diff --git a/src/controllers/04-invoice-controller.ts b/src/controllers/04-invoice-controller.ts
index fb3fdf0..ffac9d1 100644
--- a/src/controllers/04-invoice-controller.ts
+++ b/src/controllers/04-invoice-controller.ts
@@ -29,14 +29,23 @@ type InvoicePayload = {
   installmentNo: number[];
 };
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
-const permissionCondCompany = createPermCondition((_) => true);
+const permissionCondCompany = createPermCondition(globalAllow);
 const permissionCheck = createPermCheck(globalAllow);
 
 @Route("/api/v1/invoice")
@@ -229,7 +238,7 @@ export class InvoiceController extends Controller {
           title: "ใบแจ้งหนี้ใหม่ / New Invoice",
           detail: "รหัส / code : " + record.code,
           registeredBranchId: record.registeredBranchId,
-          groupReceiver: { create: { name: "accountant" } },
+          groupReceiver: { create: { name: "branch_accountant" } },
         },
       });
 
diff --git a/src/controllers/05-payment-controller.ts b/src/controllers/05-payment-controller.ts
index 711e357..2c40446 100644
--- a/src/controllers/05-payment-controller.ts
+++ b/src/controllers/05-payment-controller.ts
@@ -26,11 +26,20 @@ import flowAccount from "../services/flowaccount";
 import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
diff --git a/src/controllers/05-quotation-controller.ts b/src/controllers/05-quotation-controller.ts
index 7d27e2e..80a0b95 100644
--- a/src/controllers/05-quotation-controller.ts
+++ b/src/controllers/05-quotation-controller.ts
@@ -150,14 +150,14 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
   "accountant",
+  "branch_accountant",
   "head_of_sale",
   "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const allowList = ["system", "head_of_admin", "accountant", "head_of_sale"];
   return allowList.some((v) => user.roles?.includes(v));
 }
 
diff --git a/src/controllers/08-credit-note-controller.ts b/src/controllers/08-credit-note-controller.ts
index 4a6f622..6da9954 100644
--- a/src/controllers/08-credit-note-controller.ts
+++ b/src/controllers/08-credit-note-controller.ts
@@ -42,22 +42,20 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
-  "sale",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
-  return allowList.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
-// NOTE: permission condition/check in requestWork -> requestData -> quotation -> registeredBranch
 const permissionCond = createPermCondition(globalAllow);
-const permissionCondCompany = createPermCondition((_) => true);
 const permissionCheck = createPermCheck(globalAllow);
-const permissionCheckCompany = createPermCheck((_) => true);
 
 type CreditNoteCreate = {
   requestWorkId: string[];
@@ -94,7 +92,7 @@ export class CreditNoteController extends Controller {
           request: {
             quotationId,
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
@@ -200,7 +198,7 @@ export class CreditNoteController extends Controller {
           request: {
             quotationId,
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
@@ -243,7 +241,7 @@ export class CreditNoteController extends Controller {
         some: {
           request: {
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
diff --git a/src/controllers/09-debit-note-controller.ts b/src/controllers/09-debit-note-controller.ts
index 9c247be..91457d2 100644
--- a/src/controllers/09-debit-note-controller.ts
+++ b/src/controllers/09-debit-note-controller.ts
@@ -44,22 +44,20 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
-  "sale",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
-  return allowList.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
-// NOTE: permission condition/check in registeredBranch
 const permissionCond = createPermCondition(globalAllow);
-const permissionCondCompany = createPermCondition((_) => true);
 const permissionCheck = createPermCheck(globalAllow);
-const permissionCheckCompany = createPermCheck((_) => true);
 
 type DebitNoteCreate = {
   quotationId: string;
@@ -605,7 +603,7 @@ export class DebitNoteController extends Controller {
 
     if (!record) throw notFoundError("Debit Note");
 
-    await permissionCheckCompany(req.user, record.registeredBranch);
+    await permissionCheck(req.user, record.registeredBranch);
 
     const { productServiceList: _productServiceList, ...rest } = body;
     const ids = {