingById(input.aiId);
+			if (aiSetting.organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You don't have access to this AI configuration",
+				});
+			}
+			return aiSetting;
 		}),

 	getModels: protectedProcedure
@@ -152,9 +159,11 @@ export const aiRouter = createTRPCRouter({
 		return await saveAiSettings(ctx.session.activeOrganizationId, input);
 	}),

-	update: adminProcedure.input(apiUpdateAi).mutation(async ({ ctx, input }) => {
-		return await saveAiSettings(ctx.session.activeOrganizationId, input);
-	}),
+	update: protectedProcedure
+		.input(apiUpdateAi)
+		.mutation(async ({ ctx, input }) => {
+			return await saveAiSettings(ctx.session.activeOrganizationId, input);
+		}),

 	getAll: adminProcedure.query(async ({ ctx }) => {
 		return await getAiSettingsByOrganizationId(
@@ -162,15 +171,29 @@ export const aiRouter = createTRPCRouter({
 		);
 	}),

-	get: adminProcedure
+	get: protectedProcedure
 		.input(z.object({ aiId: z.string() }))
-		.query(async ({ input }) => {
-			return await getAiSettingById(input.aiId);
+		.query(async ({ ctx, input }) => {
+			const aiSetting = await getAiSettingById(input.aiId);
+			if (aiSetting.organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You don't have access to this AI configuration",
+				});
+			}
+			return aiSetting;
 		}),

-	delete: adminProcedure
+	delete: protectedProcedure
 		.input(z.object({ aiId: z.string() }))
-		.mutation(async ({ input }) => {
+		.mutation(async ({ ctx, input }) => {
+			const aiSetting = await getAiSettingById(input.aiId);
+			if (aiSetting.organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You don't have access to this AI configuration",
+				});
+			}
 			return await deleteAiSettings(input.aiId);
 		}),

@@ -200,7 +223,13 @@ export const aiRouter = createTRPCRouter({
 		.mutation(async ({ ctx, input }) => {
 			const environment = await findEnvironmentById(input.environmentId);
 			const project = await findProjectById(environment.projectId);
-			await checkServiceAccess(ctx, environment.projectId, "create");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.session.activeOrganizationId,
+					environment.projectId,
+					"create",
+				);
+			}

 			if (IS_CLOUD && !input.serverId) {
 				throw new TRPCError({
@@ -246,7 +275,13 @@ export const aiRouter = createTRPCRouter({
 				}
 			}

-			await addNewService(ctx, compose.composeId);
+			if (ctx.user.role === "member") {
+				await addNewService(
+					ctx.session.activeOrganizationId,
+					ctx.user.ownerId,
+					compose.composeId,
+				);
+			}

 			return null;
 		}),
--- a/apps/dokploy/server/api/routers/application.ts
+++ b/apps/dokploy/server/api/routers/application.ts
@@ -1,10 +1,13 @@
 import {
+	addNewService,
+	checkServiceAccess,
 	clearOldDeployments,
 	createApplication,
 	deleteAllMiddlewares,
 	findApplicationById,
 	findEnvironmentById,
 	findGitProviderById,
+	findMemberById,
 	findProjectById,
 	getApplicationStats,
 	IS_CLOUD,
@@ -26,24 +29,14 @@ import {
 	updateDeploymentStatus,
 	writeConfig,
 	writeConfigRemote,
+	// uploadFileSchema
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
-import {
-	addNewService,
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq, ilike, or, sql } from "drizzle-orm";
 import { nanoid } from "nanoid";
 import { z } from "zod";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiCreateApplication,
 	apiDeployApplication,
@@ -79,10 +72,18 @@ export const applicationRouter = createTRPCRouter({
 		.input(apiCreateApplication)
 		.mutation(async ({ input, ctx }) => {
 			try {
+				// Get project from environment
 				const environment = await findEnvironmentById(input.environmentId);
 				const project = await findProjectById(environment.projectId);

-				await checkServiceAccess(ctx, project.projectId, "create");
+				if (ctx.user.role === "member") {
+					await checkServiceAccess(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+						"create",
+					);
+				}

 				if (IS_CLOUD && !input.serverId) {
 					throw new TRPCError({
@@ -100,13 +101,13 @@ export const applicationRouter = createTRPCRouter({

 				const newApplication = await createApplication(input);

-				await addNewService(ctx, newApplication.applicationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "service",
-					resourceId: newApplication.applicationId,
-					resourceName: newApplication.appName,
-				});
+				if (ctx.user.role === "member") {
+					await addNewService(
+						ctx.user.id,
+						newApplication.applicationId,
+						project.organizationId,
+					);
+				}
 				return newApplication;
 			} catch (error: unknown) {
 				console.log("error", error);
@@ -123,7 +124,14 @@ export const applicationRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindOneApplication)
 		.query(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.applicationId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.applicationId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}
 			const application = await findApplicationById(input.applicationId);
 			if (
 				application.environment.project.organizationId !==
@@ -178,21 +186,22 @@ export const applicationRouter = createTRPCRouter({
 	reload: protectedProcedure
 		.input(apiReloadApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const application = await findApplicationById(input.applicationId);

 			try {
+				if (
+					application.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to reload this application",
+					});
+				}
+
 				await updateApplicationStatus(input.applicationId, "idle");
 				await mechanizeDockerContainer(application);
 				await updateApplicationStatus(input.applicationId, "done");
-				await audit(ctx, {
-					action: "reload",
-					resourceType: "application",
-					resourceId: application.applicationId,
-					resourceName: application.appName,
-				});
 				return true;
 			} catch (error) {
 				await updateApplicationStatus(input.applicationId, "error");
@@ -207,7 +216,14 @@ export const applicationRouter = createTRPCRouter({
 	delete: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.applicationId, "delete");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.applicationId,
+					ctx.session.activeOrganizationId,
+					"delete",
+				);
+			}
 			const application = await findApplicationById(input.applicationId);

 			if (
@@ -256,66 +272,69 @@ export const applicationRouter = createTRPCRouter({
 				} catch (_) {}
 			}

-			await audit(ctx, {
-				action: "delete",
-				resourceType: "service",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 			return application;
 		}),

 	stop: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const service = await findApplicationById(input.applicationId);
+			if (
+				service.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to stop this application",
+				});
+			}
 			if (service.serverId) {
 				await stopServiceRemote(service.serverId, service.appName);
 			} else {
 				await stopService(service.appName);
 			}
 			await updateApplicationStatus(input.applicationId, "idle");
-			await audit(ctx, {
-				action: "stop",
-				resourceType: "application",
-				resourceId: service.applicationId,
-				resourceName: service.appName,
-			});
+
 			return service;
 		}),

 	start: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const service = await findApplicationById(input.applicationId);
+			if (
+				service.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to start this application",
+				});
+			}
+
 			if (service.serverId) {
 				await startServiceRemote(service.serverId, service.appName);
 			} else {
 				await startService(service.appName);
 			}
 			await updateApplicationStatus(input.applicationId, "done");
-			await audit(ctx, {
-				action: "start",
-				resourceType: "application",
-				resourceId: service.applicationId,
-				resourceName: service.appName,
-			});
+
 			return service;
 		}),

 	redeploy: protectedProcedure
 		.input(apiRedeployApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to redeploy this application",
+				});
+			}
 			const jobData: DeploymentJob = {
 				applicationId: input.applicationId,
 				titleLog: input.title || "Rebuild deployment",
@@ -330,12 +349,6 @@ export const applicationRouter = createTRPCRouter({
 				deploy(jobData).catch((error) => {
 					console.error("Background deployment failed:", error);
 				});
-				await audit(ctx, {
-					action: "rebuild",
-					resourceType: "application",
-					resourceId: application.applicationId,
-					resourceName: application.appName,
-				});
 				return true;
 			}
 			await myQueue.add(
@@ -346,40 +359,41 @@ export const applicationRouter = createTRPCRouter({
 					removeOnFail: true,
 				},
 			);
-			await audit(ctx, {
-				action: "rebuild",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 		}),
 	saveEnvironment: protectedProcedure
 		.input(apiSaveEnvironmentVariables)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				envVars: ["write"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this environment",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				env: input.env,
 				buildArgs: input.buildArgs,
 				buildSecrets: input.buildSecrets,
 				createEnvFile: input.createEnvFile,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 			return true;
 		}),
 	saveBuildType: protectedProcedure
 		.input(apiSaveBuildType)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this build type",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				buildType: input.buildType,
 				dockerfile: input.dockerfile,
@@ -390,21 +404,22 @@ export const applicationRouter = createTRPCRouter({
 				isStaticSpa: input.isStaticSpa,
 				railpackVersion: input.railpackVersion,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveGithubProvider: protectedProcedure
 		.input(apiSaveGithubProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this github provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				repository: input.repository,
 				branch: input.branch,
@@ -417,21 +432,22 @@ export const applicationRouter = createTRPCRouter({
 				triggerType: input.triggerType,
 				enableSubmodules: input.enableSubmodules,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveGitlabProvider: protectedProcedure
 		.input(apiSaveGitlabProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this gitlab provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				gitlabRepository: input.gitlabRepository,
 				gitlabOwner: input.gitlabOwner,
@@ -445,21 +461,22 @@ export const applicationRouter = createTRPCRouter({
 				watchPaths: input.watchPaths,
 				enableSubmodules: input.enableSubmodules,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveBitbucketProvider: protectedProcedure
 		.input(apiSaveBitbucketProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this bitbucket provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				bitbucketRepository: input.bitbucketRepository,
 				bitbucketRepositorySlug: input.bitbucketRepositorySlug,
@@ -472,21 +489,22 @@ export const applicationRouter = createTRPCRouter({
 				watchPaths: input.watchPaths,
 				enableSubmodules: input.enableSubmodules,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveGiteaProvider: protectedProcedure
 		.input(apiSaveGiteaProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this gitea provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				giteaRepository: input.giteaRepository,
 				giteaOwner: input.giteaOwner,
@@ -498,21 +516,22 @@ export const applicationRouter = createTRPCRouter({
 				watchPaths: input.watchPaths,
 				enableSubmodules: input.enableSubmodules,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveDockerProvider: protectedProcedure
 		.input(apiSaveDockerProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this docker provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				dockerImage: input.dockerImage,
 				username: input.username,
@@ -521,21 +540,22 @@ export const applicationRouter = createTRPCRouter({
 				applicationStatus: "idle",
 				registryUrl: input.registryUrl,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	saveGitProvider: protectedProcedure
 		.input(apiSaveGitProvider)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this git provider",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				customGitBranch: input.customGitBranch,
 				customGitBuildPath: input.customGitBuildPath,
@@ -546,22 +566,26 @@ export const applicationRouter = createTRPCRouter({
 				watchPaths: input.watchPaths,
 				enableSubmodules: input.enableSubmodules,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	disconnectGitProvider: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to disconnect this git provider",
+				});
+			}
+
+			// Reset all git provider related fields
 			await updateApplication(input.applicationId, {
+				// GitHub fields
 				repository: null,
 				branch: null,
 				owner: null,
@@ -569,6 +593,7 @@ export const applicationRouter = createTRPCRouter({
 				githubId: null,
 				triggerType: "push",

+				// GitLab fields
 				gitlabRepository: null,
 				gitlabOwner: null,
 				gitlabBranch: null,
@@ -577,58 +602,63 @@ export const applicationRouter = createTRPCRouter({
 				gitlabProjectId: null,
 				gitlabPathNamespace: null,

+				// Bitbucket fields
 				bitbucketRepository: null,
 				bitbucketOwner: null,
 				bitbucketBranch: null,
 				bitbucketBuildPath: null,
 				bitbucketId: null,

+				// Gitea fields
 				giteaRepository: null,
 				giteaOwner: null,
 				giteaBranch: null,
 				giteaBuildPath: null,
 				giteaId: null,

+				// Custom Git fields
 				customGitBranch: null,
 				customGitBuildPath: null,
 				customGitUrl: null,
 				customGitSSHKeyId: null,

+				// Common fields
 				sourceType: "github", // Reset to default
 				applicationStatus: "idle",
 				watchPaths: null,
 				enableSubmodules: false,
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+
 			return true;
 		}),
 	markRunning: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
-			await updateApplicationStatus(input.applicationId, "running");
 			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to mark this application as running",
+				});
+			}
+			await updateApplicationStatus(input.applicationId, "running");
 		}),
 	update: protectedProcedure
 		.input(apiUpdateApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this application",
+				});
+			}
 			const { applicationId, ...rest } = input;
 			const updateApp = await updateApplication(applicationId, {
 				...rest,
@@ -640,39 +670,40 @@ export const applicationRouter = createTRPCRouter({
 					message: "Error updating application",
 				});
 			}
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: updateApp.applicationId,
-				resourceName: updateApp.appName,
-			});
+
 			return true;
 		}),
 	refreshToken: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to refresh this application",
+				});
+			}
 			await updateApplication(input.applicationId, {
 				refreshToken: nanoid(),
 			});
-			const application = await findApplicationById(input.applicationId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 			return true;
 		}),
 	deploy: protectedProcedure
 		.input(apiDeployApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this application",
+				});
+			}
 			const jobData: DeploymentJob = {
 				applicationId: input.applicationId,
 				titleLog: input.title || "Manual deployment",
@@ -686,12 +717,7 @@ export const applicationRouter = createTRPCRouter({
 				deploy(jobData).catch((error) => {
 					console.error("Background deployment failed:", error);
 				});
-				await audit(ctx, {
-					action: "deploy",
-					resourceType: "application",
-					resourceId: application.applicationId,
-					resourceName: application.appName,
-				});
+
 				return true;
 			}
 			await myQueue.add(
@@ -702,60 +728,69 @@ export const applicationRouter = createTRPCRouter({
 					removeOnFail: true,
 				},
 			);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 		}),

 	cleanQueues: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["cancel"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to clean this application",
+				});
+			}
 			await cleanQueuesByApplication(input.applicationId);
 		}),
 	clearDeployments: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["create"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message:
+						"You are not authorized to clear deployments for this application",
+				});
+			}
 			await clearOldDeployments(application.appName, application.serverId);
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 			return true;
 		}),
 	killBuild: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["cancel"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to kill this build",
+				});
+			}
 			await killDockerBuild("application", application.serverId);
-			await audit(ctx, {
-				action: "stop",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 		}),
 	readTraefikConfig: protectedProcedure
 		.input(apiFindOneApplication)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				traefikFiles: ["read"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to read this application",
+				});
+			}
+
 			let traefikConfig = null;
 			if (application.serverId) {
 				traefikConfig = await readRemoteConfig(
@@ -785,11 +820,18 @@ export const applicationRouter = createTRPCRouter({
 			const applicationId = formData.get("applicationId") as string;
 			const dropBuildPath = formData.get("dropBuildPath") as string | null;

-			await checkServicePermissionAndAccess(ctx, applicationId, {
-				deployment: ["create"],
-			});
 			const app = await findApplicationById(applicationId);

+			if (
+				app.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this application",
+				});
+			}
+
 			await updateApplication(applicationId, {
 				sourceType: "drop",
 				dropBuildPath: dropBuildPath || "",
@@ -820,21 +862,23 @@ export const applicationRouter = createTRPCRouter({
 					removeOnFail: true,
 				},
 			);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "application",
-				resourceId: app.applicationId,
-				resourceName: app.appName,
-			});
 			return true;
 		}),
 	updateTraefikConfig: protectedProcedure
 		.input(z.object({ applicationId: z.string(), traefikConfig: z.string() }))
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				traefikFiles: ["write"],
-			});
 			const application = await findApplicationById(input.applicationId);
+
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this application",
+				});
+			}
+
 			if (application.serverId) {
 				await writeConfigRemote(
 					application.serverId,
@@ -844,15 +888,9 @@ export const applicationRouter = createTRPCRouter({
 			} else {
 				writeConfig(application.appName, input.traefikConfig);
 			}
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: application.applicationId,
-				resourceName: application.appName,
-			});
 			return true;
 		}),
-	readAppMonitoring: withPermission("monitoring", "read")
+	readAppMonitoring: protectedProcedure
 		.input(apiFindMonitoringStats)
 		.query(async ({ input }) => {
 			if (IS_CLOUD) {
@@ -873,10 +911,31 @@ export const applicationRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				service: ["create"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move this application",
+				});
+			}

+			const targetEnvironment = await findEnvironmentById(
+				input.targetEnvironmentId,
+			);
+			if (
+				targetEnvironment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move to this environment",
+				});
+			}
+
+			// Update the application's projectId
 			const updatedApplication = await db
 				.update(applications)
 				.set({
@@ -892,22 +951,23 @@ export const applicationRouter = createTRPCRouter({
 					message: "Failed to move application",
 				});
 			}
-			await audit(ctx, {
-				action: "update",
-				resourceType: "application",
-				resourceId: updatedApplication.applicationId,
-				resourceName: updatedApplication.appName,
-			});
+
 			return updatedApplication;
 		}),

 	cancelDeployment: protectedProcedure
 		.input(apiFindOneApplication)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["cancel"],
-			});
 			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to cancel this deployment",
+				});
+			}

 			if (IS_CLOUD && application.serverId) {
 				try {
@@ -924,12 +984,7 @@ export const applicationRouter = createTRPCRouter({
 						applicationId: input.applicationId,
 						applicationType: "application",
 					});
-					await audit(ctx, {
-						action: "stop",
-						resourceType: "application",
-						resourceId: application.applicationId,
-						resourceName: application.appName,
-					});
+
 					return {
 						success: true,
 						message: "Deployment cancellation requested",
@@ -1030,17 +1085,19 @@ export const applicationRouter = createTRPCRouter({
 				);
 			}

-			const { accessedServices } = await findMemberByUserId(
-				ctx.user.id,
-				ctx.session.activeOrganizationId,
-			);
-			if (accessedServices.length === 0) return { items: [], total: 0 };
-			baseConditions.push(
-				sql`${applications.applicationId} IN (${sql.join(
-					accessedServices.map((id) => sql`${id}`),
-					sql`, `,
-				)})`,
-			);
+			if (ctx.user.role === "member") {
+				const { accessedServices } = await findMemberById(
+					ctx.user.id,
+					ctx.session.activeOrganizationId,
+				);
+				if (accessedServices.length === 0) return { items: [], total: 0 };
+				baseConditions.push(
+					sql`${applications.applicationId} IN (${sql.join(
+						accessedServices.map((id) => sql`${id}`),
+						sql`, `,
+					)})`,
+				);
+			}

 			const where = and(...baseConditions);

--- a/apps/dokploy/server/api/routers/backup.ts
+++ b/apps/dokploy/server/api/routers/backup.ts
@@ -44,13 +44,7 @@ import {
 } from "@dokploy/server/utils/restore";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { checkServicePermissionAndAccess } from "@dokploy/server/services/permission";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiCreateBackup,
 	apiFindOneBackup,
@@ -75,21 +69,10 @@ interface RcloneFile {
 export const backupRouter = createTRPCRouter({
 	create: protectedProcedure
 		.input(apiCreateBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
-				const serviceId =
-					input.postgresId ||
-					input.mysqlId ||
-					input.mariadbId ||
-					input.mongoId ||
-					input.composeId;
-				if (serviceId) {
-					await checkServicePermissionAndAccess(ctx, serviceId, {
-						backup: ["create"],
-					});
-				}
-
 				const newBackup = await createBackup(input);
+
 				const backup = await findBackupById(newBackup.backupId);

 				if (IS_CLOUD && backup.enabled) {
@@ -127,11 +110,6 @@ export const backupRouter = createTRPCRouter({
 						scheduleBackup(backup);
 					}
 				}
-				await audit(ctx, {
-					action: "create",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 			} catch (error) {
 				console.error(error);
 				throw new TRPCError({
@@ -144,42 +122,15 @@ export const backupRouter = createTRPCRouter({
 				});
 			}
 		}),
-	one: protectedProcedure
-		.input(apiFindOneBackup)
-		.query(async ({ input, ctx }) => {
-			const backup = await findBackupById(input.backupId);
+	one: protectedProcedure.input(apiFindOneBackup).query(async ({ input }) => {
+		const backup = await findBackupById(input.backupId);

-			const serviceId =
-				backup.postgresId ||
-				backup.mysqlId ||
-				backup.mariadbId ||
-				backup.mongoId ||
-				backup.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					backup: ["read"],
-				});
-			}
-
-			return backup;
-		}),
+		return backup;
+	}),
 	update: protectedProcedure
 		.input(apiUpdateBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
-				const existing = await findBackupById(input.backupId);
-				const serviceId =
-					existing.postgresId ||
-					existing.mysqlId ||
-					existing.mariadbId ||
-					existing.mongoId ||
-					existing.composeId;
-				if (serviceId) {
-					await checkServicePermissionAndAccess(ctx, serviceId, {
-						backup: ["update"],
-					});
-				}
-
 				await updateBackupById(input.backupId, input);
 				const backup = await findBackupById(input.backupId);

@@ -205,11 +156,6 @@ export const backupRouter = createTRPCRouter({
 						removeScheduleBackup(input.backupId);
 					}
 				}
-				await audit(ctx, {
-					action: "update",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 			} catch (error) {
 				const message =
 					error instanceof Error ? error.message : "Error updating this Backup";
@@ -221,21 +167,8 @@ export const backupRouter = createTRPCRouter({
 		}),
 	remove: protectedProcedure
 		.input(apiRemoveBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
-				const backup = await findBackupById(input.backupId);
-				const serviceId =
-					backup.postgresId ||
-					backup.mysqlId ||
-					backup.mariadbId ||
-					backup.mongoId ||
-					backup.composeId;
-				if (serviceId) {
-					await checkServicePermissionAndAccess(ctx, serviceId, {
-						backup: ["delete"],
-					});
-				}
-
 				const value = await removeBackupById(input.backupId);
 				if (IS_CLOUD && value) {
 					removeJob({
@@ -246,11 +179,6 @@ export const backupRouter = createTRPCRouter({
 				} else if (!IS_CLOUD) {
 					removeScheduleBackup(input.backupId);
 				}
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "backup",
-					resourceId: input.backupId,
-				});
 				return value;
 			} catch (error) {
 				const message =
@@ -263,22 +191,13 @@ export const backupRouter = createTRPCRouter({
 		}),
 	manualBackupPostgres: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const backup = await findBackupById(input.backupId);
-				if (backup.postgresId) {
-					await checkServicePermissionAndAccess(ctx, backup.postgresId, {
-						backup: ["create"],
-					});
-				}
 				const postgres = await findPostgresByBackupId(backup.backupId);
 				await runPostgresBackup(postgres, backup);
+
 				await keepLatestNBackups(backup, postgres?.serverId);
-				await audit(ctx, {
-					action: "run",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 				return true;
 			} catch (error) {
 				const message =
@@ -294,22 +213,12 @@ export const backupRouter = createTRPCRouter({

 	manualBackupMySql: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const backup = await findBackupById(input.backupId);
-				if (backup.mysqlId) {
-					await checkServicePermissionAndAccess(ctx, backup.mysqlId, {
-						backup: ["create"],
-					});
-				}
 				const mysql = await findMySqlByBackupId(backup.backupId);
 				await runMySqlBackup(mysql, backup);
 				await keepLatestNBackups(backup, mysql?.serverId);
-				await audit(ctx, {
-					action: "run",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -321,22 +230,12 @@ export const backupRouter = createTRPCRouter({
 		}),
 	manualBackupMariadb: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const backup = await findBackupById(input.backupId);
-				if (backup.mariadbId) {
-					await checkServicePermissionAndAccess(ctx, backup.mariadbId, {
-						backup: ["create"],
-					});
-				}
 				const mariadb = await findMariadbByBackupId(backup.backupId);
 				await runMariadbBackup(mariadb, backup);
 				await keepLatestNBackups(backup, mariadb?.serverId);
-				await audit(ctx, {
-					action: "run",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -348,22 +247,12 @@ export const backupRouter = createTRPCRouter({
 		}),
 	manualBackupCompose: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const backup = await findBackupById(input.backupId);
-				if (backup.composeId) {
-					await checkServicePermissionAndAccess(ctx, backup.composeId, {
-						backup: ["create"],
-					});
-				}
 				const compose = await findComposeByBackupId(backup.backupId);
 				await runComposeBackup(compose, backup);
 				await keepLatestNBackups(backup, compose?.serverId);
-				await audit(ctx, {
-					action: "run",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -375,22 +264,12 @@ export const backupRouter = createTRPCRouter({
 		}),
 	manualBackupMongo: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const backup = await findBackupById(input.backupId);
-				if (backup.mongoId) {
-					await checkServicePermissionAndAccess(ctx, backup.mongoId, {
-						backup: ["create"],
-					});
-				}
 				const mongo = await findMongoByBackupId(backup.backupId);
 				await runMongoBackup(mongo, backup);
 				await keepLatestNBackups(backup, mongo?.serverId);
-				await audit(ctx, {
-					action: "run",
-					resourceType: "backup",
-					resourceId: backup.backupId,
-				});
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -400,20 +279,15 @@ export const backupRouter = createTRPCRouter({
 				});
 			}
 		}),
-	manualBackupWebServer: withPermission("backup", "create")
+	manualBackupWebServer: protectedProcedure
 		.input(apiFindOneBackup)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			const backup = await findBackupById(input.backupId);
 			await runWebServerBackup(backup);
 			await keepLatestNBackups(backup);
-			await audit(ctx, {
-				action: "run",
-				resourceType: "backup",
-				resourceId: backup.backupId,
-			});
 			return true;
 		}),
-	listBackupFiles: withPermission("backup", "read")
+	listBackupFiles: protectedProcedure
 		.input(
 			z.object({
 				destinationId: z.string(),
@@ -500,12 +374,7 @@ export const backupRouter = createTRPCRouter({
 			},
 		})
 		.input(apiRestoreBackup)
-		.subscription(async function* ({ input, ctx, signal }) {
-			if (input.databaseId) {
-				await checkServicePermissionAndAccess(ctx, input.databaseId, {
-					backup: ["restore"],
-				});
-			}
+		.subscription(async function* ({ input, signal }) {
 			const destination = await findDestinationById(input.destinationId);
 			const queue: string[] = [];
 			const done = false;
--- a/apps/dokploy/server/api/routers/bitbucket.ts
+++ b/apps/dokploy/server/api/routers/bitbucket.ts
@@ -8,12 +8,7 @@ import {
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiBitbucketTestConnection,
 	apiCreateBitbucket,
@@ -23,23 +18,15 @@ import {
 } from "@/server/db/schema";

 export const bitbucketRouter = createTRPCRouter({
-	create: withPermission("gitProviders", "create")
+	create: protectedProcedure
 		.input(apiCreateBitbucket)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				const result = await createBitbucket(
+				return await createBitbucket(
 					input,
 					ctx.session.activeOrganizationId,
 					ctx.session.userId,
 				);
-
-				await audit(ctx, {
-					action: "create",
-					resourceType: "gitProvider",
-					resourceName: input.name,
-				});
-
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -50,8 +37,19 @@ export const bitbucketRouter = createTRPCRouter({
 		}),
 	one: protectedProcedure
 		.input(apiFindOneBitbucket)
-		.query(async ({ input }) => {
-			return await findBitbucketById(input.bitbucketId);
+		.query(async ({ input, ctx }) => {
+			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
+			if (
+				bitbucketProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this bitbucket provider",
+				});
+			}
+			return bitbucketProvider;
 		}),
 	bitbucketProviders: protectedProcedure.query(async ({ ctx }) => {
 		let result = await db.query.bitbucket.findMany({
@@ -75,18 +73,53 @@ export const bitbucketRouter = createTRPCRouter({

 	getBitbucketRepositories: protectedProcedure
 		.input(apiFindOneBitbucket)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
+			if (
+				bitbucketProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this bitbucket provider",
+				});
+			}
 			return await getBitbucketRepositories(input.bitbucketId);
 		}),
 	getBitbucketBranches: protectedProcedure
 		.input(apiFindBitbucketBranches)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const bitbucketProvider = await findBitbucketById(
+				input.bitbucketId || "",
+			);
+			if (
+				bitbucketProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this bitbucket provider",
+				});
+			}
 			return await getBitbucketBranches(input);
 		}),
 	testConnection: protectedProcedure
 		.input(apiBitbucketTestConnection)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			try {
+				const bitbucketProvider = await findBitbucketById(input.bitbucketId);
+				if (
+					bitbucketProvider.gitProvider.organizationId !==
+						ctx.session.activeOrganizationId &&
+					bitbucketProvider.gitProvider.userId !== ctx.session.userId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not allowed to access this bitbucket provider",
+					});
+				}
 				const result = await testBitbucketConnection(input);

 				return `Found ${result} repositories`;
@@ -97,21 +130,23 @@ export const bitbucketRouter = createTRPCRouter({
 				});
 			}
 		}),
-	update: withPermission("gitProviders", "create")
+	update: protectedProcedure
 		.input(apiUpdateBitbucket)
 		.mutation(async ({ input, ctx }) => {
-			const result = await updateBitbucket(input.bitbucketId, {
+			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
+			if (
+				bitbucketProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this bitbucket provider",
+				});
+			}
+			return await updateBitbucket(input.bitbucketId, {
 				...input,
 				organizationId: ctx.session.activeOrganizationId,
 			});
-
-			await audit(ctx, {
-				action: "update",
-				resourceType: "gitProvider",
-				resourceId: input.bitbucketId,
-				resourceName: input.name,
-			});
-
-			return result;
 		}),
 });
--- a/apps/dokploy/server/api/routers/certificate.ts
+++ b/apps/dokploy/server/api/routers/certificate.ts
@@ -7,8 +7,7 @@ import {
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { eq } from "drizzle-orm";
-import { audit } from "@/server/api/utils/audit";
-import { createTRPCRouter, withPermission } from "@/server/api/trpc";
+import { adminProcedure, createTRPCRouter } from "@/server/api/trpc";
 import {
 	apiCreateCertificate,
 	apiFindCertificate,
@@ -16,7 +15,7 @@ import {
 } from "@/server/db/schema";

 export const certificateRouter = createTRPCRouter({
-	create: withPermission("certificate", "create")
+	create: adminProcedure
 		.input(apiCreateCertificate)
 		.mutation(async ({ input, ctx }) => {
 			if (IS_CLOUD && !input.serverId) {
@@ -25,20 +24,10 @@ export const certificateRouter = createTRPCRouter({
 					message: "Please set a server to create a certificate",
 				});
 			}
-			const cert = await createCertificate(
-				input,
-				ctx.session.activeOrganizationId,
-			);
-			await audit(ctx, {
-				action: "create",
-				resourceType: "certificate",
-				resourceId: cert.certificateId,
-				resourceName: cert.name,
-			});
-			return cert;
+			return await createCertificate(input, ctx.session.activeOrganizationId);
 		}),

-	one: withPermission("certificate", "read")
+	one: adminProcedure
 		.input(apiFindCertificate)
 		.query(async ({ input, ctx }) => {
 			const certificates = await findCertificateById(input.certificateId);
@@ -50,7 +39,7 @@ export const certificateRouter = createTRPCRouter({
 			}
 			return certificates;
 		}),
-	remove: withPermission("certificate", "delete")
+	remove: adminProcedure
 		.input(apiFindCertificate)
 		.mutation(async ({ input, ctx }) => {
 			const certificates = await findCertificateById(input.certificateId);
@@ -60,16 +49,10 @@ export const certificateRouter = createTRPCRouter({
 					message: "You are not allowed to delete this certificate",
 				});
 			}
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "certificate",
-				resourceId: certificates.certificateId,
-				resourceName: certificates.name,
-			});
 			await removeCertificateById(input.certificateId);
 			return true;
 		}),
-	all: withPermission("certificate", "read").query(async ({ ctx }) => {
+	all: adminProcedure.query(async ({ ctx }) => {
 		return await db.query.certificates.findMany({
 			where: eq(certificates.organizationId, ctx.session.activeOrganizationId),
 		});
--- a/apps/dokploy/server/api/routers/cluster.ts
+++ b/apps/dokploy/server/api/routers/cluster.ts
@@ -7,12 +7,10 @@ import {
 } from "@dokploy/server";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { audit } from "@/server/api/utils/audit";
 import { getLocalServerIp } from "@/server/wss/terminal";
-import { createTRPCRouter, withPermission } from "../trpc";
-
+import { createTRPCRouter, protectedProcedure } from "../trpc";
 export const clusterRouter = createTRPCRouter({
-	getNodes: withPermission("server", "read")
+	getNodes: protectedProcedure
 		.input(
 			z.object({
 				serverId: z.string().optional(),
@@ -21,17 +19,17 @@ export const clusterRouter = createTRPCRouter({
 		.query(async ({ input }) => {
 			const docker = await getRemoteDocker(input.serverId);
 			const workers: DockerNode[] = await docker.listNodes();
+
 			return workers;
 		}),
-
-	removeWorker: withPermission("server", "delete")
+	removeWorker: protectedProcedure
 		.input(
 			z.object({
 				nodeId: z.string(),
 				serverId: z.string().optional(),
 			}),
 		)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			try {
 				const drainCommand = `docker node update --availability drain ${input.nodeId}`;
 				const removeCommand = `docker node rm ${input.nodeId} --force`;
@@ -43,12 +41,6 @@ export const clusterRouter = createTRPCRouter({
 					await execAsync(drainCommand);
 					await execAsync(removeCommand);
 				}
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "cluster",
-					resourceId: input.nodeId,
-					resourceName: input.nodeId,
-				});
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -58,8 +50,7 @@ export const clusterRouter = createTRPCRouter({
 				});
 			}
 		}),
-
-	addWorker: withPermission("server", "create")
+	addWorker: protectedProcedure
 		.input(
 			z.object({
 				serverId: z.string().optional(),
@@ -77,12 +68,13 @@ export const clusterRouter = createTRPCRouter({
 			}

 			return {
-				command: `docker swarm join --token ${result.JoinTokens.Worker} ${ip}:2377`,
+				command: `docker swarm join --token ${
+					result.JoinTokens.Worker
+				} ${ip}:2377`,
 				version: docker_version.Version,
 			};
 		}),
-
-	addManager: withPermission("server", "create")
+	addManager: protectedProcedure
 		.input(
 			z.object({
 				serverId: z.string().optional(),
@@ -99,7 +91,9 @@ export const clusterRouter = createTRPCRouter({
 				ip = server?.ipAddress;
 			}
 			return {
-				command: `docker swarm join --token ${result.JoinTokens.Manager} ${ip}:2377`,
+				command: `docker swarm join --token ${
+					result.JoinTokens.Manager
+				} ${ip}:2377`,
 				version: docker_version.Version,
 			};
 		}),
--- a/apps/dokploy/server/api/routers/compose.ts
+++ b/apps/dokploy/server/api/routers/compose.ts
@@ -1,5 +1,7 @@
 import {
 	addDomainToCompose,
+	addNewService,
+	checkServiceAccess,
 	clearOldDeployments,
 	cloneCompose,
 	createCommand,
@@ -14,6 +16,7 @@ import {
 	findDomainsByComposeId,
 	findEnvironmentById,
 	findGitProviderById,
+	findMemberById,
 	findProjectById,
 	findServerById,
 	getComposeContainer,
@@ -31,12 +34,6 @@ import {
 	updateCompose,
 	updateDeploymentStatus,
 } from "@dokploy/server";
-import {
-	addNewService,
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { db } from "@dokploy/server/db";
 import {
 	type CompleteTemplate,
@@ -75,7 +72,6 @@ import {
 } from "@/server/queues/queueSetup";
 import { cancelDeployment, deploy } from "@/server/utils/deploy";
 import { generatePassword } from "@/templates/utils";
-import { audit } from "../utils/audit";
 import { createTRPCRouter, protectedProcedure, publicProcedure } from "../trpc";

 export const composeRouter = createTRPCRouter({
@@ -83,10 +79,18 @@ export const composeRouter = createTRPCRouter({
 		.input(apiCreateCompose)
 		.mutation(async ({ ctx, input }) => {
 			try {
+				// Get project from environment
 				const environment = await findEnvironmentById(input.environmentId);
 				const project = await findProjectById(environment.projectId);

-				await checkServiceAccess(ctx, project.projectId, "create");
+				if (ctx.user.role === "member") {
+					await checkServiceAccess(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+						"create",
+					);
+				}

 				if (IS_CLOUD && !input.serverId) {
 					throw new TRPCError({
@@ -104,14 +108,14 @@ export const composeRouter = createTRPCRouter({
 					...input,
 				});

-				await addNewService(ctx, newService.composeId);
+				if (ctx.user.role === "member") {
+					await addNewService(
+						ctx.user.id,
+						newService.composeId,
+						project.organizationId,
+					);
+				}

-				await audit(ctx, {
-					action: "create",
-					resourceType: "service",
-					resourceId: newService.composeId,
-					resourceName: newService.appName,
-				});
 				return newService;
 			} catch (error) {
 				throw error;
@@ -121,7 +125,14 @@ export const composeRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindCompose)
 		.query(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.composeId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.composeId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}

 			const compose = await findComposeById(input.composeId);
 			if (
@@ -177,22 +188,29 @@ export const composeRouter = createTRPCRouter({
 	update: protectedProcedure
 		.input(apiUpdateCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
-			const updated = await updateCompose(input.composeId, input);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: updated?.name,
-			});
-			return updated;
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this compose",
+				});
+			}
+			return updateCompose(input.composeId, input);
 		}),
 	delete: protectedProcedure
 		.input(apiDeleteCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.composeId, "delete");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.composeId,
+					ctx.session.activeOrganizationId,
+					"delete",
+				);
+			}
 			const composeResult = await findComposeById(input.composeId);

 			if (
@@ -231,55 +249,70 @@ export const composeRouter = createTRPCRouter({
 				} catch (_) {}
 			}

-			await audit(ctx, {
-				action: "delete",
-				resourceType: "service",
-				resourceId: composeResult.composeId,
-				resourceName: composeResult.appName,
-			});
 			return composeResult;
 		}),
 	cleanQueues: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to clean this compose",
+				});
+			}
 			await cleanQueuesByCompose(input.composeId);
 			return { success: true, message: "Queues cleaned successfully" };
 		}),
 	clearDeployments: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message:
+						"You are not authorized to clear deployments for this compose",
+				});
+			}
 			await clearOldDeployments(compose.appName, compose.serverId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: compose.name,
-			});
 			return true;
 		}),
 	killBuild: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["cancel"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to kill this build",
+				});
+			}
 			await killDockerBuild("compose", compose.serverId);
 		}),

 	loadServices: protectedProcedure
 		.input(apiFetchServices)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to load this compose",
+				});
+			}
 			return await loadServices(input.composeId, input.type);
 		}),
 	loadMountsByService: protectedProcedure
@@ -290,10 +323,16 @@ export const composeRouter = createTRPCRouter({
 			}),
 		)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to load this compose",
+				});
+			}
 			const container = await getComposeContainer(compose, input.serviceName);
 			const mounts = container?.Mounts.filter(
 				(mount) => mount.Type === "volume" && mount.Source !== "",
@@ -304,11 +343,18 @@ export const composeRouter = createTRPCRouter({
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await checkServicePermissionAndAccess(ctx, input.composeId, {
-					service: ["create"],
-				});
 				const compose = await findComposeById(input.composeId);

+				if (
+					compose.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to fetch this compose",
+					});
+				}
+
 				const command = await cloneCompose(compose);
 				if (compose.serverId) {
 					await execAsyncRemote(compose.serverId, command);
@@ -328,45 +374,49 @@ export const composeRouter = createTRPCRouter({
 	randomizeCompose: protectedProcedure
 		.input(apiRandomizeCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
-			const result = await randomizeComposeFile(input.composeId, input.suffix);
 			const compose = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: compose.name,
-			});
-			return result;
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to randomize this compose",
+				});
+			}
+			return await randomizeComposeFile(input.composeId, input.suffix);
 		}),
 	isolatedDeployment: protectedProcedure
 		.input(apiRandomizeCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
-			const result = await randomizeIsolatedDeploymentComposeFile(
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to randomize this compose",
+				});
+			}
+			return await randomizeIsolatedDeploymentComposeFile(
 				input.composeId,
 				input.suffix,
 			);
-			const compose = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: compose.name,
-			});
-			return result;
 		}),
 	getConvertedCompose: protectedProcedure
 		.input(apiFindCompose)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to get this compose",
+				});
+			}
 			const domains = await findDomainsByComposeId(input.composeId);
 			const composeFile = await addDomainToCompose(compose, domains);
 			return stringify(composeFile, {
@@ -377,11 +427,17 @@ export const composeRouter = createTRPCRouter({
 	deploy: protectedProcedure
 		.input(apiDeployCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);

+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this compose",
+				});
+			}
 			const jobData: DeploymentJob = {
 				composeId: input.composeId,
 				titleLog: input.title || "Manual deployment",
@@ -396,12 +452,6 @@ export const composeRouter = createTRPCRouter({
 				deploy(jobData).catch((error) => {
 					console.error("Background deployment failed:", error);
 				});
-				await audit(ctx, {
-					action: "deploy",
-					resourceType: "compose",
-					resourceId: input.composeId,
-					resourceName: compose.name,
-				});
 				return true;
 			}
 			await myQueue.add(
@@ -412,12 +462,6 @@ export const composeRouter = createTRPCRouter({
 					removeOnFail: true,
 				},
 			);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: compose.name,
-			});
 			return {
 				success: true,
 				message: "Deployment queued",
@@ -427,10 +471,16 @@ export const composeRouter = createTRPCRouter({
 	redeploy: protectedProcedure
 		.input(apiRedeployCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to redeploy this compose",
+				});
+			}
 			const jobData: DeploymentJob = {
 				composeId: input.composeId,
 				titleLog: input.title || "Rebuild deployment",
@@ -444,12 +494,6 @@ export const composeRouter = createTRPCRouter({
 				deploy(jobData).catch((error) => {
 					console.error("Background deployment failed:", error);
 				});
-				await audit(ctx, {
-					action: "deploy",
-					resourceType: "compose",
-					resourceId: input.composeId,
-					resourceName: compose.name,
-				});
 				return true;
 			}
 			await myQueue.add(
@@ -460,12 +504,6 @@ export const composeRouter = createTRPCRouter({
 					removeOnFail: true,
 				},
 			);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: compose.name,
-			});
 			return {
 				success: true,
 				message: "Redeployment queued",
@@ -475,61 +513,70 @@ export const composeRouter = createTRPCRouter({
 	stop: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to stop this compose",
+				});
+			}
 			await stopCompose(input.composeId);
-			const composeForStop = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "stop",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: composeForStop.name,
-			});
+
 			return true;
 		}),
 	start: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to stop this compose",
+				});
+			}
 			await startCompose(input.composeId);
-			const composeForStart = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "start",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: composeForStart.name,
-			});
+
 			return true;
 		}),
 	getDefaultCommand: protectedProcedure
 		.input(apiFindCompose)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
 			const compose = await findComposeById(input.composeId);
+
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to get this compose",
+				});
+			}
 			const command = createCommand(compose);
 			return `docker ${command}`;
 		}),
 	refreshToken: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to refresh this compose",
+				});
+			}
 			await updateCompose(input.composeId, {
 				refreshToken: nanoid(),
 			});
-			const composeForToken = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: composeForToken.name,
-			});
 			return true;
 		}),
 	deployTemplate: protectedProcedure
@@ -544,7 +591,14 @@ export const composeRouter = createTRPCRouter({
 		.mutation(async ({ ctx, input }) => {
 			const environment = await findEnvironmentById(input.environmentId);

-			await checkServiceAccess(ctx, environment.projectId, "create");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					environment.projectId,
+					ctx.session.activeOrganizationId,
+					"create",
+				);
+			}

 			if (IS_CLOUD && !input.serverId) {
 				throw new TRPCError({
@@ -594,7 +648,13 @@ export const composeRouter = createTRPCRouter({
 				isolatedDeployment: true,
 			});

-			await addNewService(ctx, compose.composeId);
+			if (ctx.user.role === "member") {
+				await addNewService(
+					ctx.user.id,
+					compose.composeId,
+					ctx.session.activeOrganizationId,
+				);
+			}

 			if (generate.mounts && generate.mounts?.length > 0) {
 				for (const mount of generate.mounts) {
@@ -621,12 +681,6 @@ export const composeRouter = createTRPCRouter({
 				}
 			}

-			await audit(ctx, {
-				action: "create",
-				resourceType: "compose",
-				resourceId: compose.composeId,
-				resourceName: compose.name,
-			});
 			return compose;
 		}),

@@ -660,11 +714,20 @@ export const composeRouter = createTRPCRouter({
 	disconnectGitProvider: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to disconnect this git provider",
+				});
+			}

+			// Reset all git provider related fields
 			await updateCompose(input.composeId, {
+				// GitHub fields
 				repository: null,
 				branch: null,
 				owner: null,
@@ -672,6 +735,7 @@ export const composeRouter = createTRPCRouter({
 				githubId: null,
 				triggerType: "push",

+				// GitLab fields
 				gitlabRepository: null,
 				gitlabOwner: null,
 				gitlabBranch: null,
@@ -679,33 +743,30 @@ export const composeRouter = createTRPCRouter({
 				gitlabProjectId: null,
 				gitlabPathNamespace: null,

+				// Bitbucket fields
 				bitbucketRepository: null,
 				bitbucketOwner: null,
 				bitbucketBranch: null,
 				bitbucketId: null,

+				// Gitea fields
 				giteaRepository: null,
 				giteaOwner: null,
 				giteaBranch: null,
 				giteaId: null,

+				// Custom Git fields
 				customGitBranch: null,
 				customGitUrl: null,
 				customGitSSHKeyId: null,

+				// Common fields
 				sourceType: "github", // Reset to default
 				composeStatus: "idle",
 				watchPaths: null,
 				enableSubmodules: false,
 			});

-			const composeForDisconnect = await findComposeById(input.composeId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: composeForDisconnect.name,
-			});
 			return true;
 		}),

@@ -717,9 +778,29 @@ export const composeRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				service: ["create"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move this compose",
+				});
+			}
+
+			const targetEnvironment = await findEnvironmentById(
+				input.targetEnvironmentId,
+			);
+			if (
+				targetEnvironment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move to this environment",
+				});
+			}

 			const updatedCompose = await db
 				.update(composeTable)
@@ -737,12 +818,6 @@ export const composeRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "compose",
-				resourceId: input.composeId,
-				resourceName: updatedCompose.name,
-			});
 			return updatedCompose;
 		}),

@@ -755,11 +830,18 @@ export const composeRouter = createTRPCRouter({
 		)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await checkServicePermissionAndAccess(ctx, input.composeId, {
-					service: ["create"],
-				});
 				const compose = await findComposeById(input.composeId);

+				if (
+					compose.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to update this compose",
+					});
+				}
+
 				const decodedData = Buffer.from(input.base64, "base64").toString(
 					"utf-8",
 				);
@@ -819,14 +901,21 @@ export const composeRouter = createTRPCRouter({
 		)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await checkServicePermissionAndAccess(ctx, input.composeId, {
-					service: ["create"],
-				});
 				const compose = await findComposeById(input.composeId);
 				const decodedData = Buffer.from(input.base64, "base64").toString(
 					"utf-8",
 				);

+				if (
+					compose.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to update this compose",
+					});
+				}
+
 				for (const mount of compose.mounts) {
 					await deleteMount(mount.mountId);
 				}
@@ -904,12 +993,6 @@ export const composeRouter = createTRPCRouter({
 					}
 				}

-				await audit(ctx, {
-					action: "update",
-					resourceType: "compose",
-					resourceId: input.composeId,
-					resourceName: compose.appName,
-				});
 				return {
 					success: true,
 					message: "Template imported successfully",
@@ -925,10 +1008,16 @@ export const composeRouter = createTRPCRouter({
 	cancelDeployment: protectedProcedure
 		.input(apiFindCompose)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["cancel"],
-			});
 			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to cancel this deployment",
+				});
+			}

 			if (IS_CLOUD && compose.serverId) {
 				try {
@@ -948,12 +1037,6 @@ export const composeRouter = createTRPCRouter({
 						applicationType: "compose",
 					});

-					await audit(ctx, {
-						action: "stop",
-						resourceType: "compose",
-						resourceId: input.composeId,
-						resourceName: compose.name,
-					});
 					return {
 						success: true,
 						message: "Deployment cancellation requested",
@@ -1030,17 +1113,19 @@ export const composeRouter = createTRPCRouter({
 				);
 			}

-			const { accessedServices } = await findMemberByUserId(
-				ctx.user.id,
-				ctx.session.activeOrganizationId,
-			);
-			if (accessedServices.length === 0) return { items: [], total: 0 };
-			baseConditions.push(
-				sql`${composeTable.composeId} IN (${sql.join(
-					accessedServices.map((id) => sql`${id}`),
-					sql`, `,
-				)})`,
-			);
+			if (ctx.user.role === "member") {
+				const { accessedServices } = await findMemberById(
+					ctx.user.id,
+					ctx.session.activeOrganizationId,
+				);
+				if (accessedServices.length === 0) return { items: [], total: 0 };
+				baseConditions.push(
+					sql`${composeTable.composeId} IN (${sql.join(
+						accessedServices.map((id) => sql`${id}`),
+						sql`, `,
+					)})`,
+				);
+			}

 			const where = and(...baseConditions);

--- a/apps/dokploy/server/api/routers/deployment.ts
+++ b/apps/dokploy/server/api/routers/deployment.ts
@@ -5,21 +5,20 @@ import {
 	findAllDeploymentsByComposeId,
 	findAllDeploymentsByServerId,
 	findAllDeploymentsCentralized,
+	findApplicationById,
+	findComposeById,
 	findDeploymentById,
+	findMemberById,
+	findServerById,
 	IS_CLOUD,
 	removeDeployment,
 	resolveServicePath,
 	updateDeploymentStatus,
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
-import {
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { TRPCError } from "@trpc/server";
 import { desc, eq } from "drizzle-orm";
 import { z } from "zod";
-import { audit } from "@/server/api/utils/audit";
 import {
 	apiFindAllByApplication,
 	apiFindAllByCompose,
@@ -30,46 +29,65 @@ import {
 } from "@/server/db/schema";
 import { myQueue } from "@/server/queues/queueSetup";
 import { fetchDeployApiJobs, type QueueJobRow } from "@/server/utils/deploy";
-import { createTRPCRouter, protectedProcedure, withPermission } from "../trpc";
+import { createTRPCRouter, protectedProcedure } from "../trpc";

 export const deploymentRouter = createTRPCRouter({
 	all: protectedProcedure
 		.input(apiFindAllByApplication)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				deployment: ["read"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this application",
+				});
+			}
 			return await findAllDeploymentsByApplicationId(input.applicationId);
 		}),

 	allByCompose: protectedProcedure
 		.input(apiFindAllByCompose)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				deployment: ["read"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this compose",
+				});
+			}
 			return await findAllDeploymentsByComposeId(input.composeId);
 		}),
-	allByServer: withPermission("deployment", "read")
+	allByServer: protectedProcedure
 		.input(apiFindAllByServer)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const server = await findServerById(input.serverId);
+			if (server.organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this server",
+				});
+			}
 			return await findAllDeploymentsByServerId(input.serverId);
 		}),
-	allCentralized: withPermission("deployment", "read").query(
-		async ({ ctx }) => {
-			const orgId = ctx.session.activeOrganizationId;
-			const accessedServices =
-				ctx.user.role !== "owner" && ctx.user.role !== "admin"
-					? (await findMemberByUserId(ctx.user.id, orgId)).accessedServices
-					: null;
-			if (accessedServices !== null && accessedServices.length === 0) {
-				return [];
-			}
-			return findAllDeploymentsCentralized(orgId, accessedServices);
-		},
-	),
+	allCentralized: protectedProcedure.query(async ({ ctx }) => {
+		const orgId = ctx.session.activeOrganizationId;
+		const accessedServices =
+			ctx.user.role === "member"
+				? (await findMemberById(ctx.user.id, orgId)).accessedServices
+				: null;
+		if (accessedServices !== null && accessedServices.length === 0) {
+			return [];
+		}
+		return findAllDeploymentsCentralized(orgId, accessedServices);
+	}),

-	queueList: withPermission("deployment", "read").query(async ({ ctx }) => {
+	queueList: protectedProcedure.query(async ({ ctx }) => {
 		const orgId = ctx.session.activeOrganizationId;
 		let rows: QueueJobRow[];

@@ -117,10 +135,7 @@ export const deploymentRouter = createTRPCRouter({

 	allByType: protectedProcedure
 		.input(apiFindAllByType)
-		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.id, {
-				deployment: ["read"],
-			});
+		.query(async ({ input }) => {
 			const deploymentsList = await db.query.deployments.findMany({
 				where: eq(deployments[`${input.type}Id`], input.id),
 				orderBy: desc(deployments.createdAt),
@@ -136,14 +151,8 @@ export const deploymentRouter = createTRPCRouter({
 				deploymentId: z.string().min(1),
 			}),
 		)
-		.mutation(async ({ input, ctx }) => {
+		.mutation(async ({ input }) => {
 			const deployment = await findDeploymentById(input.deploymentId);
-			const serviceId = deployment.applicationId || deployment.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					deployment: ["cancel"],
-				});
-			}

 			if (!deployment.pid) {
 				throw new TRPCError({
@@ -160,11 +169,6 @@ export const deploymentRouter = createTRPCRouter({
 			}

 			await updateDeploymentStatus(deployment.deploymentId, "error");
-			await audit(ctx, {
-				action: "cancel",
-				resourceType: "deployment",
-				resourceId: deployment.deploymentId,
-			});
 		}),

 	removeDeployment: protectedProcedure
@@ -173,20 +177,7 @@ export const deploymentRouter = createTRPCRouter({
 				deploymentId: z.string().min(1),
 			}),
 		)
-		.mutation(async ({ input, ctx }) => {
-			const deployment = await findDeploymentById(input.deploymentId);
-			const serviceId = deployment.applicationId || deployment.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					deployment: ["cancel"],
-				});
-			}
-			const result = await removeDeployment(input.deploymentId);
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "deployment",
-				resourceId: deployment.deploymentId,
-			});
-			return result;
+		.mutation(async ({ input }) => {
+			return await removeDeployment(input.deploymentId);
 		}),
 });
--- a/apps/dokploy/server/api/routers/destination.ts
+++ b/apps/dokploy/server/api/routers/destination.ts
@@ -10,8 +10,11 @@ import {
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { desc, eq } from "drizzle-orm";
-import { createTRPCRouter, withPermission } from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import {
+	adminProcedure,
+	createTRPCRouter,
+	protectedProcedure,
+} from "@/server/api/trpc";
 import {
 	apiCreateDestination,
 	apiFindOneDestination,
@@ -21,21 +24,14 @@ import {
 } from "@/server/db/schema";

 export const destinationRouter = createTRPCRouter({
-	create: withPermission("destination", "create")
+	create: adminProcedure
 		.input(apiCreateDestination)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				const result = await createDestintation(
+				return await createDestintation(
 					input,
 					ctx.session.activeOrganizationId,
 				);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "destination",
-					resourceId: result.destinationId,
-					resourceName: input.name,
-				});
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -44,7 +40,7 @@ export const destinationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	testConnection: withPermission("destination", "create")
+	testConnection: adminProcedure
 		.input(apiCreateDestination)
 		.mutation(async ({ input }) => {
 			const { secretAccessKey, bucket, region, endpoint, accessKey, provider } =
@@ -91,7 +87,7 @@ export const destinationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	one: withPermission("destination", "read")
+	one: protectedProcedure
 		.input(apiFindOneDestination)
 		.query(async ({ input, ctx }) => {
 			const destination = await findDestinationById(input.destinationId);
@@ -103,13 +99,13 @@ export const destinationRouter = createTRPCRouter({
 			}
 			return destination;
 		}),
-	all: withPermission("destination", "read").query(async ({ ctx }) => {
+	all: protectedProcedure.query(async ({ ctx }) => {
 		return await db.query.destinations.findMany({
 			where: eq(destinations.organizationId, ctx.session.activeOrganizationId),
 			orderBy: [desc(destinations.createdAt)],
 		});
 	}),
-	remove: withPermission("destination", "delete")
+	remove: adminProcedure
 		.input(apiRemoveDestination)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -121,22 +117,15 @@ export const destinationRouter = createTRPCRouter({
 						message: "You are not allowed to delete this destination",
 					});
 				}
-				const result = await removeDestinationById(
+				return await removeDestinationById(
 					input.destinationId,
 					ctx.session.activeOrganizationId,
 				);
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "destination",
-					resourceId: input.destinationId,
-					resourceName: destination.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	update: withPermission("destination", "create")
+	update: adminProcedure
 		.input(apiUpdateDestination)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -147,17 +136,10 @@ export const destinationRouter = createTRPCRouter({
 						message: "You are not allowed to update this destination",
 					});
 				}
-				const result = await updateDestinationById(input.destinationId, {
+				return await updateDestinationById(input.destinationId, {
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "destination",
-					resourceId: input.destinationId,
-					resourceName: input.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
--- a/apps/dokploy/server/api/routers/docker.ts
+++ b/apps/dokploy/server/api/routers/docker.ts
@@ -10,13 +10,12 @@ import {
 } from "@dokploy/server";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { audit } from "@/server/api/utils/audit";
-import { createTRPCRouter, withPermission } from "../trpc";
+import { createTRPCRouter, protectedProcedure } from "../trpc";

 export const containerIdRegex = /^[a-zA-Z0-9.\-_]+$/;

 export const dockerRouter = createTRPCRouter({
-	getContainers: withPermission("docker", "read")
+	getContainers: protectedProcedure
 		.input(
 			z.object({
 				serverId: z.string().optional(),
@@ -32,7 +31,7 @@ export const dockerRouter = createTRPCRouter({
 			return await getContainers(input.serverId);
 		}),

-	restartContainer: withPermission("docker", "read")
+	restartContainer: protectedProcedure
 		.input(
 			z.object({
 				containerId: z
@@ -41,18 +40,11 @@ export const dockerRouter = createTRPCRouter({
 					.regex(containerIdRegex, "Invalid container id."),
 			}),
 		)
-		.mutation(async ({ input, ctx }) => {
-			const result = await containerRestart(input.containerId);
-			await audit(ctx, {
-				action: "start",
-				resourceType: "docker",
-				resourceId: input.containerId,
-				resourceName: input.containerId,
-			});
-			return result;
+		.mutation(async ({ input }) => {
+			return await containerRestart(input.containerId);
 		}),

-	getConfig: withPermission("docker", "read")
+	getConfig: protectedProcedure
 		.input(
 			z.object({
 				containerId: z
@@ -72,7 +64,7 @@ export const dockerRouter = createTRPCRouter({
 			return await getConfig(input.containerId, input.serverId);
 		}),

-	getContainersByAppNameMatch: withPermission("service", "read")
+	getContainersByAppNameMatch: protectedProcedure
 		.input(
 			z.object({
 				appType: z.enum(["stack", "docker-compose"]).optional(),
@@ -94,7 +86,7 @@ export const dockerRouter = createTRPCRouter({
 			);
 		}),

-	getContainersByAppLabel: withPermission("docker", "read")
+	getContainersByAppLabel: protectedProcedure
 		.input(
 			z.object({
 				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
@@ -116,7 +108,7 @@ export const dockerRouter = createTRPCRouter({
 			);
 		}),

-	getStackContainersByAppName: withPermission("docker", "read")
+	getStackContainersByAppName: protectedProcedure
 		.input(
 			z.object({
 				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
@@ -133,7 +125,7 @@ export const dockerRouter = createTRPCRouter({
 			return await getStackContainersByAppName(input.appName, input.serverId);
 		}),

-	getServiceContainersByAppName: withPermission("docker", "read")
+	getServiceContainersByAppName: protectedProcedure
 		.input(
 			z.object({
 				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
--- a/apps/dokploy/server/api/routers/domain.ts
+++ b/apps/dokploy/server/api/routers/domain.ts
@@ -1,6 +1,7 @@
 import {
 	createDomain,
 	findApplicationById,
+	findComposeById,
 	findDomainById,
 	findDomainsByApplicationId,
 	findDomainsByComposeId,
@@ -14,15 +15,9 @@ import {
 	updateDomainById,
 	validateDomain,
 } from "@dokploy/server";
-import { checkServicePermissionAndAccess } from "@dokploy/server/services/permission";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiCreateDomain,
 	apiFindCompose,
@@ -37,22 +32,29 @@ export const domainRouter = createTRPCRouter({
 		.mutation(async ({ input, ctx }) => {
 			try {
 				if (input.domainType === "compose" && input.composeId) {
-					await checkServicePermissionAndAccess(ctx, input.composeId, {
-						domain: ["create"],
-					});
+					const compose = await findComposeById(input.composeId);
+					if (
+						compose.environment.project.organizationId !==
+						ctx.session.activeOrganizationId
+					) {
+						throw new TRPCError({
+							code: "UNAUTHORIZED",
+							message: "You are not authorized to access this compose",
+						});
+					}
 				} else if (input.domainType === "application" && input.applicationId) {
-					await checkServicePermissionAndAccess(ctx, input.applicationId, {
-						domain: ["create"],
-					});
+					const application = await findApplicationById(input.applicationId);
+					if (
+						application.environment.project.organizationId !==
+						ctx.session.activeOrganizationId
+					) {
+						throw new TRPCError({
+							code: "UNAUTHORIZED",
+							message: "You are not authorized to access this application",
+						});
+					}
 				}
-				const domain = await createDomain(input);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "domain",
-					resourceId: domain.domainId,
-					resourceName: domain.host,
-				});
-				return domain;
+				return await createDomain(input);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -67,20 +69,34 @@ export const domainRouter = createTRPCRouter({
 	byApplicationId: protectedProcedure
 		.input(apiFindOneApplication)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				domain: ["read"],
-			});
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this application",
+				});
+			}
 			return await findDomainsByApplicationId(input.applicationId);
 		}),
 	byComposeId: protectedProcedure
 		.input(apiFindCompose)
 		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.composeId, {
-				domain: ["read"],
-			});
+			const compose = await findComposeById(input.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this compose",
+				});
+			}
 			return await findDomainsByComposeId(input.composeId);
 		}),
-	generateDomain: withPermission("domain", "create")
+	generateDomain: protectedProcedure
 		.input(z.object({ appName: z.string(), serverId: z.string().optional() }))
 		.mutation(async ({ input, ctx }) => {
 			return generateTraefikMeDomain(
@@ -89,7 +105,7 @@ export const domainRouter = createTRPCRouter({
 				input.serverId,
 			);
 		}),
-	canGenerateTraefikMeDomains: withPermission("domain", "read")
+	canGenerateTraefikMeDomains: protectedProcedure
 		.input(z.object({ serverId: z.string() }))
 		.query(async ({ input }) => {
 			if (input.serverId) {
@@ -104,28 +120,45 @@ export const domainRouter = createTRPCRouter({
 		.input(apiUpdateDomain)
 		.mutation(async ({ input, ctx }) => {
 			const currentDomain = await findDomainById(input.domainId);
-			const serviceId = currentDomain.applicationId || currentDomain.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					domain: ["create"],
-				});
+
+			if (currentDomain.applicationId) {
+				const newApp = await findApplicationById(currentDomain.applicationId);
+				if (
+					newApp.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to access this application",
+					});
+				}
+			} else if (currentDomain.composeId) {
+				const newCompose = await findComposeById(currentDomain.composeId);
+				if (
+					newCompose.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to access this compose",
+					});
+				}
 			} else if (currentDomain.previewDeploymentId) {
-				const preview = await findPreviewDeploymentById(
+				const newPreviewDeployment = await findPreviewDeploymentById(
 					currentDomain.previewDeploymentId,
 				);
-				await checkServicePermissionAndAccess(ctx, preview.applicationId, {
-					domain: ["create"],
-				});
+				if (
+					newPreviewDeployment.application.environment.project
+						.organizationId !== ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to access this preview deployment",
+					});
+				}
 			}
-
 			const result = await updateDomainById(input.domainId, input);
 			const domain = await findDomainById(input.domainId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "domain",
-				resourceId: domain.domainId,
-				resourceName: domain.host,
-			});
 			if (domain.applicationId) {
 				const application = await findApplicationById(domain.applicationId);
 				await manageDomain(application, domain);
@@ -143,46 +176,59 @@ export const domainRouter = createTRPCRouter({
 		}),
 	one: protectedProcedure.input(apiFindDomain).query(async ({ input, ctx }) => {
 		const domain = await findDomainById(input.domainId);
-		const serviceId = domain.applicationId || domain.composeId;
-		if (serviceId) {
-			await checkServicePermissionAndAccess(ctx, serviceId, {
-				domain: ["read"],
-			});
-		} else if (domain.previewDeploymentId) {
-			const preview = await findPreviewDeploymentById(
-				domain.previewDeploymentId,
-			);
-			await checkServicePermissionAndAccess(ctx, preview.applicationId, {
-				domain: ["read"],
-			});
+		if (domain.applicationId) {
+			const application = await findApplicationById(domain.applicationId);
+			if (
+				application.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this application",
+				});
+			}
+		} else if (domain.composeId) {
+			const compose = await findComposeById(domain.composeId);
+			if (
+				compose.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this compose",
+				});
+			}
 		}
-		return domain;
+		return await findDomainById(input.domainId);
 	}),
 	delete: protectedProcedure
 		.input(apiFindDomain)
 		.mutation(async ({ input, ctx }) => {
 			const domain = await findDomainById(input.domainId);
-			const serviceId = domain.applicationId || domain.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					domain: ["delete"],
-				});
-			} else if (domain.previewDeploymentId) {
-				const preview = await findPreviewDeploymentById(
-					domain.previewDeploymentId,
-				);
-				await checkServicePermissionAndAccess(ctx, preview.applicationId, {
-					domain: ["delete"],
-				});
+			if (domain.applicationId) {
+				const application = await findApplicationById(domain.applicationId);
+				if (
+					application.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to access this application",
+					});
+				}
+			} else if (domain.composeId) {
+				const compose = await findComposeById(domain.composeId);
+				if (
+					compose.environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not authorized to access this compose",
+					});
+				}
 			}
-
 			const result = await removeDomainById(input.domainId);
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "domain",
-				resourceId: domain.domainId,
-				resourceName: domain.host,
-			});

 			if (domain.applicationId) {
 				const application = await findApplicationById(domain.applicationId);
@@ -192,7 +238,7 @@ export const domainRouter = createTRPCRouter({
 			return result;
 		}),

-	validateDomain: withPermission("domain", "read")
+	validateDomain: protectedProcedure
 		.input(
 			z.object({
 				domain: z.string(),
--- a/apps/dokploy/server/api/routers/environment.ts
+++ b/apps/dokploy/server/api/routers/environment.ts
@@ -1,35 +1,31 @@
-import {
-	createEnvironment,
-	deleteEnvironment,
-	duplicateEnvironment,
-	findEnvironmentById,
-	findEnvironmentsByProjectId,
-	updateEnvironmentById,
-} from "@dokploy/server";
-import { db } from "@dokploy/server/db";
 import {
 	addNewEnvironment,
 	checkEnvironmentAccess,
 	checkEnvironmentCreationPermission,
 	checkEnvironmentDeletionPermission,
-	checkPermission,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
+	createEnvironment,
+	deleteEnvironment,
+	duplicateEnvironment,
+	findEnvironmentById,
+	findEnvironmentsByProjectId,
+	findMemberById,
+	updateEnvironmentById,
+} from "@dokploy/server";
+import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq, ilike, or, sql } from "drizzle-orm";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
 import {
 	apiCreateEnvironment,
 	apiDuplicateEnvironment,
 	apiFindOneEnvironment,
 	apiRemoveEnvironment,
 	apiUpdateEnvironment,
-	environments,
-	projects,
 } from "@/server/db/schema";
+import { environments, projects } from "@/server/db/schema";

+// Helper function to filter services within an environment based on user permissions
 const filterEnvironmentServices = (
 	environment: any,
 	accessedServices: string[],
@@ -63,7 +59,12 @@ export const environmentRouter = createTRPCRouter({
 		.input(apiCreateEnvironment)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await checkEnvironmentCreationPermission(ctx, input.projectId);
+				// Check if user has permission to create environments
+				await checkEnvironmentCreationPermission(
+					ctx.user.id,
+					input.projectId,
+					ctx.session.activeOrganizationId,
+				);

 				if (input.name === "production") {
 					throw new TRPCError({
@@ -73,15 +74,16 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

+				// Allow users to create environments with any name, including "production"
 				const environment = await createEnvironment(input);

-				await addNewEnvironment(ctx, environment.environmentId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "environment",
-					resourceId: environment.environmentId,
-					resourceName: environment.name,
-				});
+				if (ctx.user.role === "member") {
+					await addNewEnvironment(
+						ctx.user.id,
+						environment.environmentId,
+						ctx.session.activeOrganizationId,
+					);
+				}
 				return environment;
 			} catch (error) {
 				if (error instanceof TRPCError) {
@@ -98,39 +100,54 @@ export const environmentRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindOneEnvironment)
 		.query(async ({ input, ctx }) => {
-			const environment = await findEnvironmentById(input.environmentId);
-			if (
-				environment.project.organizationId !== ctx.session.activeOrganizationId
-			) {
-				throw new TRPCError({
-					code: "FORBIDDEN",
-					message: "You are not allowed to access this environment",
-				});
-			}
-
-			if (ctx.user.role !== "owner" && ctx.user.role !== "admin") {
-				const { accessedEnvironments, accessedServices } =
-					await findMemberByUserId(
+			try {
+				if (ctx.user.role === "member") {
+					await checkEnvironmentAccess(
 						ctx.user.id,
+						input.environmentId,
 						ctx.session.activeOrganizationId,
+						"access",
 					);
-
-				if (!accessedEnvironments.includes(environment.environmentId)) {
+				}
+				const environment = await findEnvironmentById(input.environmentId);
+				if (
+					environment.project.organizationId !==
+					ctx.session.activeOrganizationId
+				) {
 					throw new TRPCError({
 						code: "FORBIDDEN",
 						message: "You are not allowed to access this environment",
 					});
 				}

-				const filteredEnvironment = filterEnvironmentServices(
-					environment,
-					accessedServices,
-				);
+				// Check environment access and filter services for members
+				if (ctx.user.role === "member") {
+					const { accessedEnvironments, accessedServices } =
+						await findMemberById(ctx.user.id, ctx.session.activeOrganizationId);

-				return filteredEnvironment;
+					if (!accessedEnvironments.includes(environment.environmentId)) {
+						throw new TRPCError({
+							code: "FORBIDDEN",
+							message: "You are not allowed to access this environment",
+						});
+					}
+
+					// Filter services based on member permissions
+					const filteredEnvironment = filterEnvironmentServices(
+						environment,
+						accessedServices,
+					);
+
+					return filteredEnvironment;
+				}
+
+				return environment;
+			} catch (error) {
+				throw new TRPCError({
+					code: "NOT_FOUND",
+					message: "Environment not found",
+				});
 			}
-
-			return environment;
 		}),

 	byProjectId: protectedProcedure
@@ -139,6 +156,7 @@ export const environmentRouter = createTRPCRouter({
 			try {
 				const environments = await findEnvironmentsByProjectId(input.projectId);

+				// Check organization access
 				if (
 					environments.some(
 						(environment) =>
@@ -152,13 +170,12 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

-				if (ctx.user.role !== "owner" && ctx.user.role !== "admin") {
+				// Filter environments for members based on their permissions
+				if (ctx.user.role === "member") {
 					const { accessedEnvironments, accessedServices } =
-						await findMemberByUserId(
-							ctx.user.id,
-							ctx.session.activeOrganizationId,
-						);
+						await findMemberById(ctx.user.id, ctx.session.activeOrganizationId);

+					// Filter environments to only show those the member has access to
 					const filteredEnvironments = environments
 						.filter((environment) =>
 							accessedEnvironments.includes(environment.environmentId),
@@ -194,6 +211,7 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

+				// Prevent deletion of the default environment
 				if (environment.isDefault) {
 					throw new TRPCError({
 						code: "BAD_REQUEST",
@@ -201,17 +219,24 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

-				await checkEnvironmentDeletionPermission(ctx, environment.projectId);
+				// Check environment deletion permission
+				await checkEnvironmentDeletionPermission(
+					ctx.user.id,
+					environment.projectId,
+					ctx.session.activeOrganizationId,
+				);

-				await checkEnvironmentAccess(ctx, input.environmentId, "read");
+				// Additional check for environment access for members
+				if (ctx.user.role === "member") {
+					await checkEnvironmentAccess(
+						ctx.user.id,
+						input.environmentId,
+						ctx.session.activeOrganizationId,
+						"access",
+					);
+				}

 				const deletedEnvironment = await deleteEnvironment(input.environmentId);
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "environment",
-					resourceId: deletedEnvironment?.environmentId,
-					resourceName: deletedEnvironment?.name,
-				});
 				return deletedEnvironment;
 			} catch (error) {
 				if (error instanceof TRPCError) {
@@ -231,14 +256,18 @@ export const environmentRouter = createTRPCRouter({
 			try {
 				const { environmentId, ...updateData } = input;

-				await checkEnvironmentAccess(ctx, environmentId, "read");
-
-				if (updateData.env !== undefined) {
-					await checkPermission(ctx, { environmentEnvVars: ["write"] });
+				// Allow users to rename environments to any name, including "production"
+				if (ctx.user.role === "member") {
+					await checkEnvironmentAccess(
+						ctx.user.id,
+						environmentId,
+						ctx.session.activeOrganizationId,
+						"access",
+					);
 				}
-
 				const currentEnvironment = await findEnvironmentById(environmentId);

+				// Prevent renaming the default environment, but allow updating env and description
 				if (currentEnvironment.isDefault && updateData.name !== undefined) {
 					throw new TRPCError({
 						code: "BAD_REQUEST",
@@ -255,8 +284,9 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

-				if (ctx.user.role !== "owner" && ctx.user.role !== "admin") {
-					const { accessedEnvironments } = await findMemberByUserId(
+				// Check environment access for members
+				if (ctx.user.role === "member") {
+					const { accessedEnvironments } = await findMemberById(
 						ctx.user.id,
 						ctx.session.activeOrganizationId,
 					);
@@ -275,14 +305,6 @@ export const environmentRouter = createTRPCRouter({
 					environmentId,
 					updateData,
 				);
-				if (environment) {
-					await audit(ctx, {
-						action: "update",
-						resourceType: "environment",
-						resourceId: environment.environmentId,
-						resourceName: environment.name,
-					});
-				}
 				return environment;
 			} catch (error) {
 				throw new TRPCError({
@@ -296,7 +318,14 @@ export const environmentRouter = createTRPCRouter({
 		.input(apiDuplicateEnvironment)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await checkEnvironmentAccess(ctx, input.environmentId, "read");
+				if (ctx.user.role === "member") {
+					await checkEnvironmentAccess(
+						ctx.user.id,
+						input.environmentId,
+						ctx.session.activeOrganizationId,
+						"access",
+					);
+				}
 				const environment = await findEnvironmentById(input.environmentId);
 				if (
 					environment.project.organizationId !==
@@ -308,8 +337,9 @@ export const environmentRouter = createTRPCRouter({
 					});
 				}

-				if (ctx.user.role !== "owner" && ctx.user.role !== "admin") {
-					const { accessedEnvironments } = await findMemberByUserId(
+				// Check environment access for members
+				if (ctx.user.role === "member") {
+					const { accessedEnvironments } = await findMemberById(
 						ctx.user.id,
 						ctx.session.activeOrganizationId,
 					);
@@ -323,13 +353,6 @@ export const environmentRouter = createTRPCRouter({
 				}

 				const duplicatedEnvironment = await duplicateEnvironment(input);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "environment",
-					resourceId: duplicatedEnvironment.environmentId,
-					resourceName: duplicatedEnvironment.name,
-					metadata: { duplicatedFrom: input.environmentId },
-				});
 				return duplicatedEnvironment;
 			} catch (error) {
 				throw new TRPCError({
@@ -381,8 +404,8 @@ export const environmentRouter = createTRPCRouter({
 				);
 			}

-			if (ctx.user.role !== "owner" && ctx.user.role !== "admin") {
-				const { accessedEnvironments } = await findMemberByUserId(
+			if (ctx.user.role === "member") {
+				const { accessedEnvironments } = await findMemberById(
 					ctx.user.id,
 					ctx.session.activeOrganizationId,
 				);
--- a/apps/dokploy/server/api/routers/git-provider.ts
+++ b/apps/dokploy/server/api/routers/git-provider.ts
@@ -2,12 +2,7 @@ import { findGitProviderById, removeGitProvider } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq } from "drizzle-orm";
-import { audit } from "@/server/api/utils/audit";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import { apiRemoveGitProvider, gitProvider } from "@/server/db/schema";

 export const gitProviderRouter = createTRPCRouter({
@@ -26,7 +21,7 @@ export const gitProviderRouter = createTRPCRouter({
 			),
 		});
 	}),
-	remove: withPermission("gitProviders", "delete")
+	remove: protectedProcedure
 		.input(apiRemoveGitProvider)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -38,12 +33,6 @@ export const gitProviderRouter = createTRPCRouter({
 						message: "You are not allowed to delete this Git provider",
 					});
 				}
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "gitProvider",
-					resourceId: gitProvider.gitProviderId,
-					resourceName: gitProvider.name ?? gitProvider.gitProviderId,
-				});
 				return await removeGitProvider(input.gitProviderId);
 			} catch (error) {
 				const message =
--- a/apps/dokploy/server/api/routers/gitea.ts
+++ b/apps/dokploy/server/api/routers/gitea.ts
@@ -10,12 +10,7 @@ import {
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiCreateGitea,
 	apiFindGiteaBranches,
@@ -25,24 +20,15 @@ import {
 } from "@/server/db/schema";

 export const giteaRouter = createTRPCRouter({
-	create: withPermission("gitProviders", "create")
+	create: protectedProcedure
 		.input(apiCreateGitea)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				const result = await createGitea(
+				return await createGitea(
 					input,
 					ctx.session.activeOrganizationId,
 					ctx.session.userId,
 				);
-
-				await audit(ctx, {
-					action: "create",
-					resourceType: "gitProvider",
-					resourceId: result.giteaId,
-					resourceName: input.name,
-				});
-
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -52,11 +38,24 @@ export const giteaRouter = createTRPCRouter({
 			}
 		}),

-	one: protectedProcedure.input(apiFindOneGitea).query(async ({ input }) => {
-		return await findGiteaById(input.giteaId);
-	}),
+	one: protectedProcedure
+		.input(apiFindOneGitea)
+		.query(async ({ input, ctx }) => {
+			const giteaProvider = await findGiteaById(input.giteaId);
+			if (
+				giteaProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitea provider",
+				});
+			}
+			return giteaProvider;
+		}),

-	giteaProviders: protectedProcedure.query(async ({ ctx }) => {
+	giteaProviders: protectedProcedure.query(async ({ ctx }: { ctx: any }) => {
 		let result = await db.query.gitea.findMany({
 			with: {
 				gitProvider: true,
@@ -86,7 +85,7 @@ export const giteaRouter = createTRPCRouter({

 	getGiteaRepositories: protectedProcedure
 		.input(apiFindOneGitea)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
 			const { giteaId } = input;

 			if (!giteaId) {
@@ -96,6 +95,18 @@ export const giteaRouter = createTRPCRouter({
 				});
 			}

+			const giteaProvider = await findGiteaById(giteaId);
+			if (
+				giteaProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitea provider",
+				});
+			}
+
 			try {
 				const repositories = await getGiteaRepositories(giteaId);
 				return repositories;
@@ -110,7 +121,7 @@ export const giteaRouter = createTRPCRouter({

 	getGiteaBranches: protectedProcedure
 		.input(apiFindGiteaBranches)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
 			const { giteaId, owner, repositoryName } = input;

 			if (!giteaId || !owner || !repositoryName) {
@@ -121,6 +132,18 @@ export const giteaRouter = createTRPCRouter({
 				});
 			}

+			const giteaProvider = await findGiteaById(giteaId);
+			if (
+				giteaProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitea provider",
+				});
+			}
+
 			try {
 				return await getGiteaBranches({
 					giteaId,
@@ -138,10 +161,22 @@ export const giteaRouter = createTRPCRouter({

 	testConnection: protectedProcedure
 		.input(apiGiteaTestConnection)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			const giteaId = input.giteaId ?? "";

 			try {
+				const giteaProvider = await findGiteaById(giteaId);
+				if (
+					giteaProvider.gitProvider.organizationId !==
+						ctx.session.activeOrganizationId &&
+					giteaProvider.gitProvider.userId !== ctx.session.userId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not allowed to access this Gitea provider",
+					});
+				}
+
 				const result = await testGiteaConnection({
 					giteaId,
 				});
@@ -156,9 +191,21 @@ export const giteaRouter = createTRPCRouter({
 			}
 		}),

-	update: withPermission("gitProviders", "create")
+	update: protectedProcedure
 		.input(apiUpdateGitea)
 		.mutation(async ({ input, ctx }) => {
+			const giteaProvider = await findGiteaById(input.giteaId);
+			if (
+				giteaProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitea provider",
+				});
+			}
+
 			if (input.name) {
 				await updateGitProvider(input.gitProviderId, {
 					name: input.name,
@@ -174,19 +221,12 @@ export const giteaRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "gitProvider",
-				resourceId: input.giteaId,
-				resourceName: input.name,
-			});
-
 			return { success: true };
 		}),

 	getGiteaUrl: protectedProcedure
 		.input(apiFindOneGitea)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
 			const { giteaId } = input;

 			if (!giteaId) {
@@ -197,6 +237,16 @@ export const giteaRouter = createTRPCRouter({
 			}

 			const giteaProvider = await findGiteaById(giteaId);
+			if (
+				giteaProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitea provider",
+				});
+			}

 			// Return the base URL of the Gitea instance
 			return giteaProvider.giteaUrl;
--- a/apps/dokploy/server/api/routers/github.ts
+++ b/apps/dokploy/server/api/routers/github.ts
@@ -8,12 +8,7 @@ import {
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiFindGithubBranches,
 	apiFindOneGithub,
@@ -21,17 +16,53 @@ import {
 } from "@/server/db/schema";

 export const githubRouter = createTRPCRouter({
-	one: protectedProcedure.input(apiFindOneGithub).query(async ({ input }) => {
-		return await findGithubById(input.githubId);
-	}),
+	one: protectedProcedure
+		.input(apiFindOneGithub)
+		.query(async ({ input, ctx }) => {
+			const githubProvider = await findGithubById(input.githubId);
+			if (
+				githubProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this github provider",
+				});
+			}
+			return githubProvider;
+		}),
 	getGithubRepositories: protectedProcedure
 		.input(apiFindOneGithub)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const githubProvider = await findGithubById(input.githubId);
+			if (
+				githubProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this github provider",
+				});
+			}
 			return await getGithubRepositories(input.githubId);
 		}),
 	getGithubBranches: protectedProcedure
 		.input(apiFindGithubBranches)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const githubProvider = await findGithubById(input.githubId || "");
+			if (
+				githubProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
+			) {
+				//TODO: Remove this line when the cloud version is ready
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this github provider",
+				});
+			}
 			return await getGithubBranches(input);
 		}),
 	githubProviders: protectedProcedure.query(async ({ ctx }) => {
@@ -64,8 +95,19 @@ export const githubRouter = createTRPCRouter({

 	testConnection: protectedProcedure
 		.input(apiFindOneGithub)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			try {
+				const githubProvider = await findGithubById(input.githubId);
+				if (
+					githubProvider.gitProvider.organizationId !==
+						ctx.session.activeOrganizationId &&
+					githubProvider.gitProvider.userId === ctx.session.userId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not allowed to access this github provider",
+					});
+				}
 				const result = await getGithubRepositories(input.githubId);
 				return `Found ${result.length} repositories`;
 			} catch (err) {
@@ -75,9 +117,20 @@ export const githubRouter = createTRPCRouter({
 				});
 			}
 		}),
-	update: withPermission("gitProviders", "create")
+	update: protectedProcedure
 		.input(apiUpdateGithub)
 		.mutation(async ({ input, ctx }) => {
+			const githubProvider = await findGithubById(input.githubId);
+			if (
+				githubProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this github provider",
+				});
+			}
 			await updateGitProvider(input.gitProviderId, {
 				name: input.name,
 				organizationId: ctx.session.activeOrganizationId,
@@ -86,12 +139,5 @@ export const githubRouter = createTRPCRouter({
 			await updateGithub(input.githubId, {
 				...input,
 			});
-
-			await audit(ctx, {
-				action: "update",
-				resourceType: "gitProvider",
-				resourceId: input.gitProviderId,
-				resourceName: input.name,
-			});
 		}),
 });
--- a/apps/dokploy/server/api/routers/gitlab.ts
+++ b/apps/dokploy/server/api/routers/gitlab.ts
@@ -10,12 +10,7 @@ import {
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
-import {
-	createTRPCRouter,
-	protectedProcedure,
-	withPermission,
-} from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiCreateGitlab,
 	apiFindGitlabBranches,
@@ -25,23 +20,15 @@ import {
 } from "@/server/db/schema";

 export const gitlabRouter = createTRPCRouter({
-	create: withPermission("gitProviders", "create")
+	create: protectedProcedure
 		.input(apiCreateGitlab)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				const result = await createGitlab(
+				return await createGitlab(
 					input,
 					ctx.session.activeOrganizationId,
 					ctx.session.userId,
 				);
-
-				await audit(ctx, {
-					action: "create",
-					resourceType: "gitProvider",
-					resourceName: input.name,
-				});
-
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -50,9 +37,22 @@ export const gitlabRouter = createTRPCRouter({
 				});
 			}
 		}),
-	one: protectedProcedure.input(apiFindOneGitlab).query(async ({ input }) => {
-		return await findGitlabById(input.gitlabId);
-	}),
+	one: protectedProcedure
+		.input(apiFindOneGitlab)
+		.query(async ({ input, ctx }) => {
+			const gitlabProvider = await findGitlabById(input.gitlabId);
+			if (
+				gitlabProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitlab provider",
+				});
+			}
+			return gitlabProvider;
+		}),
 	gitlabProviders: protectedProcedure.query(async ({ ctx }) => {
 		let result = await db.query.gitlab.findMany({
 			with: {
@@ -83,19 +83,52 @@ export const gitlabRouter = createTRPCRouter({
 	}),
 	getGitlabRepositories: protectedProcedure
 		.input(apiFindOneGitlab)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const gitlabProvider = await findGitlabById(input.gitlabId);
+			if (
+				gitlabProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitlab provider",
+				});
+			}
 			return await getGitlabRepositories(input.gitlabId);
 		}),

 	getGitlabBranches: protectedProcedure
 		.input(apiFindGitlabBranches)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			const gitlabProvider = await findGitlabById(input.gitlabId || "");
+			if (
+				gitlabProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitlab provider",
+				});
+			}
 			return await getGitlabBranches(input);
 		}),
 	testConnection: protectedProcedure
 		.input(apiGitlabTestConnection)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			try {
+				const gitlabProvider = await findGitlabById(input.gitlabId || "");
+				if (
+					gitlabProvider.gitProvider.organizationId !==
+						ctx.session.activeOrganizationId &&
+					gitlabProvider.gitProvider.userId !== ctx.session.userId
+				) {
+					throw new TRPCError({
+						code: "UNAUTHORIZED",
+						message: "You are not allowed to access this Gitlab provider",
+					});
+				}
 				const result = await testGitlabConnection(input);

 				return `Found ${result} repositories`;
@@ -106,9 +139,20 @@ export const gitlabRouter = createTRPCRouter({
 				});
 			}
 		}),
-	update: withPermission("gitProviders", "create")
+	update: protectedProcedure
 		.input(apiUpdateGitlab)
 		.mutation(async ({ input, ctx }) => {
+			const gitlabProvider = await findGitlabById(input.gitlabId);
+			if (
+				gitlabProvider.gitProvider.organizationId !==
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not allowed to access this Gitlab provider",
+				});
+			}
 			if (input.name) {
 				await updateGitProvider(input.gitProviderId, {
 					name: input.name,
@@ -123,12 +167,5 @@ export const gitlabRouter = createTRPCRouter({
 					...input,
 				});
 			}
-
-			await audit(ctx, {
-				action: "update",
-				resourceType: "gitProvider",
-				resourceId: input.gitProviderId,
-				resourceName: input.name,
-			});
 		}),
 });
--- a/apps/dokploy/server/api/routers/mariadb.ts
+++ b/apps/dokploy/server/api/routers/mariadb.ts
@@ -1,11 +1,14 @@
 import {
+	addNewService,
 	checkPortInUse,
+	checkServiceAccess,
 	createMariadb,
 	createMount,
 	deployMariadb,
 	findBackupsByDbId,
 	findEnvironmentById,
 	findMariadbById,
+	findMemberById,
 	findProjectById,
 	IS_CLOUD,
 	rebuildDatabase,
@@ -18,18 +21,11 @@ import {
 	updateMariadbById,
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
-import {
-	addNewService,
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { TRPCError } from "@trpc/server";
 import { observable } from "@trpc/server/observable";
 import { and, desc, eq, ilike, or, sql } from "drizzle-orm";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
 import {
 	apiChangeMariaDBStatus,
 	apiCreateMariaDB,
@@ -40,20 +36,27 @@ import {
 	apiSaveEnvironmentVariablesMariaDB,
 	apiSaveExternalPortMariaDB,
 	apiUpdateMariaDB,
-	environments,
 	mariadb as mariadbTable,
-	projects,
 } from "@/server/db/schema";
+import { environments, projects } from "@/server/db/schema";
 import { cancelJobs } from "@/server/utils/backup";
 export const mariadbRouter = createTRPCRouter({
 	create: protectedProcedure
 		.input(apiCreateMariaDB)
 		.mutation(async ({ input, ctx }) => {
 			try {
+				// Get project from environment
 				const environment = await findEnvironmentById(input.environmentId);
 				const project = await findProjectById(environment.projectId);

-				await checkServiceAccess(ctx, project.projectId, "create");
+				if (ctx.user.role === "member") {
+					await checkServiceAccess(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+						"create",
+					);
+				}

 				if (IS_CLOUD && !input.serverId) {
 					throw new TRPCError({
@@ -71,7 +74,13 @@ export const mariadbRouter = createTRPCRouter({
 				const newMariadb = await createMariadb({
 					...input,
 				});
-				await addNewService(ctx, newMariadb.mariadbId);
+				if (ctx.user.role === "member") {
+					await addNewService(
+						ctx.user.id,
+						newMariadb.mariadbId,
+						project.organizationId,
+					);
+				}

 				await createMount({
 					serviceId: newMariadb.mariadbId,
@@ -81,12 +90,6 @@ export const mariadbRouter = createTRPCRouter({
 					type: "volume",
 				});

-				await audit(ctx, {
-					action: "create",
-					resourceType: "service",
-					resourceId: newMariadb.mariadbId,
-					resourceName: newMariadb.appName,
-				});
 				return newMariadb;
 			} catch (error) {
 				if (error instanceof TRPCError) {
@@ -98,7 +101,14 @@ export const mariadbRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindOneMariaDB)
 		.query(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mariadbId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mariadbId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}
 			const mariadb = await findMariadbById(input.mariadbId);
 			if (
 				mariadb.environment.project.organizationId !==
@@ -115,10 +125,16 @@ export const mariadbRouter = createTRPCRouter({
 	start: protectedProcedure
 		.input(apiFindOneMariaDB)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
 			const service = await findMariadbById(input.mariadbId);
+			if (
+				service.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to start this Mariadb",
+				});
+			}
 			if (service.serverId) {
 				await startServiceRemote(service.serverId, service.appName);
 			} else {
@@ -128,20 +144,11 @@ export const mariadbRouter = createTRPCRouter({
 				applicationStatus: "done",
 			});

-			await audit(ctx, {
-				action: "start",
-				resourceType: "service",
-				resourceId: service.mariadbId,
-				resourceName: service.appName,
-			});
 			return service;
 		}),
 	stop: protectedProcedure
 		.input(apiFindOneMariaDB)
-		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
+		.mutation(async ({ input }) => {
 			const mariadb = await findMariadbById(input.mariadbId);

 			if (mariadb.serverId) {
@@ -153,21 +160,21 @@ export const mariadbRouter = createTRPCRouter({
 				applicationStatus: "idle",
 			});

-			await audit(ctx, {
-				action: "stop",
-				resourceType: "service",
-				resourceId: mariadb.mariadbId,
-				resourceName: mariadb.appName,
-			});
 			return mariadb;
 		}),
 	saveExternalPort: protectedProcedure
 		.input(apiSaveExternalPortMariaDB)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				service: ["create"],
-			});
 			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this external port",
+				});
+			}

 			if (input.externalPort) {
 				const portCheck = await checkPortInUse(
@@ -186,28 +193,22 @@ export const mariadbRouter = createTRPCRouter({
 				externalPort: input.externalPort,
 			});
 			await deployMariadb(input.mariadbId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mariadb.mariadbId,
-				resourceName: mariadb.appName,
-			});
 			return mariadb;
 		}),
 	deploy: protectedProcedure
 		.input(apiDeployMariaDB)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
 			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this Mariadb",
+				});
+			}

-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "service",
-				resourceId: mariadb.mariadbId,
-				resourceName: mariadb.appName,
-			});
 			return deployMariadb(input.mariadbId);
 		}),
 	deployWithLogs: protectedProcedure
@@ -221,9 +222,16 @@ export const mariadbRouter = createTRPCRouter({
 		})
 		.input(apiDeployMariaDB)
 		.subscription(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
+			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this Mariadb",
+				});
+			}

 			return observable<string>((emit) => {
 				deployMariadb(input.mariadbId, (log) => {
@@ -234,25 +242,32 @@ export const mariadbRouter = createTRPCRouter({
 	changeStatus: protectedProcedure
 		.input(apiChangeMariaDBStatus)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMariadbById(input.mariadbId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to change this Mariadb status",
+				});
+			}
 			await updateMariadbById(input.mariadbId, {
 				applicationStatus: input.applicationStatus,
 			});
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mongo.mariadbId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	remove: protectedProcedure
 		.input(apiFindOneMariaDB)
 		.mutation(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mariadbId, "delete");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mariadbId,
+					ctx.session.activeOrganizationId,
+					"delete",
+				);
+			}

 			const mongo = await findMariadbById(input.mariadbId);
 			if (
@@ -265,12 +280,6 @@ export const mariadbRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "delete",
-				resourceType: "service",
-				resourceId: mongo.mariadbId,
-				resourceName: mongo.appName,
-			});
 			const backups = await findBackupsByDbId(input.mariadbId, "mariadb");
 			const cleanupOperations = [
 				async () => await removeService(mongo?.appName, mongo.serverId),
@@ -289,9 +298,16 @@ export const mariadbRouter = createTRPCRouter({
 	saveEnvironment: protectedProcedure
 		.input(apiSaveEnvironmentVariablesMariaDB)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				envVars: ["write"],
-			});
+			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this environment",
+				});
+			}
 			const service = await updateMariadbById(input.mariadbId, {
 				env: input.env,
 			});
@@ -303,20 +319,21 @@ export const mariadbRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: input.mariadbId,
-			});
 			return true;
 		}),
 	reload: protectedProcedure
 		.input(apiResetMariadb)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
 			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to reload this Mariadb",
+				});
+			}
 			if (mariadb.serverId) {
 				await stopServiceRemote(mariadb.serverId, mariadb.appName);
 			} else {
@@ -334,21 +351,22 @@ export const mariadbRouter = createTRPCRouter({
 			await updateMariadbById(input.mariadbId, {
 				applicationStatus: "done",
 			});
-			await audit(ctx, {
-				action: "reload",
-				resourceType: "service",
-				resourceId: mariadb.mariadbId,
-				resourceName: mariadb.appName,
-			});
 			return true;
 		}),
 	update: protectedProcedure
 		.input(apiUpdateMariaDB)
 		.mutation(async ({ input, ctx }) => {
 			const { mariadbId, ...rest } = input;
-			await checkServicePermissionAndAccess(ctx, mariadbId, {
-				service: ["create"],
-			});
+			const mariadb = await findMariadbById(mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this Mariadb",
+				});
+			}
 			const service = await updateMariadbById(mariadbId, {
 				...rest,
 			});
@@ -360,12 +378,6 @@ export const mariadbRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mariadbId,
-				resourceName: service.appName,
-			});
 			return true;
 		}),
 	move: protectedProcedure
@@ -376,10 +388,31 @@ export const mariadbRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				service: ["create"],
-			});
+			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move this mariadb",
+				});
+			}

+			const targetEnvironment = await findEnvironmentById(
+				input.targetEnvironmentId,
+			);
+			if (
+				targetEnvironment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move to this environment",
+				});
+			}
+
+			// Update the mariadb's projectId
 			const updatedMariadb = await db
 				.update(mariadbTable)
 				.set({
@@ -396,27 +429,23 @@ export const mariadbRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "move",
-				resourceType: "service",
-				resourceId: updatedMariadb.mariadbId,
-				resourceName: updatedMariadb.appName,
-			});
 			return updatedMariadb;
 		}),
 	rebuild: protectedProcedure
 		.input(apiRebuildMariadb)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mariadbId, {
-				deployment: ["create"],
-			});
+			const mariadb = await findMariadbById(input.mariadbId);
+			if (
+				mariadb.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to rebuild this MariaDB database",
+				});
+			}

-			await rebuildDatabase(input.mariadbId, "mariadb");
-			await audit(ctx, {
-				action: "rebuild",
-				resourceType: "service",
-				resourceId: input.mariadbId,
-			});
+			await rebuildDatabase(mariadb.mariadbId, "mariadb");
 			return true;
 		}),
 	search: protectedProcedure
@@ -470,18 +499,19 @@ export const mariadbRouter = createTRPCRouter({
 					),
 				);
 			}
-			const { accessedServices } = await findMemberByUserId(
-				ctx.user.id,
-				ctx.session.activeOrganizationId,
-			);
-			if (accessedServices.length === 0) return { items: [], total: 0 };
-			baseConditions.push(
-				sql`${mariadbTable.mariadbId} IN (${sql.join(
-					accessedServices.map((id) => sql`${id}`),
-					sql`, `,
-				)})`,
-			);
-
+			if (ctx.user.role === "member") {
+				const { accessedServices } = await findMemberById(
+					ctx.user.id,
+					ctx.session.activeOrganizationId,
+				);
+				if (accessedServices.length === 0) return { items: [], total: 0 };
+				baseConditions.push(
+					sql`${mariadbTable.mariadbId} IN (${sql.join(
+						accessedServices.map((id) => sql`${id}`),
+						sql`, `,
+					)})`,
+				);
+			}
 			const where = and(...baseConditions);
 			const [items, countResult] = await Promise.all([
 				db
--- a/apps/dokploy/server/api/routers/mongo.ts
+++ b/apps/dokploy/server/api/routers/mongo.ts
@@ -1,10 +1,13 @@
 import {
+	addNewService,
 	checkPortInUse,
+	checkServiceAccess,
 	createMongo,
 	createMount,
 	deployMongo,
 	findBackupsByDbId,
 	findEnvironmentById,
+	findMemberById,
 	findMongoById,
 	findProjectById,
 	IS_CLOUD,
@@ -17,17 +20,10 @@ import {
 	stopServiceRemote,
 	updateMongoById,
 } from "@dokploy/server";
-import {
-	addNewService,
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq, ilike, or, sql } from "drizzle-orm";
 import { z } from "zod";
-import { audit } from "@/server/api/utils/audit";
 import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiChangeMongoStatus,
@@ -48,10 +44,18 @@ export const mongoRouter = createTRPCRouter({
 		.input(apiCreateMongo)
 		.mutation(async ({ input, ctx }) => {
 			try {
+				// Get project from environment
 				const environment = await findEnvironmentById(input.environmentId);
 				const project = await findProjectById(environment.projectId);

-				await checkServiceAccess(ctx, project.projectId, "create");
+				if (ctx.user.role === "member") {
+					await checkServiceAccess(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+						"create",
+					);
+				}

 				if (IS_CLOUD && !input.serverId) {
 					throw new TRPCError({
@@ -69,7 +73,13 @@ export const mongoRouter = createTRPCRouter({
 				const newMongo = await createMongo({
 					...input,
 				});
-				await addNewService(ctx, newMongo.mongoId);
+				if (ctx.user.role === "member") {
+					await addNewService(
+						ctx.user.id,
+						newMongo.mongoId,
+						project.organizationId,
+					);
+				}

 				await createMount({
 					serviceId: newMongo.mongoId,
@@ -79,12 +89,6 @@ export const mongoRouter = createTRPCRouter({
 					type: "volume",
 				});

-				await audit(ctx, {
-					action: "create",
-					resourceType: "service",
-					resourceId: newMongo.mongoId,
-					resourceName: newMongo.appName,
-				});
 				return newMongo;
 			} catch (error) {
 				if (error instanceof TRPCError) {
@@ -100,7 +104,14 @@ export const mongoRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindOneMongo)
 		.query(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mongoId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mongoId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}

 			const mongo = await findMongoById(input.mongoId);
 			if (
@@ -118,11 +129,18 @@ export const mongoRouter = createTRPCRouter({
 	start: protectedProcedure
 		.input(apiFindOneMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
 			const service = await findMongoById(input.mongoId);

+			if (
+				service.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to start this mongo",
+				});
+			}
+
 			if (service.serverId) {
 				await startServiceRemote(service.serverId, service.appName);
 			} else {
@@ -132,22 +150,23 @@ export const mongoRouter = createTRPCRouter({
 				applicationStatus: "done",
 			});

-			await audit(ctx, {
-				action: "start",
-				resourceType: "service",
-				resourceId: service.mongoId,
-				resourceName: service.appName,
-			});
 			return service;
 		}),
 	stop: protectedProcedure
 		.input(apiFindOneMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMongoById(input.mongoId);

+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to stop this mongo",
+				});
+			}
+
 			if (mongo.serverId) {
 				await stopServiceRemote(mongo.serverId, mongo.appName);
 			} else {
@@ -157,21 +176,21 @@ export const mongoRouter = createTRPCRouter({
 				applicationStatus: "idle",
 			});

-			await audit(ctx, {
-				action: "stop",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	saveExternalPort: protectedProcedure
 		.input(apiSaveExternalPortMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				service: ["create"],
-			});
 			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this external port",
+				});
+			}

 			if (input.externalPort) {
 				const portCheck = await checkPortInUse(
@@ -190,27 +209,21 @@ export const mongoRouter = createTRPCRouter({
 				externalPort: input.externalPort,
 			});
 			await deployMongo(input.mongoId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	deploy: protectedProcedure
 		.input(apiDeployMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMongoById(input.mongoId);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this mongo",
+				});
+			}
 			return deployMongo(input.mongoId);
 		}),
 	deployWithLogs: protectedProcedure
@@ -224,9 +237,16 @@ export const mongoRouter = createTRPCRouter({
 		})
 		.input(apiDeployMongo)
 		.subscription(async function* ({ input, ctx, signal }) {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
+			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this mongo",
+				});
+			}
 			const queue: string[] = [];
 			const done = false;

@@ -250,28 +270,34 @@ export const mongoRouter = createTRPCRouter({
 	changeStatus: protectedProcedure
 		.input(apiChangeMongoStatus)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to change this mongo status",
+				});
+			}
 			await updateMongoById(input.mongoId, {
 				applicationStatus: input.applicationStatus,
 			});
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	reload: protectedProcedure
 		.input(apiResetMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to reload this mongo",
+				});
+			}
 			if (mongo.serverId) {
 				await stopServiceRemote(mongo.serverId, mongo.appName);
 			} else {
@@ -289,18 +315,19 @@ export const mongoRouter = createTRPCRouter({
 			await updateMongoById(input.mongoId, {
 				applicationStatus: "done",
 			});
-			await audit(ctx, {
-				action: "reload",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
 			return true;
 		}),
 	remove: protectedProcedure
 		.input(apiFindOneMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mongoId, "delete");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mongoId,
+					ctx.session.activeOrganizationId,
+					"delete",
+				);
+			}

 			const mongo = await findMongoById(input.mongoId);

@@ -313,12 +340,6 @@ export const mongoRouter = createTRPCRouter({
 					message: "You are not authorized to delete this mongo",
 				});
 			}
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "service",
-				resourceId: mongo.mongoId,
-				resourceName: mongo.appName,
-			});
 			const backups = await findBackupsByDbId(input.mongoId, "mongo");

 			const cleanupOperations = [
@@ -338,9 +359,16 @@ export const mongoRouter = createTRPCRouter({
 	saveEnvironment: protectedProcedure
 		.input(apiSaveEnvironmentVariablesMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				envVars: ["write"],
-			});
+			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this environment",
+				});
+			}
 			const service = await updateMongoById(input.mongoId, {
 				env: input.env,
 			});
@@ -352,20 +380,22 @@ export const mongoRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: input.mongoId,
-			});
 			return true;
 		}),
 	update: protectedProcedure
 		.input(apiUpdateMongo)
 		.mutation(async ({ input, ctx }) => {
 			const { mongoId, ...rest } = input;
-			await checkServicePermissionAndAccess(ctx, mongoId, {
-				service: ["create"],
-			});
+			const mongo = await findMongoById(mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this mongo",
+				});
+			}
 			const service = await updateMongoById(mongoId, {
 				...rest,
 			});
@@ -377,12 +407,6 @@ export const mongoRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mongoId,
-				resourceName: service.appName,
-			});
 			return true;
 		}),
 	move: protectedProcedure
@@ -393,10 +417,31 @@ export const mongoRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				service: ["create"],
-			});
+			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move this mongo",
+				});
+			}

+			const targetEnvironment = await findEnvironmentById(
+				input.targetEnvironmentId,
+			);
+			if (
+				targetEnvironment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move to this environment",
+				});
+			}
+
+			// Update the mongo's projectId
 			const updatedMongo = await db
 				.update(mongoTable)
 				.set({
@@ -413,28 +458,24 @@ export const mongoRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "move",
-				resourceType: "service",
-				resourceId: updatedMongo.mongoId,
-				resourceName: updatedMongo.appName,
-			});
 			return updatedMongo;
 		}),
 	rebuild: protectedProcedure
 		.input(apiRebuildMongo)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mongoId, {
-				deployment: ["create"],
-			});
+			const mongo = await findMongoById(input.mongoId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to rebuild this MongoDB database",
+				});
+			}

-			await rebuildDatabase(input.mongoId, "mongo");
+			await rebuildDatabase(mongo.mongoId, "mongo");

-			await audit(ctx, {
-				action: "rebuild",
-				resourceType: "service",
-				resourceId: input.mongoId,
-			});
 			return true;
 		}),
 	search: protectedProcedure
@@ -483,18 +524,19 @@ export const mongoRouter = createTRPCRouter({
 					ilike(mongoTable.description ?? "", `%${input.description.trim()}%`),
 				);
 			}
-			const { accessedServices } = await findMemberByUserId(
-				ctx.user.id,
-				ctx.session.activeOrganizationId,
-			);
-			if (accessedServices.length === 0) return { items: [], total: 0 };
-			baseConditions.push(
-				sql`${mongoTable.mongoId} IN (${sql.join(
-					accessedServices.map((id) => sql`${id}`),
-					sql`, `,
-				)})`,
-			);
-
+			if (ctx.user.role === "member") {
+				const { accessedServices } = await findMemberById(
+					ctx.user.id,
+					ctx.session.activeOrganizationId,
+				);
+				if (accessedServices.length === 0) return { items: [], total: 0 };
+				baseConditions.push(
+					sql`${mongoTable.mongoId} IN (${sql.join(
+						accessedServices.map((id) => sql`${id}`),
+						sql`, `,
+					)})`,
+				);
+			}
 			const where = and(...baseConditions);
 			const [items, countResult] = await Promise.all([
 				db
--- a/apps/dokploy/server/api/routers/mount.ts
+++ b/apps/dokploy/server/api/routers/mount.ts
@@ -1,4 +1,5 @@
 import {
+	checkServiceAccess,
 	createMount,
 	deleteMount,
 	findApplicationById,
@@ -6,6 +7,7 @@ import {
 	findMariadbById,
 	findMongoById,
 	findMountById,
+	findMountOrganizationId,
 	findMountsByApplicationId,
 	findMySqlById,
 	findPostgresById,
@@ -13,10 +15,6 @@ import {
 	getServiceContainer,
 	updateMount,
 } from "@dokploy/server";
-import {
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-} from "@dokploy/server/services/permission";
 import type { ServiceType } from "@dokploy/server/db/schema/mount";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
@@ -28,7 +26,6 @@ import {
 	apiUpdateMount,
 } from "@/server/db/schema";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
-import { audit } from "@/server/api/utils/audit";

 async function getServiceOrganizationId(
 	serviceId: string,
@@ -71,94 +68,49 @@ async function getServiceOrganizationId(
 export const mountRouter = createTRPCRouter({
 	create: protectedProcedure
 		.input(apiCreateMount)
-		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.serviceId, {
-				volume: ["create"],
-			});
-			const mount = await createMount(input);
-			await audit(ctx, {
-				action: "create",
-				resourceType: "mount",
-				resourceId: mount.mountId,
-				resourceName: input.mountPath,
-			});
-			return mount;
+		.mutation(async ({ input }) => {
+			return await createMount(input);
 		}),
 	remove: protectedProcedure
 		.input(apiRemoveMount)
 		.mutation(async ({ input, ctx }) => {
-			const mount = await findMountById(input.mountId);
-			const serviceId =
-				mount.applicationId ||
-				mount.postgresId ||
-				mount.mariadbId ||
-				mount.mongoId ||
-				mount.mysqlId ||
-				mount.redisId ||
-				mount.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					volume: ["delete"],
+			const organizationId = await findMountOrganizationId(input.mountId);
+			if (organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to delete this mount",
 				});
 			}
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "mount",
-				resourceId: input.mountId,
-			});
 			return await deleteMount(input.mountId);
 		}),

 	one: protectedProcedure
 		.input(apiFindOneMount)
 		.query(async ({ input, ctx }) => {
-			const mount = await findMountById(input.mountId);
-			const serviceId =
-				mount.applicationId ||
-				mount.postgresId ||
-				mount.mariadbId ||
-				mount.mongoId ||
-				mount.mysqlId ||
-				mount.redisId ||
-				mount.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					volume: ["read"],
+			const organizationId = await findMountOrganizationId(input.mountId);
+			if (organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this mount",
 				});
 			}
-			return mount;
+			return await findMountById(input.mountId);
 		}),
 	update: protectedProcedure
 		.input(apiUpdateMount)
 		.mutation(async ({ input, ctx }) => {
-			const mount = await findMountById(input.mountId);
-			const serviceId =
-				mount.applicationId ||
-				mount.postgresId ||
-				mount.mariadbId ||
-				mount.mongoId ||
-				mount.mysqlId ||
-				mount.redisId ||
-				mount.composeId;
-			if (serviceId) {
-				await checkServicePermissionAndAccess(ctx, serviceId, {
-					volume: ["create"],
+			const organizationId = await findMountOrganizationId(input.mountId);
+			if (organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this mount",
 				});
 			}
-			await audit(ctx, {
-				action: "update",
-				resourceType: "mount",
-				resourceId: input.mountId,
-				resourceName: input.mountPath,
-			});
 			return await updateMount(input.mountId, input);
 		}),
 	allNamedByApplicationId: protectedProcedure
 		.input(z.object({ applicationId: z.string().min(1) }))
-		.query(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.applicationId, {
-				volume: ["read"],
-			});
+		.query(async ({ input }) => {
 			const app = await findApplicationById(input.applicationId);
 			const container = await getServiceContainer(app.appName, app.serverId);
 			const mounts = container?.Mounts.filter(
@@ -170,7 +122,14 @@ export const mountRouter = createTRPCRouter({
 		.input(apiFindMountByApplicationId)
 		.query(async ({ input, ctx }) => {
 			console.log("input", input);
-			await checkServiceAccess(ctx, input.serviceId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.serviceId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}
 			const organizationId = await getServiceOrganizationId(
 				input.serviceId,
 				input.serviceType,
--- a/apps/dokploy/server/api/routers/mysql.ts
+++ b/apps/dokploy/server/api/routers/mysql.ts
@@ -1,10 +1,13 @@
 import {
+	addNewService,
 	checkPortInUse,
+	checkServiceAccess,
 	createMount,
 	createMysql,
 	deployMySql,
 	findBackupsByDbId,
 	findEnvironmentById,
+	findMemberById,
 	findMySqlById,
 	findProjectById,
 	IS_CLOUD,
@@ -17,17 +20,10 @@ import {
 	stopServiceRemote,
 	updateMySqlById,
 } from "@dokploy/server";
-import {
-	addNewService,
-	checkServiceAccess,
-	checkServicePermissionAndAccess,
-	findMemberByUserId,
-} from "@dokploy/server/services/permission";
 import { db } from "@dokploy/server/db";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq, ilike, or, sql } from "drizzle-orm";
 import { z } from "zod";
-import { audit } from "@/server/api/utils/audit";
 import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
 import {
 	apiChangeMySqlStatus,
@@ -50,10 +46,18 @@ export const mysqlRouter = createTRPCRouter({
 		.input(apiCreateMySql)
 		.mutation(async ({ input, ctx }) => {
 			try {
+				// Get project from environment
 				const environment = await findEnvironmentById(input.environmentId);
 				const project = await findProjectById(environment.projectId);

-				await checkServiceAccess(ctx, project.projectId, "create");
+				if (ctx.user.role === "member") {
+					await checkServiceAccess(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+						"create",
+					);
+				}

 				if (IS_CLOUD && !input.serverId) {
 					throw new TRPCError({
@@ -72,7 +76,13 @@ export const mysqlRouter = createTRPCRouter({
 				const newMysql = await createMysql({
 					...input,
 				});
-				await addNewService(ctx, newMysql.mysqlId);
+				if (ctx.user.role === "member") {
+					await addNewService(
+						ctx.user.id,
+						newMysql.mysqlId,
+						project.organizationId,
+					);
+				}

 				await createMount({
 					serviceId: newMysql.mysqlId,
@@ -82,12 +92,6 @@ export const mysqlRouter = createTRPCRouter({
 					type: "volume",
 				});

-				await audit(ctx, {
-					action: "create",
-					resourceType: "service",
-					resourceId: newMysql.mysqlId,
-					resourceName: newMysql.appName,
-				});
 				return newMysql;
 			} catch (error) {
 				if (error instanceof TRPCError) {
@@ -103,7 +107,14 @@ export const mysqlRouter = createTRPCRouter({
 	one: protectedProcedure
 		.input(apiFindOneMySql)
 		.query(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mysqlId, "read");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mysqlId,
+					ctx.session.activeOrganizationId,
+					"access",
+				);
+			}
 			const mysql = await findMySqlById(input.mysqlId);
 			if (
 				mysql.environment.project.organizationId !==
@@ -120,10 +131,16 @@ export const mysqlRouter = createTRPCRouter({
 	start: protectedProcedure
 		.input(apiFindOneMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
 			const service = await findMySqlById(input.mysqlId);
+			if (
+				service.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to start this MySQL",
+				});
+			}

 			if (service.serverId) {
 				await startServiceRemote(service.serverId, service.appName);
@@ -134,21 +151,21 @@ export const mysqlRouter = createTRPCRouter({
 				applicationStatus: "done",
 			});

-			await audit(ctx, {
-				action: "start",
-				resourceType: "service",
-				resourceId: service.mysqlId,
-				resourceName: service.appName,
-			});
 			return service;
 		}),
 	stop: protectedProcedure
 		.input(apiFindOneMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMySqlById(input.mysqlId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to stop this MySQL",
+				});
+			}
 			if (mongo.serverId) {
 				await stopServiceRemote(mongo.serverId, mongo.appName);
 			} else {
@@ -158,21 +175,21 @@ export const mysqlRouter = createTRPCRouter({
 				applicationStatus: "idle",
 			});

-			await audit(ctx, {
-				action: "stop",
-				resourceType: "service",
-				resourceId: mongo.mysqlId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	saveExternalPort: protectedProcedure
 		.input(apiSaveExternalPortMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				service: ["create"],
-			});
 			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this external port",
+				});
+			}

 			if (input.externalPort) {
 				const portCheck = await checkPortInUse(
@@ -191,27 +208,21 @@ export const mysqlRouter = createTRPCRouter({
 				externalPort: input.externalPort,
 			});
 			await deployMySql(input.mysqlId);
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mysql.mysqlId,
-				resourceName: mysql.appName,
-			});
 			return mysql;
 		}),
 	deploy: protectedProcedure
 		.input(apiDeployMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
 			const mysql = await findMySqlById(input.mysqlId);
-			await audit(ctx, {
-				action: "deploy",
-				resourceType: "service",
-				resourceId: mysql.mysqlId,
-				resourceName: mysql.appName,
-			});
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this MySQL",
+				});
+			}
 			return deployMySql(input.mysqlId);
 		}),
 	deployWithLogs: protectedProcedure
@@ -225,9 +236,16 @@ export const mysqlRouter = createTRPCRouter({
 		})
 		.input(apiDeployMySql)
 		.subscription(async function* ({ input, ctx, signal }) {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
+			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to deploy this MySQL",
+				});
+			}

 			const queue: string[] = [];
 			const done = false;
@@ -251,28 +269,34 @@ export const mysqlRouter = createTRPCRouter({
 	changeStatus: protectedProcedure
 		.input(apiChangeMySqlStatus)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
 			const mongo = await findMySqlById(input.mysqlId);
+			if (
+				mongo.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to change this MySQL status",
+				});
+			}
 			await updateMySqlById(input.mysqlId, {
 				applicationStatus: input.applicationStatus,
 			});
-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mongo.mysqlId,
-				resourceName: mongo.appName,
-			});
 			return mongo;
 		}),
 	reload: protectedProcedure
 		.input(apiResetMysql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
 			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to reload this MySQL",
+				});
+			}
 			if (mysql.serverId) {
 				await stopServiceRemote(mysql.serverId, mysql.appName);
 			} else {
@@ -289,18 +313,19 @@ export const mysqlRouter = createTRPCRouter({
 			await updateMySqlById(input.mysqlId, {
 				applicationStatus: "done",
 			});
-			await audit(ctx, {
-				action: "reload",
-				resourceType: "service",
-				resourceId: mysql.mysqlId,
-				resourceName: mysql.appName,
-			});
 			return true;
 		}),
 	remove: protectedProcedure
 		.input(apiFindOneMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServiceAccess(ctx, input.mysqlId, "delete");
+			if (ctx.user.role === "member") {
+				await checkServiceAccess(
+					ctx.user.id,
+					input.mysqlId,
+					ctx.session.activeOrganizationId,
+					"delete",
+				);
+			}
 			const mongo = await findMySqlById(input.mysqlId);
 			if (
 				mongo.environment.project.organizationId !==
@@ -312,12 +337,6 @@ export const mysqlRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "delete",
-				resourceType: "service",
-				resourceId: mongo.mysqlId,
-				resourceName: mongo.appName,
-			});
 			const backups = await findBackupsByDbId(input.mysqlId, "mysql");
 			const cleanupOperations = [
 				async () => await removeService(mongo?.appName, mongo.serverId),
@@ -336,9 +355,16 @@ export const mysqlRouter = createTRPCRouter({
 	saveEnvironment: protectedProcedure
 		.input(apiSaveEnvironmentVariablesMySql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				envVars: ["write"],
-			});
+			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to save this environment",
+				});
+			}
 			const service = await updateMySqlById(input.mysqlId, {
 				env: input.env,
 			});
@@ -350,20 +376,22 @@ export const mysqlRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: input.mysqlId,
-			});
 			return true;
 		}),
 	update: protectedProcedure
 		.input(apiUpdateMySql)
 		.mutation(async ({ input, ctx }) => {
 			const { mysqlId, ...rest } = input;
-			await checkServicePermissionAndAccess(ctx, mysqlId, {
-				service: ["create"],
-			});
+			const mysql = await findMySqlById(mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to update this MySQL",
+				});
+			}
 			const service = await updateMySqlById(mysqlId, {
 				...rest,
 			});
@@ -375,12 +403,6 @@ export const mysqlRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "update",
-				resourceType: "service",
-				resourceId: mysqlId,
-				resourceName: service.appName,
-			});
 			return true;
 		}),
 	move: protectedProcedure
@@ -391,10 +413,31 @@ export const mysqlRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				service: ["create"],
-			});
+			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move this mysql",
+				});
+			}

+			const targetEnvironment = await findEnvironmentById(
+				input.targetEnvironmentId,
+			);
+			if (
+				targetEnvironment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to move to this environment",
+				});
+			}
+
+			// Update the mysql's projectId
 			const updatedMysql = await db
 				.update(mysqlTable)
 				.set({
@@ -411,28 +454,24 @@ export const mysqlRouter = createTRPCRouter({
 				});
 			}

-			await audit(ctx, {
-				action: "move",
-				resourceType: "service",
-				resourceId: updatedMysql.mysqlId,
-				resourceName: updatedMysql.appName,
-			});
 			return updatedMysql;
 		}),
 	rebuild: protectedProcedure
 		.input(apiRebuildMysql)
 		.mutation(async ({ input, ctx }) => {
-			await checkServicePermissionAndAccess(ctx, input.mysqlId, {
-				deployment: ["create"],
-			});
+			const mysql = await findMySqlById(input.mysqlId);
+			if (
+				mysql.environment.project.organizationId !==
+				ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to rebuild this MySQL database",
+				});
+			}

-			await rebuildDatabase(input.mysqlId, "mysql");
+			await rebuildDatabase(mysql.mysqlId, "mysql");

-			await audit(ctx, {
-				action: "rebuild",
-				resourceType: "service",
-				resourceId: input.mysqlId,
-			});
 			return true;
 		}),
 	search: protectedProcedure
@@ -481,18 +520,19 @@ export const mysqlRouter = createTRPCRouter({
 					ilike(mysqlTable.description ?? "", `%${input.description.trim()}%`),
 				);
 			}
-			const { accessedServices } = await findMemberByUserId(
-				ctx.user.id,
-				ctx.session.activeOrganizationId,
-			);
-			if (accessedServices.length === 0) return { items: [], total: 0 };
-			baseConditions.push(
-				sql`${mysqlTable.mysqlId} IN (${sql.join(
-					accessedServices.map((id) => sql`${id}`),
-					sql`, `,
-				)})`,
-			);
-
+			if (ctx.user.role === "member") {
+				const { accessedServices } = await findMemberById(
+					ctx.user.id,
+					ctx.session.activeOrganizationId,
+				);
+				if (accessedServices.length === 0) return { items: [], total: 0 };
+				baseConditions.push(
+					sql`${mysqlTable.mysqlId} IN (${sql.join(
+						accessedServices.map((id) => sql`${id}`),
+						sql`, `,
+					)})`,
+				);
+			}
 			const where = and(...baseConditions);
 			const [items, countResult] = await Promise.all([
 				db
--- a/apps/dokploy/server/api/routers/notification.ts
+++ b/apps/dokploy/server/api/routers/notification.ts
@@ -43,11 +43,11 @@ import { TRPCError } from "@trpc/server";
 import { desc, eq, sql } from "drizzle-orm";
 import { z } from "zod";
 import {
+	adminProcedure,
 	createTRPCRouter,
+	protectedProcedure,
 	publicProcedure,
-	withPermission,
 } from "@/server/api/trpc";
-import { audit } from "@/server/api/utils/audit";
 import {
 	apiCreateCustom,
 	apiCreateDiscord,
@@ -88,18 +88,15 @@ import {
 } from "@/server/db/schema";

 export const notificationRouter = createTRPCRouter({
-	createSlack: withPermission("notification", "create")
+	createSlack: adminProcedure
 		.input(apiCreateSlack)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createSlackNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createSlackNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
-				console.log(error);
 				throw new TRPCError({
 					code: "BAD_REQUEST",
 					message: "Error creating the notification",
@@ -107,7 +104,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateSlack: withPermission("notification", "update")
+	updateSlack: adminProcedure
 		.input(apiUpdateSlack)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -118,22 +115,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateSlackNotification({
+				return await updateSlackNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testSlackConnection: withPermission("notification", "create")
+	testSlackConnection: adminProcedure
 		.input(apiTestSlackConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -150,19 +140,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createTelegram: withPermission("notification", "create")
+	createTelegram: adminProcedure
 		.input(apiCreateTelegram)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createTelegramNotification(
+				return await createTelegramNotification(
 					input,
 					ctx.session.activeOrganizationId,
 				);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -172,7 +157,7 @@ export const notificationRouter = createTRPCRouter({
 			}
 		}),

-	updateTelegram: withPermission("notification", "update")
+	updateTelegram: adminProcedure
 		.input(apiUpdateTelegram)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -183,17 +168,10 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateTelegramNotification({
+				return await updateTelegramNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -202,7 +180,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	testTelegramConnection: withPermission("notification", "create")
+	testTelegramConnection: adminProcedure
 		.input(apiTestTelegramConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -216,19 +194,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createDiscord: withPermission("notification", "create")
+	createDiscord: adminProcedure
 		.input(apiCreateDiscord)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createDiscordNotification(
+				return await createDiscordNotification(
 					input,
 					ctx.session.activeOrganizationId,
 				);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -238,7 +211,7 @@ export const notificationRouter = createTRPCRouter({
 			}
 		}),

-	updateDiscord: withPermission("notification", "update")
+	updateDiscord: adminProcedure
 		.input(apiUpdateDiscord)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -249,17 +222,10 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateDiscordNotification({
+				return await updateDiscordNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -269,7 +235,7 @@ export const notificationRouter = createTRPCRouter({
 			}
 		}),

-	testDiscordConnection: withPermission("notification", "create")
+	testDiscordConnection: adminProcedure
 		.input(apiTestDiscordConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -291,16 +257,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createEmail: withPermission("notification", "create")
+	createEmail: adminProcedure
 		.input(apiCreateEmail)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createEmailNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createEmailNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -309,7 +273,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateEmail: withPermission("notification", "update")
+	updateEmail: adminProcedure
 		.input(apiUpdateEmail)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -320,17 +284,10 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateEmailNotification({
+				return await updateEmailNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -339,7 +296,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	testEmailConnection: withPermission("notification", "create")
+	testEmailConnection: adminProcedure
 		.input(apiTestEmailConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -357,16 +314,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createResend: withPermission("notification", "create")
+	createResend: adminProcedure
 		.input(apiCreateResend)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createResendNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createResendNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -375,7 +330,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateResend: withPermission("notification", "update")
+	updateResend: adminProcedure
 		.input(apiUpdateResend)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -386,17 +341,10 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateResendNotification({
+				return await updateResendNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -405,7 +353,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	testResendConnection: withPermission("notification", "create")
+	testResendConnection: adminProcedure
 		.input(apiTestResendConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -423,7 +371,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	remove: withPermission("notification", "delete")
+	remove: adminProcedure
 		.input(apiFindOneNotification)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -434,11 +382,6 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to delete this notification",
 					});
 				}
-				await audit(ctx, {
-					action: "delete",
-					resourceType: "notification",
-					resourceName: notification.name,
-				});
 				return await removeNotificationById(input.notificationId);
 			} catch (error) {
 				const message =
@@ -451,7 +394,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	one: withPermission("notification", "read")
+	one: protectedProcedure
 		.input(apiFindOneNotification)
 		.query(async ({ input, ctx }) => {
 			const notification = await findNotificationById(input.notificationId);
@@ -463,7 +406,7 @@ export const notificationRouter = createTRPCRouter({
 			}
 			return notification;
 		}),
-	all: withPermission("notification", "read").query(async ({ ctx }) => {
+	all: adminProcedure.query(async ({ ctx }) => {
 		return await db.query.notifications.findMany({
 			with: {
 				slack: true,
@@ -510,6 +453,8 @@ export const notificationRouter = createTRPCRouter({
 						});
 					}

+					// For Dokploy server type, we don't have a specific organizationId
+					// This might need to be adjusted based on your business logic
 					organizationId = "";
 					ServerName = "Dokploy";
 				} else {
@@ -543,16 +488,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createGotify: withPermission("notification", "create")
+	createGotify: adminProcedure
 		.input(apiCreateGotify)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createGotifyNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createGotifyNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -561,7 +504,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateGotify: withPermission("notification", "update")
+	updateGotify: adminProcedure
 		.input(apiUpdateGotify)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -575,22 +518,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateGotifyNotification({
+				return await updateGotifyNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testGotifyConnection: withPermission("notification", "create")
+	testGotifyConnection: adminProcedure
 		.input(apiTestGotifyConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -608,16 +544,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createNtfy: withPermission("notification", "create")
+	createNtfy: adminProcedure
 		.input(apiCreateNtfy)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createNtfyNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createNtfyNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -626,7 +560,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateNtfy: withPermission("notification", "update")
+	updateNtfy: adminProcedure
 		.input(apiUpdateNtfy)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -640,22 +574,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateNtfyNotification({
+				return await updateNtfyNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testNtfyConnection: withPermission("notification", "create")
+	testNtfyConnection: adminProcedure
 		.input(apiTestNtfyConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -675,16 +602,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createCustom: withPermission("notification", "create")
+	createCustom: adminProcedure
 		.input(apiCreateCustom)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createCustomNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createCustomNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -693,7 +618,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateCustom: withPermission("notification", "update")
+	updateCustom: adminProcedure
 		.input(apiUpdateCustom)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -704,22 +629,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateCustomNotification({
+				return await updateCustomNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testCustomConnection: withPermission("notification", "create")
+	testCustomConnection: adminProcedure
 		.input(apiTestCustomConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -737,16 +655,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createLark: withPermission("notification", "create")
+	createLark: adminProcedure
 		.input(apiCreateLark)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createLarkNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createLarkNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -755,7 +671,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateLark: withPermission("notification", "update")
+	updateLark: adminProcedure
 		.input(apiUpdateLark)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -769,22 +685,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateLarkNotification({
+				return await updateLarkNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testLarkConnection: withPermission("notification", "create")
+	testLarkConnection: adminProcedure
 		.input(apiTestLarkConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -803,16 +712,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createTeams: withPermission("notification", "create")
+	createTeams: adminProcedure
 		.input(apiCreateTeams)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createTeamsNotification(input, ctx.session.activeOrganizationId);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
+				return await createTeamsNotification(
+					input,
+					ctx.session.activeOrganizationId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -821,7 +728,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updateTeams: withPermission("notification", "update")
+	updateTeams: adminProcedure
 		.input(apiUpdateTeams)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -835,22 +742,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updateTeamsNotification({
+				return await updateTeamsNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testTeamsConnection: withPermission("notification", "create")
+	testTeamsConnection: adminProcedure
 		.input(apiTestTeamsConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -867,19 +767,14 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	createPushover: withPermission("notification", "create")
+	createPushover: adminProcedure
 		.input(apiCreatePushover)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				await createPushoverNotification(
+				return await createPushoverNotification(
 					input,
 					ctx.session.activeOrganizationId,
 				);
-				await audit(ctx, {
-					action: "create",
-					resourceType: "notification",
-					resourceName: input.name,
-				});
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -888,7 +783,7 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	updatePushover: withPermission("notification", "update")
+	updatePushover: adminProcedure
 		.input(apiUpdatePushover)
 		.mutation(async ({ input, ctx }) => {
 			try {
@@ -902,22 +797,15 @@ export const notificationRouter = createTRPCRouter({
 						message: "You are not authorized to update this notification",
 					});
 				}
-				const result = await updatePushoverNotification({
+				return await updatePushoverNotification({
 					...input,
 					organizationId: ctx.session.activeOrganizationId,
 				});
-				await audit(ctx, {
-					action: "update",
-					resourceType: "notification",
-					resourceId: input.notificationId,
-					resourceName: notification.name,
-				});
-				return result;
 			} catch (error) {
 				throw error;
 			}
 		}),
-	testPushoverConnection: withPermission("notification", "create")
+	testPushoverConnection: adminProcedure
 		.input(apiTestPushoverConnection)
 		.mutation(async ({ input }) => {
 			try {
@@ -935,18 +823,13 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
-	getEmailProviders: withPermission("notification", "read").query(
-		async ({ ctx }) => {
-			return await db.query.notifications.findMany({
-				where: eq(
-					notifications.organizationId,
-					ctx.session.activeOrganizationId,
-				),
-				with: {
-					email: true,
-					resend: true,
-				},
-			});
-		},
-	),
+	getEmailProviders: adminProcedure.query(async ({ ctx }) => {
+		return await db.query.notifications.findMany({
+			where: eq(notifications.organizationId, ctx.session.activeOrganizationId),
+			with: {
+				email: true,
+				resend: true,
+			},
+		});
+	}),
 });
--- a/apps/dokploy/server/api/routers/organization.ts
+++ b/apps/dokploy/server/api/routers/organization.ts
@@ -1,18 +1,11 @@
 import { db } from "@dokploy/server/db";
 import { IS_CLOUD } from "@dokploy/server/index";
-import { audit } from "@/server/api/utils/audit";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq, exists } from "drizzle-orm";
 import { nanoid } from "nanoid";
 import { z } from "zod";
-import {
-	invitation,
-	member,
-	organization,
-	organizationRole,
-	user,
-} from "@/server/db/schema";
-import { createTRPCRouter, protectedProcedure, withPermission } from "../trpc";
+import { invitation, member, organization } from "@/server/db/schema";
+import { adminProcedure, createTRPCRouter, protectedProcedure } from "../trpc";
 export const organizationRouter = createTRPCRouter({
 	create: protectedProcedure
 		.input(
@@ -57,12 +50,6 @@ export const organizationRouter = createTRPCRouter({
 				createdAt: new Date(),
 				userId: ctx.user.id,
 			});
-			await audit(ctx, {
-				action: "create",
-				resourceType: "organization",
-				resourceId: result.id,
-				resourceName: result.name,
-			});
 			return result;
 		}),
 	all: protectedProcedure.query(async ({ ctx }) => {
@@ -169,12 +156,6 @@ export const organizationRouter = createTRPCRouter({
 				})
 				.where(eq(organization.id, input.organizationId))
 				.returning();
-			await audit(ctx, {
-				action: "update",
-				resourceType: "organization",
-				resourceId: input.organizationId,
-				resourceName: input.name,
-			});
 			return result[0];
 		}),
 	delete: protectedProcedure
@@ -239,109 +220,15 @@ export const organizationRouter = createTRPCRouter({
 				.delete(organization)
 				.where(eq(organization.id, input.organizationId));

-			await audit(ctx, {
-				action: "delete",
-				resourceType: "organization",
-				resourceId: input.organizationId,
-				resourceName: org.name,
-			});
 			return result;
 		}),
-	inviteMember: withPermission("member", "create")
-		.input(
-			z.object({
-				email: z.string().email(),
-				role: z.string().min(1),
-			}),
-		)
-		.mutation(async ({ ctx, input }) => {
-			const orgId = ctx.session.activeOrganizationId;
-			const email = input.email.toLowerCase();
-
-			// Check if user is already a member
-			const existingUser = await db.query.user.findFirst({
-				where: eq(user.email, email),
-			});
-
-			if (existingUser) {
-				const existingMember = await db.query.member.findFirst({
-					where: and(
-						eq(member.organizationId, orgId),
-						eq(member.userId, existingUser.id),
-					),
-				});
-
-				if (existingMember) {
-					throw new TRPCError({
-						code: "CONFLICT",
-						message: "User is already a member of this organization",
-					});
-				}
-			}
-
-			// Check for pending invitation
-			const existingInvitation = await db.query.invitation.findFirst({
-				where: and(
-					eq(invitation.organizationId, orgId),
-					eq(invitation.email, email),
-					eq(invitation.status, "pending"),
-				),
-			});
-
-			if (existingInvitation) {
-				throw new TRPCError({
-					code: "CONFLICT",
-					message: "An invitation has already been sent to this email",
-				});
-			}
-
-			// If assigning a custom role, verify it exists
-			if (!["owner", "admin", "member"].includes(input.role)) {
-				const customRole = await db.query.organizationRole.findFirst({
-					where: and(
-						eq(organizationRole.organizationId, orgId),
-						eq(organizationRole.role, input.role),
-					),
-				});
-
-				if (!customRole) {
-					throw new TRPCError({
-						code: "NOT_FOUND",
-						message: `Role "${input.role}" not found`,
-					});
-				}
-			}
-
-			const [created] = await db
-				.insert(invitation)
-				.values({
-					id: nanoid(),
-					organizationId: orgId,
-					email,
-					role: input.role as any,
-					status: "pending",
-					expiresAt: new Date(Date.now() + 48 * 60 * 60 * 1000),
-					inviterId: ctx.user.id,
-				})
-				.returning();
-
-			await audit(ctx, {
-				action: "create",
-				resourceType: "organization",
-				resourceId: created?.id,
-				resourceName: email,
-				metadata: { type: "inviteMember", role: input.role },
-			});
-			return created;
-		}),
-
-	allInvitations: withPermission("member", "create").query(async ({ ctx }) => {
+	allInvitations: adminProcedure.query(async ({ ctx }) => {
 		return await db.query.invitation.findMany({
 			where: eq(invitation.organizationId, ctx.session.activeOrganizationId),
 			orderBy: [desc(invitation.status), desc(invitation.expiresAt)],
 		});
 	}),
-	removeInvitation: withPermission("member", "create")
+	removeInvitation: adminProcedure
 		.input(z.object({ invitationId: z.string() }))
 		.mutation(async ({ ctx, input }) => {
 			const invitationResult = await db.query.invitation.findFirst({
@@ -364,23 +251,15 @@ export const organizationRouter = createTRPCRouter({
 				});
 			}

-			const result = await db
+			return await db
 				.delete(invitation)
 				.where(eq(invitation.id, input.invitationId));
-			await audit(ctx, {
-				action: "delete",
-				resourceType: "organization",
-				resourceId: input.invitationId,
-				resourceName: invitationResult.email,
-				metadata: { type: "removeInvitation" },
-			});
-			return result;
 		}),
-	updateMemberRole: withPermission("member", "update")
+	updateMemberRole: adminProcedure
 		.input(
 			z.object({
 				memberId: z.string(),
-				role: z.string().min(1),
+				role: z.enum(["admin", "member"]),
 			}),
 		)
 		.mutation(async ({ ctx, input }) => {
@@ -410,7 +289,7 @@ export const organizationRouter = createTRPCRouter({
 			}

 			// Owner role is intransferible - cannot change to or from owner
-			if (target.role === "owner" || input.role === "owner") {
+			if (target.role === "owner") {
 				throw new TRPCError({
 					code: "FORBIDDEN",
 					message: "The owner role is intransferible",
@@ -427,39 +306,12 @@ export const organizationRouter = createTRPCRouter({
 				});
 			}

-			// If assigning a custom role (not admin/member), verify it exists
-			if (input.role !== "admin" && input.role !== "member") {
-				const customRole = await db.query.organizationRole.findFirst({
-					where: and(
-						eq(
-							organizationRole.organizationId,
-							ctx.session.activeOrganizationId,
-						),
-						eq(organizationRole.role, input.role),
-					),
-				});
-
-				if (!customRole) {
-					throw new TRPCError({
-						code: "NOT_FOUND",
-						message: `Custom role "${input.role}" not found`,
-					});
-				}
-			}
-
 			// Update the target member's role
 			await db
 				.update(member)
 				.set({ role: input.role })
 				.where(eq(member.id, input.memberId));

-			await audit(ctx, {
-				action: "update",
-				resourceType: "user",
-				resourceId: target.userId,
-				resourceName: target.user.email,
-				metadata: { before: target.role, after: input.role },
-			});
 			return true;
 		}),
 	setDefault: protectedProcedure
@@ -501,12 +353,6 @@ export const organizationRouter = createTRPCRouter({
 					),
 				);

-			await audit(ctx, {
-				action: "update",
-				resourceType: "organization",
-				resourceId: input.organizationId,
-				metadata: { type: "setDefault" },
-			});
 			return { success: true };
 		}),
 	active: protectedProcedure.query(async ({ ctx }) => {
--- a/Show More
+++ b/Show More