diff --git a/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java b/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
index 788336f184..5b61fcb4f2 100644
--- a/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
@@ -1,11 +1,14 @@
 package io.dataease.datasource.server;
 
+import com.mchange.rmi.NotAuthorizedException;
 import io.dataease.api.ds.EngineApi;
 import io.dataease.datasource.dao.auto.entity.CoreDeEngine;
 import io.dataease.datasource.dao.auto.mapper.CoreDeEngineMapper;
 import io.dataease.datasource.manage.EngineManage;
 import io.dataease.datasource.provider.CalciteProvider;
+import io.dataease.exception.DEException;
 import io.dataease.extensions.datasource.dto.DatasourceDTO;
+import io.dataease.utils.AuthUtils;
 import io.dataease.utils.BeanUtils;
 import io.dataease.utils.IDUtils;
 import jakarta.annotation.Resource;
@@ -30,6 +33,9 @@ public class EngineServer implements EngineApi {
 
     @Override
     public DatasourceDTO getEngine() {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
         DatasourceDTO datasourceDTO = new DatasourceDTO();
         List<CoreDeEngine> deEngines = deEngineMapper.selectList(null);
         if (CollectionUtils.isEmpty(deEngines)) {
@@ -40,23 +46,29 @@ public class EngineServer implements EngineApi {
 
     @Override
     public void save(DatasourceDTO datasourceDTO) {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
         if (StringUtils.isNotEmpty(datasourceDTO.getConfiguration())) {
             datasourceDTO.setConfiguration(new String(Base64.getDecoder().decode(datasourceDTO.getConfiguration())));
         }
         CoreDeEngine coreDeEngine = new CoreDeEngine();
         BeanUtils.copyBean(coreDeEngine, datasourceDTO);
-        if(coreDeEngine.getId() == null){
+        if (coreDeEngine.getId() == null) {
             coreDeEngine.setId(IDUtils.snowID());
             datasourceDTO.setId(coreDeEngine.getId());
             deEngineMapper.insert(coreDeEngine);
-        }else {
+        } else {
             deEngineMapper.updateById(coreDeEngine);
         }
         calciteProvider.update(datasourceDTO);
     }
 
     @Override
-    public void validate(DatasourceDTO datasourceDTO) throws Exception{
+    public void validate(DatasourceDTO datasourceDTO) throws Exception {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
         CoreDeEngine coreDeEngine = new CoreDeEngine();
         BeanUtils.copyBean(coreDeEngine, datasourceDTO);
         coreDeEngine.setConfiguration(new String(Base64.getDecoder().decode(coreDeEngine.getConfiguration())));
@@ -65,6 +77,9 @@ public class EngineServer implements EngineApi {
 
     @Override
     public void validateById(Long id) throws Exception {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
         engineManage.validate(deEngineMapper.selectById(id));
     }