diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
index c774b72102b28daa06499a191f41b230c13ec310..a3a4482d32f99c9586d2fdd64a1aaf439e57b462 100644
--- a/pkg/constants/constants.go
+++ b/pkg/constants/constants.go
@@ -45,6 +45,7 @@ const (
 	ClusterAdmin                   = "cluster-admin"
 	WorkspaceRegular               = "workspace-regular"
 	WorkspaceViewer                = "workspace-viewer"
+	WorkspacesManager              = "workspaces-manager"
 	DevopsOwner                    = "owner"
 	DevopsReporter                 = "reporter"
 
diff --git a/pkg/controller/workspace/workspace_controller.go b/pkg/controller/workspace/workspace_controller.go
index 581b6e8be18aff6d55de088c546209cc79dddbe5..4a022f85fc7ea0e80a8dd2859d9daec379e3450d 100644
--- a/pkg/controller/workspace/workspace_controller.go
+++ b/pkg/controller/workspace/workspace_controller.go
@@ -564,6 +564,11 @@ func getWorkspaceAdmin(workspaceName string) *rbac.ClusterRole {
 			ResourceNames: []string{workspaceName},
 			Resources:     []string{"workspaces", "workspaces/*"},
 		},
+		{
+			Verbs:     []string{"watch"},
+			APIGroups: []string{""},
+			Resources: []string{"namespaces"},
+		},
 		{
 			Verbs:     []string{"list"},
 			APIGroups: []string{"iam.kubesphere.io"},
@@ -630,6 +635,11 @@ func getWorkspaceViewer(workspaceName string) *rbac.ClusterRole {
 			ResourceNames: []string{workspaceName},
 			Resources:     []string{"workspaces", "workspaces/*"},
 		},
+		{
+			Verbs:     []string{"watch"},
+			APIGroups: []string{""},
+			Resources: []string{"namespaces"},
+		},
 		{
 			Verbs:     []string{"get", "list"},
 			APIGroups: []string{"openpitrix.io"},
diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go
index 29a2646349a735100e3af42adc40cb19cd5dc41f..e1f4132da2203cf557a456e1aca801bd3b87a13a 100644
--- a/pkg/models/iam/am.go
+++ b/pkg/models/iam/am.go
@@ -487,7 +487,7 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
 		APIGroups: []string{"*"},
 		Resources: []string{"workspaces", "workspaces/*"},
 	}) {
-		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
+		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
 	}
 
 	workspaceRole, err := GetUserWorkspaceRole(workspace, username)
@@ -534,6 +534,12 @@ func GetWorkspaceRoleSimpleRules(workspace, roleName string) []models.SimpleRule
 			{Name: "apps", Actions: []string{"view"}},
 			{Name: "repos", Actions: []string{"view"}},
 		}
+	case constants.WorkspacesManager:
+		workspaceRules = []models.SimpleRule{
+			{Name: "workspaces", Actions: []string{"edit", "delete", "view"}},
+			{Name: "members", Actions: []string{"edit", "delete", "create", "view"}},
+			{Name: "roles", Actions: []string{"view"}},
+		}
 	}
 
 	return workspaceRules