diff --git a/src/controllers/AuthRoleController.ts b/src/controllers/AuthRoleController.ts
index 5d007fb3..78220ab7 100644
--- a/src/controllers/AuthRoleController.ts
+++ b/src/controllers/AuthRoleController.ts
@@ -6,6 +6,7 @@ import {
   Patch,
   Path,
   Post,
+  Query,
   Request,
   Route,
   Security,
@@ -36,8 +37,21 @@ export class AuthRoleController extends Controller {
   private redis = require("redis");
 
   @Get("list")
-  public async listAuthRole() {
-    const getList = await this.authRoleRepo.find();
+  public async listAuthRole(
+    @Request() req: RequestWithUser,
+    @Query("isAdminVisibled ") isAdminVisibled : string = "false",
+  ) {
+    let condition: any = {};
+    if(isAdminVisibled.toLowerCase() === "true"){
+      condition = { isAdminVisibled: true };
+    }else{
+      condition = {};
+    }
+    const getList = await this.authRoleRepo.find(
+      {
+        where: condition,
+      }
+    );
     // if (!getList || getList.length === 0) {
     //   throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
     // }
@@ -161,6 +175,7 @@ export class AuthRoleController extends Controller {
     body: {
       roleName: string;
       roleDescription: string;
+      isAdminVisibled?: boolean;
       authRoleAttrs: Array<{
         // id: string;
         authSysId: string;
@@ -187,6 +202,7 @@ export class AuthRoleController extends Controller {
       }));
 
       Object.assign(record, {
+        isAdminVisibled: body.isAdminVisibled?body.isAdminVisibled:false,
         roleName: body.roleName,
         roleDescription: body.roleDescription,
         lastUpdateFullName: req.user.name,
diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index 6f2fd217..5d7d4910 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -758,11 +758,21 @@ export class KeycloakController extends Controller {
   }
 
   @Get("user/role/{id}")
-  async getRoleUser(@Path("id") id: string) {
+  async getRoleUser(@Request() req: RequestWithUser,@Path("id") id: string) {
+    
     const profile = await this.profileRepo.findOne({
       where: { keycloak: id },
       relations: ["roleKeycloaks"],
     });
+    
+    if (
+      req.user.sub === id &&
+      req.user.role.some(x => x === 'ADMIN') &&
+      !req.user.role.some(x => x === 'SUPER_ADMIN') 
+    ) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "ไม่มีสิทธิ์เข้าถึงข้อมูลนี้");
+    }
+
     if (!profile) {
       const profileEmp = await this.profileEmpRepo.findOne({
         where: { keycloak: id, employeeClass: "PERM" },