diff --git a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
index 535b63c41b..f6349c8e74 100644
--- a/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
+++ b/test-track/backend/src/main/java/io/metersphere/controller/TestCaseController.java
@@ -26,6 +26,7 @@ import io.metersphere.service.TestCaseService;
 import io.metersphere.service.wapper.CheckPermissionService;
 import io.metersphere.xpack.track.dto.EditTestCaseRequest;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -245,7 +246,7 @@ public class TestCaseController {
     @MsAuditLog(module = OperLogModule.TRACK_TEST_CASE, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", title = "#request.name", content = "#msClass.getLogDetails(#request.id)", msClass = TestCaseService.class)
     @SendNotice(taskType = NoticeConstants.TaskType.TRACK_TEST_CASE_TASK, target = "#targetClass.getTestCase(#request.id)", targetClass = TestCaseService.class,
             event = NoticeConstants.Event.UPDATE, subject = "测试用例通知")
-    @RequiresPermissions(PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT)
+    @RequiresPermissions(value = {PermissionConstants.PROJECT_TRACK_CASE_READ_EDIT, PermissionConstants.PROJECT_TRACK_CASE_READ_CREATE}, logical = Logical.OR)
     public TestCase editTestCase(@RequestPart("request") EditTestCaseRequest request) {
         return testCaseService.edit(request);
     }
diff --git a/test-track/frontend/src/business/case/components/TestCaseEdit.vue b/test-track/frontend/src/business/case/components/TestCaseEdit.vue
index 289f8af06e..f5350bc32b 100644
--- a/test-track/frontend/src/business/case/components/TestCaseEdit.vue
+++ b/test-track/frontend/src/business/case/components/TestCaseEdit.vue
@@ -29,8 +29,8 @@
                 v-show="versionEnable"
                 ref="versionHistory"
                 :current-id="currentTestCaseInfo.id"
-                :is-read="readOnly"
-                :is-public-show="isPublicShow || hasReadonlyPermission"
+                :is-read="versionReadOnly"
+                :is-public-show="isPublicShow"
                 :current-version-id="form.versionId"
                 @confirmOtherInfo="confirmOtherInfo"
                 :current-project-id="projectId"
@@ -632,6 +632,16 @@ export default {
         !hasPermission("PROJECT_TRACK_CASE:READ+EDIT")
       );
     },
+    versionReadOnly() {
+      if (this.isPublicShow || this.hasReadonlyPermission) {
+        return true;
+      }
+      const { rowClickHasPermission } = this.currentTestCaseInfo;
+      if (rowClickHasPermission !== undefined) {
+        return !rowClickHasPermission;
+      }
+      return hasPermission('PROJECT_TRACK_CASE:READ');
+    },
     caseId() {
       return !this.isPublicShow ? this.$route.params.caseId : this.publicCaseId;
     },
diff --git a/test-track/frontend/src/business/case/components/common/CaseVersionHistory.vue b/test-track/frontend/src/business/case/components/common/CaseVersionHistory.vue
index d4cc9c04f9..fd894b1a48 100644
--- a/test-track/frontend/src/business/case/components/common/CaseVersionHistory.vue
+++ b/test-track/frontend/src/business/case/components/common/CaseVersionHistory.vue
@@ -54,7 +54,7 @@
               <div
                 class="create opt-row"
                 v-if="!caseVersionMap.has(item.id)
-                  && !isRead"
+                  && hasCreatePermission"
                 @click.stop="create(item)"
               >
                 {{ $t("commons.create") }}
@@ -64,7 +64,7 @@
                 @click.stop="del(item)"
                 v-if="caseVersionMap.has(item.id)
                   && !(item.id === currentVersionId)
-                  && !isRead"
+                  && hasDeletePermission"
               >
                 {{ $t("commons.delete") }}
               </div>
@@ -157,7 +157,7 @@
 
 <script>
 import {getCurrentProjectID} from "metersphere-frontend/src/utils/token";
-import {hasLicense} from "metersphere-frontend/src/utils/permission";
+import {hasLicense, hasPermission} from "metersphere-frontend/src/utils/permission";
 import {
   getProjectMembers,
   getProjectVersions,
@@ -218,6 +218,15 @@ export default {
     },
     compareDisable() {
       return !this.versionCompareOptions || this.versionCompareOptions.length < 2;
+    },
+    hasCreatePermission() {
+      return hasPermission("PROJECT_TRACK_CASE:READ+CREATE")
+    },
+    hasEditPermission() {
+      return hasPermission("PROJECT_TRACK_CASE:READ+EDIT")
+    },
+    hasDeletePermission() {
+      return hasPermission("PROJECT_TRACK_CASE:READ+DELETE");
     }
   },
   beforeDestroy() {
@@ -320,6 +329,7 @@ export default {
       return hasVersionCase // 有当前版本的用例
           && latestVersionCondition  // 有最新版本的用例，则非最新版本的其他版本不显示置新
           && !this.isRead // 不是只读
+          && this.hasEditPermission
           && !isNotDataLatestVersionCase // 已经是最新版本，不显示置新
     },
     handleVersionOptions() {