diff --git a/access-control-template/actemplate/IODAC.yjs b/access-control-template/actemplate/IODAC.yjs
index 3ab9715..2c16ac7 100644
--- a/access-control-template/actemplate/IODAC.yjs
+++ b/access-control-template/actemplate/IODAC.yjs
@@ -28,6 +28,9 @@ module DOAuth {
     @ArgSchema({
         "doId" : "string", "publicKey" : "string", "info": "string"
     })
+    @Access({
+        "ACFunction":"acceptOwner"
+    })
     export function addAuthedUser(arg) {
     //把requester和 arg.doId放到accessInfo里即可。
         addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
@@ -55,10 +58,21 @@ module DOAuth {
         } else print("acceptJudgement, requester:" + argPack.requester + "true!!");
     }
 
+    function acceptOwner(argPack) {
+        if (argPack.requester !== Global.owner) {
+            YancloudUtil.exceptionReturn({
+                "code" : 401, "msg" : "no permission: " + argPack.action
+            });
+        }
+    }
+
     @Description("针对某一DO，删除用户的访问权限")
     @ArgSchema({
         "doId" : "string", "publicKey" : "string"
     })
+    @Access({
+        "ACFunction":"acceptOwner"
+    })
     export function deleteAuthedUser(arg) {
         deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
         return {
@@ -70,6 +84,9 @@ module DOAuth {
     @ArgSchema({
         "doId" : "string", "publicKey" : "string", "info" : "string"
     })
+    @Access({
+        "ACFunction":"acceptOwner"
+    })
     export function addAuthedNode(arg) {
         addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
         if(arg.info != null) {
@@ -85,6 +102,9 @@ module DOAuth {
     @ArgSchema({
         "doId" : "string", "publicKey" : "string"
     })
+    @Access({
+        "ACFunction":"acceptOwner"
+    })
     export function deleteAuthedNode(arg) {
         deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
         return {