diff --git a/backend/framework/domain/src/main/resources/migration/3.0.0/dml/V3.0.0_11_1__data.sql b/backend/framework/domain/src/main/resources/migration/3.0.0/dml/V3.0.0_11_1__data.sql
index e618c62399..b83150b2f0 100644
--- a/backend/framework/domain/src/main/resources/migration/3.0.0/dml/V3.0.0_11_1__data.sql
+++ b/backend/framework/domain/src/main/resources/migration/3.0.0/dml/V3.0.0_11_1__data.sql
@@ -108,6 +108,7 @@ INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_BUG:READ+UPDATE');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_BUG:READ+DELETE');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_BUG:READ+EXPORT');
+INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_BUG:READ+COMMENT');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_BASE_INFO:READ+UPDATE');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_API_DEBUG:READ');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_admin', 'PROJECT_API_DEBUG:READ+ADD');
@@ -197,6 +198,7 @@ INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_BUG:READ+UPDATE');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_BUG:READ+DELETE');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_BUG:READ+EXPORT');
+INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_BUG:READ+COMMENT');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_CUSTOM_FUNCTION:READ');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_CUSTOM_FUNCTION:READ+ADD');
 INSERT INTO user_role_permission (id, role_id, permission_id) VALUES (UUID_SHORT(), 'project_member', 'PROJECT_CUSTOM_FUNCTION:READ+UPDATE');
diff --git a/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java b/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java
index 4a4687a1e9..9b4feeb9f5 100644
--- a/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java
+++ b/backend/framework/sdk/src/main/java/io/metersphere/sdk/constants/PermissionConstants.java
@@ -253,6 +253,7 @@ public class PermissionConstants {
     public static final String PROJECT_BUG_UPDATE = "PROJECT_BUG:READ+UPDATE";
     public static final String PROJECT_BUG_DELETE = "PROJECT_BUG:READ+DELETE";
     public static final String PROJECT_BUG_EXPORT = "PROJECT_BUG:READ+EXPORT";
+    public static final String PROJECT_BUG_COMMENT = "PROJECT_BUG:READ+COMMENT";
     /*------ end: BUG ------*/
     /*------ start: API_MANAGEMENT ------*/
     public static final String PROJECT_API_DEFINITION_READ = "PROJECT_API_DEFINITION:READ";
diff --git a/backend/services/bug-management/src/main/java/io/metersphere/bug/controller/BugCommentController.java b/backend/services/bug-management/src/main/java/io/metersphere/bug/controller/BugCommentController.java
index ca77ab2f89..97c8885ab4 100644
--- a/backend/services/bug-management/src/main/java/io/metersphere/bug/controller/BugCommentController.java
+++ b/backend/services/bug-management/src/main/java/io/metersphere/bug/controller/BugCommentController.java
@@ -33,7 +33,7 @@ public class BugCommentController {
 
     @PostMapping("/add")
     @Operation(summary = "缺陷管理-评论-新增/回复评论")
-    @RequiresPermissions(PermissionConstants.PROJECT_BUG_READ)
+    @RequiresPermissions(PermissionConstants.PROJECT_BUG_COMMENT)
     @CheckOwner(resourceId = "#request.getBugId()", resourceType = "bug")
     public BugComment add(@RequestBody BugCommentEditRequest request) {
         return bugCommentService.addComment(request, SessionUtils.getUserId());
@@ -41,7 +41,7 @@ public class BugCommentController {
 
     @PostMapping("/update")
     @Operation(summary = "缺陷管理-评论-编辑评论")
-    @RequiresPermissions(PermissionConstants.PROJECT_BUG_READ)
+    @RequiresPermissions(PermissionConstants.PROJECT_BUG_COMMENT)
     @CheckOwner(resourceId = "#request.getBugId()", resourceType = "bug")
     public BugComment update(@RequestBody BugCommentEditRequest request) {
         return bugCommentService.updateComment(request, SessionUtils.getUserId());
@@ -49,7 +49,7 @@ public class BugCommentController {
 
     @GetMapping("/delete/{commentId}")
     @Operation(summary = "缺陷管理-评论-删除评论")
-    @RequiresPermissions(PermissionConstants.PROJECT_BUG_READ)
+    @RequiresPermissions(PermissionConstants.PROJECT_BUG_COMMENT)
     public void delete(@PathVariable String commentId) {
         bugCommentService.deleteComment(commentId, SessionUtils.getUserId());
     }
diff --git a/backend/services/bug-management/src/main/resources/permission.json b/backend/services/bug-management/src/main/resources/permission.json
index f8b02ac0a9..ac5dabdb54 100644
--- a/backend/services/bug-management/src/main/resources/permission.json
+++ b/backend/services/bug-management/src/main/resources/permission.json
@@ -22,6 +22,10 @@
           },
           {
             "id": "PROJECT_BUG:READ+EXPORT"
+          },
+          {
+            "id": "PROJECT_BUG:READ+COMMENT",
+            "name": "permission.functional_case.comment"
           }
         ]
       }