diff --git a/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java b/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
index bb3b411a..ce7c5fdb 100644
--- a/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
+++ b/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
@@ -23,6 +23,11 @@ public class Authorization extends AbstractStringIdEntity
 	/** 授权资源类型：授权 */
 	public static final String RESOURCE_TYPE_AUTHORIZATION = "AUTHORIZATION";
 
+	/**
+	 * 模式匹配资源类型的后缀，例如："DATA_SOURCE_PATTERN"，表示数据源资源模式匹配授权
+	 */
+	public static final String PATTERN_RESOURCE_TYPE_SUFFIX = "_PATTERN";
+
 	/** 授权主体类型：全部用户 */
 	public static final String PRINCIPAL_TYPE_ALl = "ALL";
 
@@ -43,21 +48,24 @@ public class Authorization extends AbstractStringIdEntity
 
 	/*------------------------------------------------------*/
 	/*
-	 * 注意：权限值范围必须在[0, 100)之间，因为commonDataPermissionSqls.xml会对权限值取模100。
+	 * 注意：权限值范围必须在[0, 99]之间，因为commonDataPermissionSqls.xml会对权限值取模100。
 	 * 这里的权限值都留有间隔，便于各模块扩展自定义权限值。
 	 */
 
-	/** 权限：无 */
-	public static final int PERMISSION_NONE = 0;
+	/** 权限起始值：无 */
+	public static final int PERMISSION_NONE_START = 0;
 
-	/** 权限：读取 */
-	public static final int PERMISSION_READ = 20;
+	/** 权限起始值：只读 */
+	public static final int PERMISSION_READ_START = 20;
 
-	/** 权限：编辑 */
-	public static final int PERMISSION_EDIT = 40;
+	/** 权起始值限：编辑 */
+	public static final int PERMISSION_EDIT_START = 40;
 
-	/** 权限：删除 */
-	public static final int PERMISSION_DELETE = 60;
+	/** 权限起始值：删除 */
+	public static final int PERMISSION_DELETE_START = 60;
+
+	/** 最大权限值 */
+	public static final int PERMISSION_MAX = 99;
 
 	/*------------------------------------------------------*/
 
@@ -221,35 +229,79 @@ public class Authorization extends AbstractStringIdEntity
 	}
 
 	/**
-	 * 是否为可读取权限。
+	 * 是否无权限。
+	 * 
+	 * @param permission
+	 * @return
+	 */
+	public static boolean isNone(int permission)
+	{
+		return (permission >= PERMISSION_NONE_START && permission < PERMISSION_READ_START);
+	}
+
+	/**
+	 * 是否是只读权限。
+	 * 
+	 * @param permission
+	 * @return
+	 */
+	public static boolean isRead(int permission)
+	{
+		return (permission >= PERMISSION_READ_START && permission < PERMISSION_EDIT_START);
+	}
+
+	/**
+	 * 是否是可编辑权限。
+	 * 
+	 * @param permission
+	 * @return
+	 */
+	public static boolean isEdit(int permission)
+	{
+		return (permission >= PERMISSION_EDIT_START && permission < PERMISSION_DELETE_START);
+	}
+
+	/**
+	 * 是否是可删除权限。
+	 * 
+	 * @param permission
+	 * @return
+	 */
+	public static boolean isDelete(int permission)
+	{
+		return (permission >= PERMISSION_DELETE_START);
+	}
+
+	/**
+	 * 是否可读、或者可编辑、或者可删除。
 	 * 
 	 * @param permission
 	 * @return
 	 */
 	public static boolean canRead(int permission)
 	{
-		return (PERMISSION_READ <= permission);
+		return (permission >= PERMISSION_READ_START);
 	}
 
 	/**
-	 * 是否为可编辑权限。
+	 * 是否可编辑、或者可删除。
 	 * 
 	 * @param permission
 	 * @return
 	 */
 	public static boolean canEdit(int permission)
 	{
-		return (PERMISSION_EDIT <= permission);
+		return (permission >= PERMISSION_EDIT_START);
 	}
 
 	/**
-	 * 是否为可删除权限。
+	 * 是否可删除。
 	 * 
 	 * @param permission
 	 * @return
 	 */
 	public static boolean canDelete(int permission)
 	{
-		return (PERMISSION_DELETE <= permission);
+		return (permission >= PERMISSION_DELETE_START);
 	}
 }
diff --git a/datagear-management/src/main/java/org/datagear/management/domain/Schema.java b/datagear-management/src/main/java/org/datagear/management/domain/Schema.java
index e33f8c17..cc57ac17 100644
--- a/datagear-management/src/main/java/org/datagear/management/domain/Schema.java
+++ b/datagear-management/src/main/java/org/datagear/management/domain/Schema.java
@@ -20,14 +20,22 @@ public class Schema extends AbstractStringIdEntity
 {
 	private static final long serialVersionUID = 1L;
 
+	/*------------------------------------------------------*/
+	/*
+	 * 从业务角度看，对数据源的授权不应是对其记录本身，而是它包含表中的数据。
+	 * 所以，这里扩展了Authorization.PERMISSION_READ_START权限，授予下面这些权限，都是对数据源记录本身的读权限。
+	 */
+
 	/** 数据源内的表数据权限：读取 */
-	public static final int PERMISSION_TABLE_DATA_READ = Authorization.PERMISSION_READ + 1;
+	public static final int PERMISSION_TABLE_DATA_READ = Authorization.PERMISSION_READ_START + 3;
 
 	/** 数据源内的表数据权限：编辑 */
-	public static final int PERMISSION_TABLE_DATA_EDIT = Authorization.PERMISSION_READ + 2;
+	public static final int PERMISSION_TABLE_DATA_EDIT = Authorization.PERMISSION_READ_START + 6;
 
 	/** 数据源内的表数据权限：删除 */
-	public static final int PERMISSION_TABLE_DATA_DELETE = Authorization.PERMISSION_READ + 3;
+	public static final int PERMISSION_TABLE_DATA_DELETE = Authorization.PERMISSION_READ_START + 9;
+
+	/*------------------------------------------------------*/
 
 	/** 标题 */
 	private String title;
@@ -47,9 +55,6 @@ public class Schema extends AbstractStringIdEntity
 	/** 此模式的创建时间 */
 	private Date createTime;
 
-	/** 是否共享的 */
-	private boolean shared = false;
-
 	/** 数据库驱动程序路径名 */
 	private DriverEntity driverEntity;
 
@@ -142,16 +147,6 @@ public class Schema extends AbstractStringIdEntity
 		this.createTime = createTime;
 	}
 
-	public boolean isShared()
-	{
-		return shared;
-	}
-
-	public void setShared(boolean shared)
-	{
-		this.shared = shared;
-	}
-
 	public boolean hasDriverEntity()
 	{
 		if (this.driverEntity == null)
@@ -200,7 +195,6 @@ public class Schema extends AbstractStringIdEntity
 	public String toString()
 	{
 		return getClass().getSimpleName() + " [title=" + title + ", url=" + url + ", user=" + user + ", createUser="
-				+ createUser + ", createTime=" + createTime + ", shared=" + shared + ", driverEntity=" + driverEntity
-				+ "]";
+				+ createUser + ", createTime=" + createTime + ", driverEntity=" + driverEntity + "]";
 	}
 }
diff --git a/datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisDataPermissionEntityService.java b/datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisDataPermissionEntityService.java
index e8bf034d..a5608d76 100644
--- a/datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisDataPermissionEntityService.java
+++ b/datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisDataPermissionEntityService.java
@@ -51,7 +51,7 @@ public abstract class AbstractMybatisDataPermissionEntityService<ID, T extends E
 		List<ID> ids = new ArrayList<ID>(1);
 		ids.add(id);
 
-		List<Integer> permissions = getPermissions(user, ids, Authorization.PERMISSION_NONE);
+		List<Integer> permissions = getPermissions(user, ids, Authorization.PERMISSION_NONE_START);
 
 		return permissions.get(0);
 	}
@@ -61,7 +61,7 @@ public abstract class AbstractMybatisDataPermissionEntityService<ID, T extends E
 	{
 		List<ID> idList = Arrays.asList(ids);
 
-		List<Integer> permissions = getPermissions(user, idList, Authorization.PERMISSION_NONE);
+		List<Integer> permissions = getPermissions(user, idList, Authorization.PERMISSION_NONE_START);
 
 		int[] re = new int[permissions.size()];
 
@@ -229,7 +229,7 @@ public abstract class AbstractMybatisDataPermissionEntityService<ID, T extends E
 		params.put(DATA_PERMISSION_PARAM_RESOURCE_TYPE, resourceType);
 		params.put(DATA_PERMISSION_PARAM_RESOURCE_SUPPORT_PATTERN, resourceSupportPattern);
 		params.put(DATA_PERMISSION_PARAM_RESOURCE_HAS_CREATOR, resourceHasCreator);
-		params.put(DATA_PERMISSION_PARAM_MIN_READ_PERMISSION, Authorization.PERMISSION_READ);
-		params.put(DATA_PERMISSION_PARAM_MAX_PERMISSION, Authorization.PERMISSION_DELETE);
+		params.put(DATA_PERMISSION_PARAM_MIN_READ_PERMISSION, Authorization.PERMISSION_READ_START);
+		params.put(DATA_PERMISSION_PARAM_MAX_PERMISSION, Authorization.PERMISSION_MAX);
 	}
 }
diff --git a/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml b/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
index a908e032..20590731 100644
--- a/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
+++ b/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
@@ -142,7 +142,8 @@
 			) AS ${_iq_}resourceName${_iq_},
 			(
 				CASE A.AUTH_PRINCIPAL_TYPE
-					WHEN 'ALL' THEN 'ALL'
+					WHEN 'ALL' THEN 'all'
+					WHEN 'ANONYMOUS' THEN 'anonymous'
 					WHEN 'ROLE' THEN C.ROLE_NAME
 					WHEN 'USER' THEN
 					(
diff --git a/datagear-management/src/main/resources/org/datagear/management/mapper/SchemaMapper.xml b/datagear-management/src/main/resources/org/datagear/management/mapper/SchemaMapper.xml
index f47a41a5..25066a4e 100644
--- a/datagear-management/src/main/resources/org/datagear/management/mapper/SchemaMapper.xml
+++ b/datagear-management/src/main/resources/org/datagear/management/mapper/SchemaMapper.xml
@@ -7,12 +7,12 @@
 		INSERT INTO DATAGEAR_SCHEMA
 			(
 			SCHEMA_ID, SCHEMA_TITLE, SCHEMA_URL, SCHEMA_USER, SCHEMA_PASSWORD,
-			SCHEMA_CREATE_USER_ID, SCHEMA_CREATE_TIME, SCHEMA_SHARED, DRIVER_ENTITY_ID
+			SCHEMA_CREATE_USER_ID, SCHEMA_CREATE_TIME, DRIVER_ENTITY_ID
 			)
 		VALUES
 			(
 			#{entity.id}, #{entity.title}, #{entity.url}, #{entity.user}, #{entity.password},
-			#{entity.createUser.id}, #{entity.createTime}, #{entity.shared}, #{entity.driverEntity.id, jdbcType=VARCHAR}
+			#{entity.createUser.id}, #{entity.createTime}, #{entity.driverEntity.id, jdbcType=VARCHAR}
 			)
 	</insert>
 	
@@ -22,7 +22,6 @@
 			SCHEMA_URL = #{entity.url},
 			SCHEMA_USER = #{entity.user},
 			SCHEMA_PASSWORD = #{entity.password},
-			SCHEMA_SHARED = #{entity.shared},
 			DRIVER_ENTITY_ID = #{entity.driverEntity.id, jdbcType=VARCHAR}
 		WHERE
 			SCHEMA_ID = #{entity.id}
@@ -122,7 +121,6 @@
 			A.SCHEMA_USER AS ${_iq_}user${_iq_},
 			A.SCHEMA_PASSWORD AS ${_iq_}password${_iq_},
 			A.SCHEMA_CREATE_TIME AS ${_iq_}createTime${_iq_},
-			A.SCHEMA_SHARED AS ${_iq_}shared${_iq_},
 			A.DRIVER_ENTITY_ID AS ${_iq_}driverEntity.id${_iq_},
 			A.SCHEMA_CREATE_USER_ID AS ${_iq_}createUser.id${_iq_},
 			B.USER_NAME AS ${_iq_}createUser.name${_iq_},
diff --git a/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java b/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
index f5c7c973..22c46449 100644
--- a/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
+++ b/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
@@ -60,9 +60,6 @@ public class AuthorizationController extends AbstractController
 	@RequestMapping("/add")
 	public String add(HttpServletRequest request, org.springframework.ui.Model model)
 	{
-		Authorization authorization = new Authorization();
-
-		model.addAttribute("authorization", authorization);
 		model.addAttribute(KEY_TITLE_MESSAGE_KEY, "authorization.addAuthorization");
 		model.addAttribute(KEY_FORM_ACTION, "saveAdd");
 
diff --git a/datagear-web/src/main/java/org/datagear/web/controller/SchemaController.java b/datagear-web/src/main/java/org/datagear/web/controller/SchemaController.java
index bf0edaa9..b6365972 100644
--- a/datagear-web/src/main/java/org/datagear/web/controller/SchemaController.java
+++ b/datagear-web/src/main/java/org/datagear/web/controller/SchemaController.java
@@ -94,7 +94,6 @@ public class SchemaController extends AbstractSchemaModelConnController
 				schema.setTitle(sourceSchema.getTitle());
 				schema.setUrl(sourceSchema.getUrl());
 				schema.setUser(sourceSchema.getUser());
-				schema.setShared(sourceSchema.isShared());
 				schema.setDriverEntity(sourceSchema.getDriverEntity());
 			}
 		}
diff --git a/datagear-web/src/main/java/org/datagear/web/freemarker/CustomFreeMarkerView.java b/datagear-web/src/main/java/org/datagear/web/freemarker/CustomFreeMarkerView.java
index 31031bb8..e531941b 100644
--- a/datagear-web/src/main/java/org/datagear/web/freemarker/CustomFreeMarkerView.java
+++ b/datagear-web/src/main/java/org/datagear/web/freemarker/CustomFreeMarkerView.java
@@ -11,6 +11,10 @@ import javax.servlet.http.HttpServletRequest;
 import org.datagear.web.util.WebUtils;
 import org.springframework.web.servlet.view.freemarker.FreeMarkerView;
 
+import freemarker.ext.beans.BeansWrapper;
+import freemarker.ext.beans.BeansWrapperBuilder;
+import freemarker.template.Configuration;
+
 /**
  * 自定义{@linkplain FreeMarkerView}，实现一些本系统需要的特性。
  * 
@@ -31,6 +35,12 @@ public class CustomFreeMarkerView extends FreeMarkerView
 	/** 变量：父页面ID关键字 */
 	public static final String VAR_PARENT_PAGE_ID = WebUtils.KEY_PARENT_PAGE_ID;
 
+	/** 变量：访问Java静态变量关键字 */
+	public static final String VAR_STATICS = "statics";
+
+	private static final BeansWrapper BEANS_WRAPPER = new BeansWrapperBuilder(
+			Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS).build();
+
 	public CustomFreeMarkerView()
 	{
 		super();
@@ -46,5 +56,6 @@ public class CustomFreeMarkerView extends FreeMarkerView
 
 		model.put(VAR_PAGE_ID, WebUtils.generatePageId());
 		model.put(VAR_PARENT_PAGE_ID, WebUtils.getParentPageId(request));
+		model.put(VAR_STATICS, BEANS_WRAPPER.getStaticModels());
 	}
 }
diff --git a/datagear-web/src/main/resources/locales/datagear.properties b/datagear-web/src/main/resources/locales/datagear.properties
index adf30850..ef21540f 100644
--- a/datagear-web/src/main/resources/locales/datagear.properties
+++ b/datagear-web/src/main/resources/locales/datagear.properties
@@ -293,7 +293,6 @@ schema.url=\u6570\u636E\u5E93URL
 schema.user=\u6570\u636E\u5E93\u7528\u6237
 schema.password=\u6570\u636E\u5E93\u5BC6\u7801
 schema.driverEntity=\u6570\u636E\u5E93\u9A71\u52A8\u7A0B\u5E8F
-schema.shared=\u662F\u5426\u516C\u5F00
 schema.urlHelp=\u6570\u636E\u5E93\u7684JDBC\u8FDE\u63A5URL\uFF0C\u70B9\u51FB\u53EF\u6253\u5F00\u8BBE\u7F6E\u5E2E\u52A9\u9875\u9762
 schema.schemaBuildUrl=\u8BBE\u7F6E\u6570\u636E\u5E93URL
 schema.url.dbType=\u6570\u636E\u5E93\u7C7B\u578B
@@ -541,7 +540,14 @@ authorization.principalType=\u6388\u6743\u4E3B\u4F53\u7C7B\u578B
 authorization.permission=\u6743\u9650
 authorization.permission.NONE=\u65E0
 authorization.permission.READ=\u53EA\u8BFB
-authorization.permission.EDIT=\u53EF\u5199
-authorization.permission.DELETE=\u5220\u9664
+authorization.permission.EDIT=\u53EF\u7F16\u8F91
+authorization.permission.DELETE=\u53EF\u5220\u9664
 authorization.enabled=\u662F\u5426\u542F\u7528
-authorization.createUser=\u521B\u5EFA\u7528\u6237
+authorization.createUser=\u8BBE\u7F6E\u7528\u6237
+authorization.resourceType.DATA_SOURCE=\u6307\u5B9A\u6570\u636E\u6E90
+authorization.resourceType.DATA_SOURCE_PATTERN=\u6570\u636E\u6E90URL\u901A\u914D
+authorization.resourceType.DATA_SOURCE_PATTERN.desc=\u5728[\u6388\u6743\u8D44\u6E90]\u8F93\u5165\u6846\u4E2D\u586B\u5199\u6570\u636E\u6E90URL\u901A\u914D\u7B26\uFF0C\u9488\u5BF9\u6240\u6709\u5339\u914D\u7684\u6570\u636E\u6E90\u6388\u6743\uFF0C\u4F8B\u5982\uFF1A*192.168.1.1*
+authorization.principalType.ROLE=\u6307\u5B9A\u7528\u6237\u7EC4
+authorization.principalType.USER=\u6307\u5B9A\u7528\u6237
+authorization.principalType.ANONYMOUS=\u5168\u90E8\u533F\u540D\u7528\u6237
+authorization.principalType.ALL=\u5168\u90E8\u7528\u6237
\ No newline at end of file
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_form.ftl b/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_form.ftl
index 7fc3b3ed..0a9494fb 100644
--- a/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_form.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_form.ftl
@@ -8,6 +8,12 @@ readonly 是否只读操作，允许为null
 <#assign formAction=(formAction!'#')>
 <#assign readonly=(readonly!false)>
 <#assign isAdd=(formAction == 'saveAdd')>
+<#assign Authorization=statics['org.datagear.management.domain.Authorization']>
+<#assign Schema=statics['org.datagear.management.domain.Schema']>
+<#assign resourceType=((authorization.resourceType)!Authorization.RESOURCE_TYPE_DATA_SOURCE)>
+<#assign principalType=((authorization.principalType)!Authorization.PRINCIPAL_TYPE_ROLE)>
+<#assign permission=((authorization.permission)!Schema.PERMISSION_TABLE_DATA_READ)>
+<#assign enabled=(((authorization.enabled)!true)?string('true', 'false'))>
 <html>
 <head>
 <#include "../include/html_head.ftl">
@@ -19,6 +25,19 @@ readonly 是否只读操作，允许为null
 		<div class="form-head"></div>
 		<div class="form-content">
 			<input type="hidden" name="id" value="${(authorization.id)!''?html}" />
+			<div class="form-item">
+				<div class="form-item-label">
+					<label><@spring.message code='authorization.resourceType' /></label>
+				</div>
+				<div class="form-item-value">
+					<div class="resourceType-radios">
+						<label for="${pageId}-resourceType_0"><@spring.message code='authorization.resourceType.DATA_SOURCE' /></label>
+			   			<input type="radio" id="${pageId}-resourceType_0" name="resourceType" value="${Authorization.RESOURCE_TYPE_DATA_SOURCE}" />
+						<label for="${pageId}-resourceType_1" title="<@spring.message code='authorization.resourceType.DATA_SOURCE_PATTERN.desc' />"><@spring.message code='authorization.resourceType.DATA_SOURCE_PATTERN' /></label>
+			   			<input type="radio" id="${pageId}-resourceType_1" name="resourceType" value="${Authorization.RESOURCE_TYPE_DATA_SOURCE + Authorization.PATTERN_RESOURCE_TYPE_SUFFIX}"  />
+		   			</div>
+				</div>
+			</div>
 			<div class="form-item">
 				<div class="form-item-label">
 					<label><@spring.message code='authorization.resource' /></label>
@@ -29,10 +48,19 @@ readonly 是否只读操作，允许为null
 			</div>
 			<div class="form-item">
 				<div class="form-item-label">
-					<label><@spring.message code='authorization.resourceType' /></label>
+					<label><@spring.message code='authorization.principalType' /></label>
 				</div>
 				<div class="form-item-value">
-					<input type="text" name="resourceType" value="${(authorization.resourceType)!''?html}" class="ui-widget ui-widget-content" />
+					<div class="principalType-radios">
+						<label for="${pageId}-principalType_0"><@spring.message code='authorization.principalType.USER' /></label>
+			   			<input type="radio" id="${pageId}-principalType_0" name="principalType" value="${Authorization.PRINCIPAL_TYPE_USER}" />
+						<label for="${pageId}-principalType_1"><@spring.message code='authorization.principalType.ROLE' /></label>
+			   			<input type="radio" id="${pageId}-principalType_1" name="principalType" value="${Authorization.PRINCIPAL_TYPE_ROLE}" />
+						<label for="${pageId}-principalType_2"><@spring.message code='authorization.principalType.ANONYMOUS' /></label>
+			   			<input type="radio" id="${pageId}-principalType_2" name="principalType" value="${Authorization.PRINCIPAL_TYPE_ANONYMOUS}" />
+						<label for="${pageId}-principalType_3"><@spring.message code='authorization.principalType.ALL' /></label>
+			   			<input type="radio" id="${pageId}-principalType_3" name="principalType" value="${Authorization.PRINCIPAL_TYPE_ALl}" />
+		   			</div>
 				</div>
 			</div>
 			<div class="form-item">
@@ -43,20 +71,21 @@ readonly 是否只读操作，允许为null
 					<input type="text" name="principal" value="${(authorization.principal)!''?html}" class="ui-widget ui-widget-content" />
 				</div>
 			</div>
-			<div class="form-item">
-				<div class="form-item-label">
-					<label><@spring.message code='authorization.principalType' /></label>
-				</div>
-				<div class="form-item-value">
-					<input type="text" name="principalType" value="${(authorization.principalType)!''?html}" class="ui-widget ui-widget-content" />
-				</div>
-			</div>
 			<div class="form-item">
 				<div class="form-item-label">
 					<label><@spring.message code='authorization.permission' /></label>
 				</div>
 				<div class="form-item-value">
-					<input type="text" name="permission" value="${(authorization.permission)!''?html}" class="ui-widget ui-widget-content" />
+					<div class="permission-radios">
+						<label for="${pageId}-permission_0"><@spring.message code='authorization.permission.READ' /></label>
+			   			<input type="radio" id="${pageId}-permission_0" name="permission" value="${Schema.PERMISSION_TABLE_DATA_READ}" />
+						<label for="${pageId}-permission_1"><@spring.message code='authorization.permission.EDIT' /></label>
+			   			<input type="radio" id="${pageId}-permission_1" name="permission" value="${Schema.PERMISSION_TABLE_DATA_EDIT}" />
+						<label for="${pageId}-permission_2"><@spring.message code='authorization.permission.DELETE' /></label>
+			   			<input type="radio" id="${pageId}-permission_2" name="permission" value="${Schema.PERMISSION_TABLE_DATA_DELETE}" />
+						<label for="${pageId}-permission_3"><@spring.message code='authorization.permission.NONE' /></label>
+			   			<input type="radio" id="${pageId}-permission_3" name="permission" value="${Authorization.PERMISSION_NONE_START}" />
+		   			</div>
 				</div>
 			</div>
 			<div class="form-item">
@@ -64,11 +93,11 @@ readonly 是否只读操作，允许为null
 					<label><@spring.message code='authorization.enabled' /></label>
 				</div>
 				<div class="form-item-value">
-					<div class="authorizationEnabled-radios">
-					<label for="${pageId}-authorizationEnabledYes"><@spring.message code='yes' /></label>
-		   			<input type="radio" id="${pageId}-authorizationEnabledYes" name="enabled" value="1" <#if (authorization.enabled)!false>checked="checked"</#if> />
-					<label for="${pageId}-authorizationEnabledNo"><@spring.message code='no' /></label>
-		   			<input type="radio" id="${pageId}-authorizationEnabledNo" name="enabled" value="0" <#if !((authorization.enabled)!false)>checked="checked"</#if> />
+					<div class="enabled-radios">
+						<label for="${pageId}-enabled_0"><@spring.message code='yes' /></label>
+			   			<input type="radio" id="${pageId}-enabled_0" name="enabled" value="true" />
+						<label for="${pageId}-enabled_1"><@spring.message code='no' /></label>
+			   			<input type="radio" id="${pageId}-enabled_1" name="enabled" value="false" />
 		   			</div>
 				</div>
 			</div>
@@ -88,8 +117,22 @@ readonly 是否只读操作，允许为null
 (function(po)
 {
 	$.initButtons(po.element());
+	
+	po.element("input[name='resourceType'][value='${resourceType}']").attr("checked", "checked");
+	po.element("input[name='resourceType']").checkboxradio({icon:false});
+	po.element(".resourceType-radios").controlgroup();
+	
+	po.element("input[name='principalType'][value='${principalType}']").attr("checked", "checked");
+	po.element("input[name='principalType']").checkboxradio({icon:false});
+	po.element(".principalType-radios").controlgroup();
+	
+	po.element("input[name='permission'][value='${permission}']").attr("checked", "checked");
+	po.element("input[name='permission']").checkboxradio({icon:false});
+	po.element(".permission-radios").controlgroup();
+	
+	po.element("input[name='enabled'][value='${enabled}']").attr("checked", "checked");
 	po.element("input[name='enabled']").checkboxradio({icon:false});
-	po.element(".authorizationEnabled-radios").controlgroup();
+	po.element(".enabled-radios").controlgroup();
 	
 	po.url = function(action)
 	{
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl b/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl
index 76258d71..f2d92fff 100644
--- a/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl
@@ -44,6 +44,8 @@ String authorizationSourceType 固定授权源类型，允许为null
 <#include "../include/page_js_obj.ftl">
 <#include "../include/page_obj_searchform_js.ftl">
 <#include "../include/page_obj_grid.ftl">
+<#include "../include/page_obj_data_permission.ftl">
+<#include "../include/page_obj_data_permission__ds_table.ftl">
 <script type="text/javascript">
 (function(po)
 {
@@ -135,7 +137,7 @@ String authorizationSourceType 固定授权源类型，允许为null
 	var columnPermission = $.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.permission' />", "permission");
 	columnPermission.render = function(data, type, row, meta)
 	{
-		return data;
+		return po.toTableDataPermissionLabel(data);
 	};
 	
 	var tableColumns = [
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission.ftl b/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission.ftl
new file mode 100644
index 00000000..91820c03
--- /dev/null
+++ b/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission.ftl
@@ -0,0 +1,57 @@
+<#--
+数据权限JS片段。
+
+依赖：
+page_js_obj.jsp
+-->
+<#assign __podpAuthorization=statics['org.datagear.management.domain.Authorization']>
+<script type="text/javascript">
+(function(po)
+{
+	po.canRead = function(dataOrPermission)
+	{
+		if(dataOrPermission == null)
+			return false;
+		
+		if(dataOrPermission.dataPermission != undefined)
+			dataOrPermission = dataOrPermission.dataPermission;
+		
+		return ${__podpAuthorization.PERMISSION_READ_START} <= dataOrPermission;
+	};
+	
+	po.canEdit = function(dataOrPermission)
+	{
+		if(dataOrPermission == null)
+			return false;
+		
+		if(dataOrPermission.dataPermission != undefined)
+			dataOrPermission = dataOrPermission.dataPermission;
+		
+		return ${__podpAuthorization.PERMISSION_EDIT_START} <= dataOrPermission;
+	};
+	
+	po.canDelete = function(dataOrPermission)
+	{
+		if(dataOrPermission == null)
+			return false;
+		
+		if(dataOrPermission.dataPermission != undefined)
+			dataOrPermission = dataOrPermission.dataPermission;
+		
+		return ${__podpAuthorization.PERMISSION_DELETE_START} <= dataOrPermission;
+	};
+	
+	po.toPermissionLabel = function(dataOrPermission)
+	{
+		if(po.canDelete(dataOrPermission))
+			return "<@spring.message code='authorization.permission.DELETE' />";
+		else if(po.canEdit(dataOrPermission))
+			return "<@spring.message code='authorization.permission.EDIT' />";
+		else if(po.canRead(dataOrPermission))
+			return "<@spring.message code='authorization.permission.READ' />";
+		else
+			return "<@spring.message code='authorization.permission.NONE' />";
+	};
+})
+(${pageId});
+</script>
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission__ds_table.ftl b/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission__ds_table.ftl
new file mode 100644
index 00000000..34d39fc9
--- /dev/null
+++ b/datagear-web/src/main/webapp/WEB-INF/view/include/page_obj_data_permission__ds_table.ftl
@@ -0,0 +1,57 @@
+<#--
+数据源表权限JS片段。
+
+依赖：
+page_js_obj.jsp
+-->
+<#assign __podpSchema=statics['org.datagear.management.domain.Schema']>
+<script type="text/javascript">
+(function(po)
+{
+	po.canReadTableData = function(schemaOrPermission)
+	{
+		if(schemaOrPermission == null)
+			return false;
+		
+		if(schemaOrPermission.dataPermission != undefined)
+			schemaOrPermission = schemaOrPermission.dataPermission;
+		
+		return ${__podpSchema.PERMISSION_TABLE_DATA_READ} <= schemaOrPermission;
+	};
+	
+	po.canEditTableData = function(schemaOrPermission)
+	{
+		if(schemaOrPermission == null)
+			return false;
+		
+		if(schemaOrPermission.dataPermission != undefined)
+			schemaOrPermission = schemaOrPermission.dataPermission;
+		
+		return ${__podpSchema.PERMISSION_TABLE_DATA_EDIT} <= schemaOrPermission;
+	};
+	
+	po.canDeleteTableData = function(schemaOrPermission)
+	{
+		if(schemaOrPermission == null)
+			return false;
+		
+		if(schemaOrPermission.dataPermission != undefined)
+			schemaOrPermission = schemaOrPermission.dataPermission;
+		
+		return ${__podpSchema.PERMISSION_TABLE_DATA_DELETE} <= schemaOrPermission;
+	};
+	
+	po.toTableDataPermissionLabel = function(schemaOrPermission)
+	{
+		if(po.canDeleteTableData(schemaOrPermission))
+			return "<@spring.message code='authorization.permission.DELETE' />";
+		else if(po.canEditTableData(schemaOrPermission))
+			return "<@spring.message code='authorization.permission.EDIT' />";
+		else if(po.canReadTableData(schemaOrPermission))
+			return "<@spring.message code='authorization.permission.READ' />";
+		else
+			return "<@spring.message code='authorization.permission.NONE' />";
+	};
+})
+(${pageId});
+</script>
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/main.ftl b/datagear-web/src/main/webapp/WEB-INF/view/main.ftl
index 4fea0581..98dced53 100644
--- a/datagear-web/src/main/webapp/WEB-INF/view/main.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/main.ftl
@@ -6,6 +6,7 @@
 <title><@spring.message code='app.name' /></title>
 <#include "include/page_js_obj.ftl" >
 <#include "include/page_obj_tabs.ftl" >
+<#include "include/page_obj_data_permission.ftl" >
 <script type="text/javascript">
 (function(po)
 {
@@ -491,30 +492,22 @@
 						menuItemEnables["schema-operation-view"] = false;
 					}
 					
-					var diableEditAndDelete = false;
-					
-					//管理员、创建用户才能编辑和删除数据库
 					for(var i=0; i<selNodes.length; i++)
 					{
 						if(!po.isSchemaNode(selNodes[i]))
 						{
-							diableEditAndDelete = true;
+							menuItemEnables["schema-operation-edit"] = false;
+							menuItemEnables["schema-operation-delete"] = false;
 							break;
 						}
 						
 						var schema = selNodes[i].original;
 						
-						if(!po.isAdmin && schema.createUser != undefined && schema.createUser.id != po.userId)
-						{
-							diableEditAndDelete = true;
-							break;
-						}
-					}
-					
-					if(diableEditAndDelete)
-					{
-						menuItemEnables["schema-operation-edit"] = false;
-						menuItemEnables["schema-operation-delete"] = false;
+						if(!po.canEdit(schema))
+							menuItemEnables["schema-operation-edit"] = false;
+						
+						if(!po.canDelete(schema))
+							menuItemEnables["schema-operation-delete"] = false;
 					}
 					
 					//如果有选中，且全都是数据库或者全都是表，则启用刷新按钮
diff --git a/datagear-web/src/main/webapp/WEB-INF/view/schema/schema_form.ftl b/datagear-web/src/main/webapp/WEB-INF/view/schema/schema_form.ftl
index 3aa371f1..dbb74dac 100644
--- a/datagear-web/src/main/webapp/WEB-INF/view/schema/schema_form.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/schema/schema_form.ftl
@@ -55,19 +55,6 @@ readonly 是否只读操作，允许为null
 				</div>
 			</div>
 			</#if>
-			<div class="form-item">
-				<div class="form-item-label">
-					<label><@spring.message code='schema.shared' /></label>
-				</div>
-				<div class="form-item-value">
-					<div class="schema-shared-radios">
-					<label for="${pageId}-schemaSharedYes"><@spring.message code='yes' /></label>
-		   			<input type="radio" id="${pageId}-schemaSharedYes" name="shared" value="1" <#if (schema.shared)!false>checked="checked"</#if> />
-					<label for="${pageId}-schemaSharedNo"><@spring.message code='no' /></label>
-		   			<input type="radio" id="${pageId}-schemaSharedNo" name="shared" value="0" <#if !((schema.shared)!false)>checked="checked"</#if> />
-		   			</div>
-				</div>
-			</div>
 			<#if !readonly>
 			<div class="form-item">
 				<div class="form-item-label">
@@ -202,9 +189,6 @@ readonly 是否只读操作，允许为null
 	});
 	</#if>
 	
-	po.element("input[name='shared']").checkboxradio({icon:false});
-	po.element(".schema-shared-radios").controlgroup();
-	
 	$.initButtons(po.element());
 	
 	if(po.isDriverEntityEmpty)