diff --git a/Controllers/DisableController.cs b/Controllers/DisableController.cs
index 1725681..cb6804a 100644
--- a/Controllers/DisableController.cs
+++ b/Controllers/DisableController.cs
@@ -86,6 +86,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         private string? UserId => _httpContextAccessor?.HttpContext?.User?.FindFirst(ClaimTypes.NameIdentifier)?.Value;
 
         private string? FullName => _httpContextAccessor?.HttpContext?.User?.FindFirst("name")?.Value;
+        private string? RootDnaId => _httpContextAccessor?.HttpContext?.User?.FindFirst("orgRootDnaId")?.Value;
         private string? token => _httpContextAccessor.HttpContext.Request.Headers["Authorization"];
 
         #endregion
@@ -487,6 +488,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
                     Note = req.Note,
                     AnnouncementDate = req.AnnouncementDate,
                     CheckDisability = true,
+                    OrganizationId = req.rootDnaId,
                     CreatedAt = DateTime.Now,
                     CreatedUserId = UserId ?? "",
                     CreatedFullName = FullName ?? "System Administrator",
@@ -499,7 +501,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
                 using (var client = new HttpClient())
                 {
                     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.Replace("Bearer ", ""));
-                    client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]);
+                    client.DefaultRequestHeaders.Add("api-key", _configuration["API_KEY"]);
                     var _req = new HttpRequestMessage(HttpMethod.Get, apiUrl);
                     var _res = await client.SendAsync(_req);
                     var _result = await _res.Content.ReadAsStringAsync();
@@ -668,8 +670,16 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
                 {
                     return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
                 }
+                string role = jsonData["result"]?.ToString() ?? string.Empty;
+                string rootDnaId = string.Empty;
+                if (role != "OWNER")
+                {
+                    rootDnaId = RootDnaId?.ToString() ?? "";
+                }
+                
                 var data = await _context.PeriodExams.AsQueryable()
                                 .Where(x => x.CheckDisability == true)
+                                .Where(x => string.IsNullOrEmpty(rootDnaId) || x.OrganizationId == Guid.Parse(rootDnaId))
                                 .Include(x => x.ImportFile)
                                 .Include(x => x.Disables)
                                 .Include(x => x.ScoreImport)
diff --git a/Repositories/PermissionRepository.cs b/Repositories/PermissionRepository.cs
index afc84af..52b70cd 100644
--- a/Repositories/PermissionRepository.cs
+++ b/Repositories/PermissionRepository.cs
@@ -51,7 +51,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Services
                 using (var client = new HttpClient())
                 {
                     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AccessToken.Replace("Bearer ", ""));
-                    client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]);
+                    client.DefaultRequestHeaders.Add("api-key", _configuration["API_KEY"]);
                     var req = await client.GetAsync(apiPath);
                     var res = await req.Content.ReadAsStringAsync();
                     return res;
diff --git a/Request/Disables/PostDisableImportRequest.cs b/Request/Disables/PostDisableImportRequest.cs
index 232bc33..2eab546 100644
--- a/Request/Disables/PostDisableImportRequest.cs
+++ b/Request/Disables/PostDisableImportRequest.cs
@@ -82,5 +82,10 @@ namespace BMA.EHR.Recurit.Exam.Service.Request.Disables
         /// วันที่ประกาศผลสอบ
         /// </summary>
         public DateTime AnnouncementDate { get; set; }
+
+        /// <summary>
+        /// รหัส DNA หน่วยงาน
+        /// </summary>
+        public Guid? rootDnaId { get; set; }
     }
 }
diff --git a/Services/CandidateService.cs b/Services/CandidateService.cs
index 64c57a6..2319b65 100644
--- a/Services/CandidateService.cs
+++ b/Services/CandidateService.cs
@@ -2663,7 +2663,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Services
             using (var client = new HttpClient())
             {
                 client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token?.Replace("Bearer ", ""));
-                client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]);
+                client.DefaultRequestHeaders.Add("api-key", _configuration["API_KEY"]);
                 var _res = await client.PostAsJsonAsync(apiUrl, new
                 {
                     citizenId
diff --git a/Services/PeriodExamService.cs b/Services/PeriodExamService.cs
index 64aa287..2d417e5 100644
--- a/Services/PeriodExamService.cs
+++ b/Services/PeriodExamService.cs
@@ -2982,7 +2982,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Services
                 using (var client = new HttpClient())
                 {
                     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.Replace("Bearer ", ""));
-                    client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]);
+                    client.DefaultRequestHeaders.Add("api-key", _configuration["API_KEY"]);
                     var _req = new HttpRequestMessage(HttpMethod.Get, apiUrl);
                     var _res = await client.SendAsync(_req);
                     var _result = await _res.Content.ReadAsStringAsync();