diff --git a/services/param/adapter/param_dac.c b/services/param/adapter/param_dac.c
index d55a8c29df14bd718779e4213eb3f22985a7e547..f2c46a1e28bc8173a58145d4e1cff417f5c18577 100644
--- a/services/param/adapter/param_dac.c
+++ b/services/param/adapter/param_dac.c
@@ -230,7 +230,9 @@ static int CheckParamPermission(const ParamSecurityLabel *srcLabel, const ParamA
     int ret = DAC_RESULT_FORBIDED;
     PARAM_CHECK(srcLabel != NULL && auditData != NULL && auditData->name != NULL, return ret, "Invalid param");
     PARAM_CHECK((mode & (DAC_READ | DAC_WRITE | DAC_WATCH)) != 0, return ret, "Invalid mode %x", mode);
-
+    if (srcLabel->cred.uid = 0) {
+        return DAC_RESULT_PERMISSION;
+    }
     /**
      * DAC group 实现的label的定义
      * user:group:read|write|watch