diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs
index 895e7f9c..4ed6e0ce 100644
--- a/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs
+++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs
@@ -65,6 +65,7 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers
         [HttpGet("{path}")]
         public async Task<ActionResult<ResponseObject>> GetDiscipline(string path, int page = 1, int pageSize = 25, string keyword = "")
         {
+            // สิทธิ์การเข้าถึง
             path = path.Trim().ToUpper();
             string getPermission;
             if (path == "MAIN")
@@ -84,21 +85,24 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers
                 getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INFO");
             }
 
-
             var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
             if (jsonData["status"]?.ToString() != "200")
             {
                 return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
             }
+            // สิทธิ์มองเห็นรายชื่อ
+            var userId = UserId == null ? Guid.Empty : Guid.Parse(UserId);
+            var profile = await _userProfileRepository.GetUserOC(userId, token.Replace("Bearer ", ""));
+            if (profile == null)
+                return Error(GlobalMessages.DataNotFound);
+
             var data_search = (from x in _context.DisciplineDirectors.Include(x => x.DisciplineInvestigate_Directors).Include(x => x.DisciplineDisciplinary_DirectorInvestigates)
-                               where /*x.Prefix.Contains(keyword) ||
-                                       x.FirstName.Contains(keyword) ||
-                                       x.LastName.Contains(keyword) ||*/
-                                       ((x.Prefix ?? "") + (x.FirstName ?? "") + " " + (x.LastName ?? "")).Contains(keyword) ||
+                               where  (((x.Prefix ?? "") + (x.FirstName ?? "") + " " + (x.LastName ?? "")).Contains(keyword) ||
                                        x.Position.Contains(keyword) ||
                                        x.Email.Contains(keyword) ||
                                        x.Phone.Contains(keyword) ||
-                                       x.Qualification.Contains(keyword)
+                                       x.Qualification.Contains(keyword)) && 
+                                       x.RootDnaId == profile.RootDnaId
                                select x).ToList();
             var data = data_search
                             .Select(x => new
@@ -192,6 +196,7 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers
                 Email = req.email,
                 Phone = req.phone,
                 Qualification = req.qualification,
+                RootDnaId = req.rootDnaId,
                 CreatedFullName = FullName ?? "System Administrator",
                 CreatedUserId = UserId ?? "",
                 CreatedAt = DateTime.Now,
diff --git a/BMA.EHR.Discipline.Service/Requests/DisciplineDirectorRequest.cs b/BMA.EHR.Discipline.Service/Requests/DisciplineDirectorRequest.cs
index 35f830c3..9ca16f9f 100644
--- a/BMA.EHR.Discipline.Service/Requests/DisciplineDirectorRequest.cs
+++ b/BMA.EHR.Discipline.Service/Requests/DisciplineDirectorRequest.cs
@@ -12,5 +12,6 @@ namespace BMA.EHR.Discipline.Service.Requests
         public string? email { get; set; }
         public string? phone { get; set; }
         public string? qualification { get; set; }
+        public Guid? rootDnaId { get; set; }
     }
 }