diff --git a/src/controllers/EmployeePositionController.ts b/src/controllers/EmployeePositionController.ts
index 05331106..61ceabee 100644
--- a/src/controllers/EmployeePositionController.ts
+++ b/src/controllers/EmployeePositionController.ts
@@ -74,7 +74,7 @@ export class EmployeePositionController extends Controller {
     requestBody: CreateEmployeePosDict,
     @Request() request: RequestWithUser,
   ) {
-    await new permission().PermissionCreate(request, "SYS_ORG_EMP");
+    // await new permission().PermissionCreate(request, "SYS_ORG_EMP");
     const empPosDict = Object.assign(new EmployeePosDict(), requestBody);
     if (!empPosDict) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล");
@@ -126,7 +126,7 @@ export class EmployeePositionController extends Controller {
     requestBody: UpdateEmployeePosDict,
     @Request() request: RequestWithUser,
   ) {
-    await new permission().PermissionUpdate(request, "SYS_ORG_EMP");
+    // await new permission().PermissionUpdate(request, "SYS_ORG_EMP");
     const empPosDict = await this.employeePosDictRepository.findOne({
       where: { id: id },
     });
@@ -176,7 +176,7 @@ export class EmployeePositionController extends Controller {
    */
   @Delete("position/{id}")
   async delete(@Path() id: string, @Request() request: RequestWithUser) {
-    await new permission().PermissionDelete(request, "SYS_ORG_EMP");
+    // await new permission().PermissionDelete(request, "SYS_ORG_EMP");
     const delEmpPosDict = await this.employeePosDictRepository.findOne({ where: { id } });
     if (!delEmpPosDict) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งลูกจ้างประจำนี้");
diff --git a/src/controllers/PositionController.ts b/src/controllers/PositionController.ts
index 6da78b75..8064a5f1 100644
--- a/src/controllers/PositionController.ts
+++ b/src/controllers/PositionController.ts
@@ -90,7 +90,7 @@ export class PositionController extends Controller {
     requestBody: CreatePosDict,
     @Request() request: RequestWithUser,
   ) {
-    await new permission().PermissionCreate(request, "SYS_ORG");
+    // await new permission().PermissionCreate(request, "SYS_ORG");
     const posDict = Object.assign(new PosDict(), requestBody);
     if (!posDict) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล");
@@ -274,7 +274,7 @@ export class PositionController extends Controller {
     requestBody: UpdatePosDict,
     @Request() request: RequestWithUser,
   ) {
-    await new permission().PermissionUpdate(request, "SYS_ORG");
+    // await new permission().PermissionUpdate(request, "SYS_ORG");
     const posDict = await this.posDictRepository.findOne({
       where: { id: id },
     });
@@ -355,7 +355,7 @@ export class PositionController extends Controller {
    */
   @Delete("position/{id}")
   async delete(@Path() id: string, @Request() request: RequestWithUser) {
-    await new permission().PermissionDelete(request, "SYS_ORG");
+    // await new permission().PermissionDelete(request, "SYS_ORG");
     const delPosDict = await this.posDictRepository.findOne({ where: { id } });
     if (!delPosDict) {
       throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งในสายงานนี้");