diff --git a/docs/install/env.md b/docs/install/env.md
index 6f64f1db66..4787fb757a 100644
--- a/docs/install/env.md
+++ b/docs/install/env.md
@@ -29,7 +29,7 @@
 | BK_REPO_GATEWAY_DNS_ADDR   | 网关dns解析服务地址      | 127.0.0.1:53                                                                                          |
 | BK_REPO_SERVICE_PREFIX     | bkrepo微服务前缀      | bkrepo-                                                                                               |
 | BK_REPO_DEPLOY_MODE        | bkrepo部署模式       | standalone / ci                                                                                       |
-
+| BK_REPO_RELEASE_MODE        | bkrepo发行模式       | devx / community                                                                                             |
 ## consul配置项
 
 | 配置项                     | 说明            | 示例      |
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/RepoModeController.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/RepoModeController.kt
index 8a7a3c386b..b6462b6f04 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/RepoModeController.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/user/RepoModeController.kt
@@ -65,7 +65,7 @@ class RepoModeController(
     ): Response<RepoModeStatus> {
         with(request) {
             preCheckProjectAdmin(projectId)
-            repoModeService.createOrUpdateConfig(projectId, repoName, controlEnable, officeDenyGroupSet)
+            repoModeService.createOrUpdateConfig(projectId, repoName, accessControlMode, officeDenyGroupSet)
             return ResponseBuilder.success(
                 repoModeService.getAccessControlStatus(projectId, repoName)
             )
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/RepoAuthConfigDao.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/RepoAuthConfigDao.kt
index 829210e1b8..2b2316c0ec 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/RepoAuthConfigDao.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/RepoAuthConfigDao.kt
@@ -29,6 +29,7 @@
 package com.tencent.bkrepo.auth.dao
 
 import com.tencent.bkrepo.auth.model.TRepoAuthConfig
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
 import com.tencent.bkrepo.common.mongo.dao.simple.SimpleMongoDao
 import com.tencent.bkrepo.common.security.util.SecurityUtils
 import org.springframework.data.mongodb.core.FindAndModifyOptions
@@ -52,7 +53,7 @@ class RepoAuthConfigDao : SimpleMongoDao<TRepoAuthConfig>() {
     fun upsertProjectRepo(
         projectId: String,
         repoName: String,
-        status: Boolean,
+        accessControlMode: AccessControlMode,
         officeDenyGroupSet: Set<String>
     ): String {
         val query = Query.query(
@@ -60,7 +61,7 @@ class RepoAuthConfigDao : SimpleMongoDao<TRepoAuthConfig>() {
                 .and(TRepoAuthConfig::repoName.name).`is`(repoName)
         )
         val options = FindAndModifyOptions().returnNew(true).upsert(true)
-        val update = Update().set(TRepoAuthConfig::accessControl.name, status)
+        val update = Update().set(TRepoAuthConfig::accessControlMode.name, accessControlMode)
             .set(TRepoAuthConfig::officeDenyGroupSet.name, officeDenyGroupSet)
             .set(TRepoAuthConfig::lastModifiedBy.name, SecurityUtils.getUserId())
             .set(TRepoAuthConfig::lastModifiedDate.name, LocalDateTime.now())
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/model/TRepoAuthConfig.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/model/TRepoAuthConfig.kt
index a53545175a..1c6bb21b52 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/model/TRepoAuthConfig.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/model/TRepoAuthConfig.kt
@@ -31,6 +31,7 @@
 
 package com.tencent.bkrepo.auth.model
 
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
 import org.springframework.data.mongodb.core.index.CompoundIndex
 import org.springframework.data.mongodb.core.index.CompoundIndexes
 import org.springframework.data.mongodb.core.mapping.Document
@@ -39,13 +40,14 @@ import java.time.LocalDateTime
 @Document("repo_auth_mode")
 @CompoundIndexes(
     CompoundIndex(name = "repo_idx", def = "{'projectId': 1, 'repoName': 1}", background = true, unique = true),
-    CompoundIndex(name = "access_ctrl_idx", def = "{'accessControl': 1}", background = true)
+    CompoundIndex(name = "access_ctrl_idx", def = "{'accessControlMode': 1}", background = true)
 )
 data class TRepoAuthConfig(
     var id: String? = null,
     var projectId: String,
     var repoName: String,
-    var accessControl: Boolean,
+    var accessControl: Boolean?,
+    var accessControlMode: AccessControlMode?,
     var officeDenyGroupSet: Set<String>?,
     var lastModifiedBy: String,
     val lastModifiedDate: LocalDateTime
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/authconfig/RepoAuthStatusRequest.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/authconfig/RepoAuthStatusRequest.kt
index 3236650327..0d42f04689 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/authconfig/RepoAuthStatusRequest.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/authconfig/RepoAuthStatusRequest.kt
@@ -31,11 +31,12 @@
 
 package com.tencent.bkrepo.auth.pojo.authconfig
 
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
+
 data class RepoAuthStatusRequest(
     val projectId: String,
     val repoName: String,
-    val status: Boolean = false,
-    val controlEnable: Boolean = false,
+    val accessControlMode: AccessControlMode?,
     val officeDenyGroupSet: Set<String> = emptySet()
 
 )
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/AccessControlMode.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/AccessControlMode.kt
new file mode 100644
index 0000000000..b14027c2a4
--- /dev/null
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/AccessControlMode.kt
@@ -0,0 +1,41 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2020 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package com.tencent.bkrepo.auth.pojo.enums
+
+enum class AccessControlMode {
+    // 严格模式
+    STRICT,
+    // 任意下载
+    DEFAULT,
+    // 目录控制
+    DIR_CTRL
+}
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/permission/RepoModeStatus.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/permission/RepoModeStatus.kt
index 341d722f8b..8f970b8e2a 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/permission/RepoModeStatus.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/permission/RepoModeStatus.kt
@@ -1,8 +1,9 @@
 package com.tencent.bkrepo.auth.pojo.permission
 
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
+
 data class RepoModeStatus(
     val id: String,
-    val status: Boolean = false,
-    val controlEnable: Boolean =false,
+    val accessControlMode: AccessControlMode?,
     val officeDenyGroupSet: Set<String> = emptySet()
 )
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/RepoModeService.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/RepoModeService.kt
index caf09d5cf8..7d36e6933c 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/RepoModeService.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/RepoModeService.kt
@@ -33,6 +33,7 @@
 package com.tencent.bkrepo.auth.service
 
 
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
 import com.tencent.bkrepo.auth.pojo.permission.RepoModeStatus
 
 interface RepoModeService {
@@ -40,9 +41,9 @@ interface RepoModeService {
     fun createOrUpdateConfig(
         projectId: String,
         repoName: String,
-        controlEnable: Boolean,
+        accessControlMode: AccessControlMode?,
         officeDenyGroupSet: Set<String>
-    ): RepoModeStatus
+    ): RepoModeStatus?
 
     fun getAccessControlStatus(projectId: String, repoName: String): RepoModeStatus
 
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt
index 6592e86f50..a77423d0dd 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt
@@ -122,10 +122,13 @@ class DevopsPermissionServiceImpl constructor(
         return allProjectList.distinct()
     }
 
+    override fun listPermissionPath(userId: String, projectId: String, repoName: String): List<String>? {
+        if (isDevopsProjectAdmin(userId, projectId)) return null
+        return super.listPermissionPath(userId, projectId, repoName)
+    }
+
     override fun listNoPermissionPath(userId: String, projectId: String, repoName: String): List<String> {
-        if (isDevopsProjectAdmin(userId, projectId)) {
-            return emptyList()
-        }
+        if (isDevopsProjectAdmin(userId, projectId)) return emptyList()
         return super.listNoPermissionPath(userId, projectId, repoName)
     }
 
@@ -258,7 +261,7 @@ class DevopsPermissionServiceImpl constructor(
     }
 
     private fun needCheckPathPermission(resourceType: String, projectId: String, repoName: String): Boolean {
-        return devopsAuthConfig.enablePathCheck && resourceType == NODE.name && needNodeCheck(projectId, repoName)
+        return resourceType == NODE.name && needNodeCheck(projectId, repoName)
     }
 
     private fun checkDevopsPipelinePermission(context: CheckPermissionContext): Boolean {
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/RepoModeServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/RepoModeServiceImpl.kt
index c8ad92e94f..e8e4239c63 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/RepoModeServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/impl/RepoModeServiceImpl.kt
@@ -31,44 +31,61 @@
 
 package com.tencent.bkrepo.auth.service.impl
 
+import com.tencent.bkrepo.auth.dao.PermissionDao
 import com.tencent.bkrepo.auth.dao.RepoAuthConfigDao
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode
+import com.tencent.bkrepo.auth.pojo.enums.ResourceType
 import com.tencent.bkrepo.auth.pojo.permission.RepoModeStatus
 import com.tencent.bkrepo.auth.service.RepoModeService
+import com.tencent.bkrepo.repository.api.RepositoryClient
 import org.springframework.stereotype.Service
 
 @Service
 class RepoModeServiceImpl(
-    private val repoAuthConfigDao: RepoAuthConfigDao
+    private val repoAuthConfigDao: RepoAuthConfigDao,
+    private val permissionDao: PermissionDao,
+    private val repoClient: RepositoryClient,
 ) : RepoModeService {
 
     override fun createOrUpdateConfig(
         projectId: String,
         repoName: String,
-        controlEnable: Boolean,
+        accessControlMode: AccessControlMode?,
         officeDenyGroupSet: Set<String>
-    ): RepoModeStatus {
-        val id = repoAuthConfigDao.upsertProjectRepo(projectId, repoName, controlEnable, officeDenyGroupSet)
-        return RepoModeStatus(id, controlEnable, controlEnable, officeDenyGroupSet)
+    ): RepoModeStatus? {
+        val repoDetail = repoClient.getRepoDetail(projectId, repoName).data ?: return null
+        if (repoDetail.public) return null
+        var controlMode = accessControlMode
+        if (accessControlMode == null) {
+            controlMode = AccessControlMode.DEFAULT
+        }
+
+        val id = repoAuthConfigDao.upsertProjectRepo(projectId, repoName, controlMode!!, officeDenyGroupSet)
+        return RepoModeStatus(id, accessControlMode, officeDenyGroupSet)
     }
 
 
     override fun getAccessControlStatus(projectId: String, repoName: String): RepoModeStatus {
+        var controlMode = AccessControlMode.DEFAULT
+        var officeDenyGroupSet = emptySet<String>()
+        if (permissionDao.listByResourceAndRepo(ResourceType.NODE.name, projectId, repoName).isNotEmpty()) {
+            controlMode = AccessControlMode.DIR_CTRL
+        }
         val result = repoAuthConfigDao.findOneByProjectRepo(projectId, repoName)
         if (result != null) {
-            var officeDenyGroupSet = emptySet<String>()
             if (result.officeDenyGroupSet != null) {
                 officeDenyGroupSet = result.officeDenyGroupSet!!
             }
-            return RepoModeStatus(
-                id = result.id!!,
-                status = result.accessControl,
-                controlEnable = result.accessControl,
-                officeDenyGroupSet = officeDenyGroupSet
-            )
+            if (result.accessControlMode != null) {
+                controlMode = result.accessControlMode!!
+            }
+            // 老的数据， 严格模式直接切换
+            if (result.accessControl != null && result.accessControl!! && result.accessControlMode == null) {
+                controlMode = AccessControlMode.STRICT
+            }
         }
-        val id = repoAuthConfigDao.upsertProjectRepo(projectId, repoName, false, emptySet())
-        return RepoModeStatus(id = id)
+        val id = repoAuthConfigDao.upsertProjectRepo(projectId, repoName, controlMode, officeDenyGroupSet)
+        return RepoModeStatus(id = id, accessControlMode = controlMode, officeDenyGroupSet = officeDenyGroupSet)
     }
 
-
 }
\ No newline at end of file
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
index 112802376d..556e7e85fc 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
@@ -52,6 +52,8 @@ import com.tencent.bkrepo.auth.helper.PermissionHelper
 import com.tencent.bkrepo.auth.helper.UserHelper
 import com.tencent.bkrepo.auth.model.TPersonalPath
 import com.tencent.bkrepo.auth.model.TUser
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode.DEFAULT
+import com.tencent.bkrepo.auth.pojo.enums.AccessControlMode.STRICT
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.WRITE
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.DELETE
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.MANAGE
@@ -452,17 +454,18 @@ open class PermissionServiceImpl constructor(
 
     fun needNodeCheck(projectId: String, repoName: String): Boolean {
         val projectPermission = permissionDao.listByResourceAndRepo(NODE.name, projectId, repoName)
-        return projectPermission.isNotEmpty()
+        val repoCheckConfig = repoAuthConfigDao.findOneByProjectRepo(projectId, repoName) ?: return false
+        return projectPermission.isNotEmpty() && repoCheckConfig.accessControlMode != DEFAULT
     }
 
     override fun checkRepoAccessControl(projectId: String, repoName: String): Boolean {
         val result = repoAuthConfigDao.findOneByProjectRepo(projectId, repoName) ?: return false
-        return result.accessControl
+        return result.accessControlMode != null && result.accessControlMode == STRICT
     }
 
     /**
      * 校验是否在访问控制组
-     * true , 代码需要拦截
+     * true,代码需要拦截
      */
     fun checkRepoAccessDenyGroup(
         userId: String,
diff --git a/src/frontend/devops-repository/src/views/repoConfig/controlConfig/index.vue b/src/frontend/devops-repository/src/views/repoConfig/controlConfig/index.vue
index acf2060553..e1e77dea78 100644
--- a/src/frontend/devops-repository/src/views/repoConfig/controlConfig/index.vue
+++ b/src/frontend/devops-repository/src/views/repoConfig/controlConfig/index.vue
@@ -1,14 +1,14 @@
 <template>
     <div>
         <bk-form class="control-config-container" :label-width="120" :model="controlConfigs" ref="controlForm" :rules="rules">
-            <bk-form-item :label="$t('rootDirectoryPermission')">
-                <bk-radio-group v-model="rootDirectoryPermission">
-                    <bk-radio class="mr20" :value="true">{{ $t('enable') }}</bk-radio>
-                    <bk-radio :value="false">{{ $t('disable') }}</bk-radio>
-                    <i class="bk-icon icon-info f14 ml5" v-bk-tooltips="$t('rootDirectoryPermissionTip')"></i>
-                </bk-radio-group>
+            <bk-form-item :label="$t('accessPermission')">
+                <card-radio-group
+                    class="permission-card"
+                    v-model="available"
+                    :list="availableList">
+                </card-radio-group>
             </bk-form-item>
-            <template v-if="repoType === 'generic'">
+            <template v-if="(repoType === 'generic' || repoType === 'ddc') && repoName !== 'pipeline'">
                 <bk-form-item v-for="type in genericInterceptorsList" :key="type"
                     :label="$t(`${type}Download`)" :property="`${type}.enable`">
                     <bk-radio-group v-model="controlConfigs[type].enable">
@@ -55,10 +55,10 @@
                             :name="option.name">
                         </bk-option>
                     </bk-select>
-                    <bk-link theme="primary" @click="manageUserGroup" style="margin-right: auto;margin-left: 10px">{{ $t('userGroup') }}</bk-link>
+                    <bk-link theme="primary" @click="manageUserGroup" style="margin-right: auto;margin-left: 10px">{{ $t('manage') + $t('space') + $t('userGroup') }}</bk-link>
                 </div>
             </bk-form-item>
-            <bk-form-item>
+            <bk-form-item v-if="repoName !== 'pipeline'">
                 <bk-button theme="primary" @click="save()">{{$t('save')}}</bk-button>
             </bk-form-item>
         </bk-form>
@@ -67,12 +67,13 @@
 </template>
 <script>
     import { mapActions } from 'vuex'
-    import AddUserDialog from '@/components/AddUserDialog/addUserDialog'
-    import { specialRepoEnum } from '@/store/publicEnum'
+    import AddUserDialog from '@repository/components/AddUserDialog/addUserDialog'
+    import { specialRepoEnum } from '@repository/store/publicEnum'
+    import CardRadioGroup from '@repository/components/CardRadioGroup'
 
     export default {
         name: 'controlConfig',
-        components: { AddUserDialog },
+        components: { CardRadioGroup, AddUserDialog },
         props: {
             baseData: Object
         },
@@ -115,7 +116,7 @@
                 }
             ]
             return {
-                rootDirectoryPermission: false,
+                rootDirectoryPermission: '',
                 controlConfigs: {
                     mobile: {
                         enable: false,
@@ -161,6 +162,65 @@
             genericInterceptorsList () {
                 return this.isTencent ? ['mobile', 'web', 'ip_segment'] : ['mobile', 'web']
             },
+            available: {
+                get () {
+                    if (this.baseData.name === 'pipeline') return 'pipeline'
+                    if (this.baseData.public) {
+                        return 'public'
+                    }
+                    if (this.rootDirectoryPermission === 'DIR_CTRL') {
+                        this.$emit('showPermissionConfigTab', true)
+                        return 'folder'
+                    }
+                    if (this.rootDirectoryPermission === 'STRICT') {
+                        this.$emit('showPermissionConfigTab', true)
+                        return 'strict'
+                    }
+                    return 'default'
+                },
+                set (val) {
+                    if (val === 'public') {
+                        this.$emit('showPermissionConfigTab', false)
+                        this.baseData.public = true
+                        this.rootDirectoryPermission = null
+                    } else if (val === 'folder') {
+                        this.$emit('showPermissionConfigTab', true)
+                        this.baseData.public = false
+                        this.rootDirectoryPermission = 'DIR_CTRL'
+                    } else if (val === 'strict') {
+                        this.$emit('showPermissionConfigTab', true)
+                        this.baseData.public = false
+                        this.rootDirectoryPermission = 'STRICT'
+                    } else if (val === 'default') {
+                        this.$emit('showPermissionConfigTab', false)
+                        this.baseData.public = false
+                        this.rootDirectoryPermission = 'DEFAULT'
+                    } else {
+                        this.$emit('showPermissionConfigTab', false)
+                    }
+                }
+            },
+            availableList () {
+                if (this.baseData.repoType === 'generic' || this.baseData.repoType === 'ddc') {
+                    if (this.baseData.name === 'pipeline') {
+                        return [
+                            { label: this.$t('permissionTitle.pipeline'), value: 'pipeline', tip: this.$t('permissionTip.pipeline') }
+                        ]
+                    } else {
+                        return [
+                            { label: this.$t('permissionTitle.default'), value: 'default', tip: this.$t('permissionTip.default') },
+                            { label: this.$t('permissionTitle.strict'), value: 'strict', tip: this.$t('permissionTip.strict') },
+                            { label: this.$t('permissionTitle.folder'), value: 'folder', tip: this.$t('permissionTip.folder') },
+                            { label: this.$t('permissionTitle.public'), value: 'public', tip: this.$t('permissionTip.public') }
+                        ]
+                    }
+                } else {
+                    return [
+                        { label: this.$t('permissionTitle.default'), value: 'default', tip: this.$t('permissionTip.default') },
+                        { label: this.$t('permissionTitle.public'), value: 'public', tip: this.$t('permissionTip.public') }
+                    ]
+                }
+            },
             rules () {
                 return {
                     'mobile.filename': this.filenameRule,
@@ -185,7 +245,7 @@
                 projectId: this.projectId,
                 repoName: this.repoName
             }).then((res) => {
-                this.rootDirectoryPermission = res.status
+                this.rootDirectoryPermission = res.accessControlMode
                 this.blackList = res.officeDenyGroupSet
             })
             this.getRoleListHandler()
@@ -245,12 +305,33 @@
             async save () {
                 await this.$refs.controlForm.validate()
                 try {
-                    await Promise.all([this.saveRepoConfig(), this.saveRepoMode()])
-                    this.$emit('refresh')
-                    this.$bkMessage({
-                        theme: 'success',
-                        message: this.$t('save') + this.$t('space') + this.$t('success')
+                    let count = 0
+                    const modeBody = {
+                        projectId: this.projectId,
+                        repoName: this.repoName,
+                        accessControlMode: this.rootDirectoryPermission,
+                        officeDenyGroupSet: this.blackList
+                    }
+                    const configBody = this.getRepoConfigBody()
+                    await this.updateRepoInfo({
+                        projectId: this.projectId,
+                        name: this.repoName,
+                        body: configBody
+                    }).then(
+                        count = count + 1
+                    )
+                    await this.createOrUpdateRootPermission({
+                        body: modeBody
+                    }).then(() => {
+                        count = count + 1
                     })
+                    if (count === 2) {
+                        this.$emit('refresh')
+                        this.$bkMessage({
+                            theme: 'success',
+                            message: this.$t('save') + this.$t('space') + this.$t('success')
+                        })
+                    }
                 } catch (e) {
                     this.$emit('refresh')
                     this.$bkMessage({
@@ -259,18 +340,7 @@
                     })
                 }
             },
-            saveRepoMode () {
-                const body = {
-                    projectId: this.projectId,
-                    repoName: this.repoName,
-                    controlEnable: this.rootDirectoryPermission,
-                    officeDenyGroupSet: this.blackList
-                }
-                this.createOrUpdateRootPermission({
-                    body: body
-                })
-            },
-            saveRepoConfig () {
+            getRepoConfigBody () {
                 const interceptors = []
                 if (this.repoType === 'generic') {
                     ['mobile', 'web', 'ip_segment'].forEach(type => {
@@ -316,31 +386,34 @@
                 if (!specialRepoEnum.includes(this.baseData.name)) {
                     body.configuration.settings.bkiamv3Check = this.baseData.configuration.settings.bkiamv3Check
                 }
-                this.updateRepoInfo({
-                    projectId: this.projectId,
-                    name: this.repoName,
-                    body
-                })
+                return body
             }
         }
     }
 </script>
 <style lang="scss" scoped>
 .control-config-container {
-    .user-list {
+    .permission-card {
         display: grid;
-        grid-template: auto / repeat(4, 1fr);
-        gap: 10px;
-        max-height: 300px;
-        max-width: 700px;
-        overflow-y: auto;
-        .user-item {
-            height: 32px;
-            border: 1px solid var(--borderWeightColor);
-            background-color: var(--bgLighterColor);
-            .user-name {
-                max-width: 100px;
-                margin-left: 5px;
+        grid-template: auto / repeat(2, 1fr);
+        max-width: 500px;
+        ::v-deep .bk-form-radio-button {
+            margin-top: 10px;
+            .card-radio {
+                min-width: 180px;
+                max-width: 315px;
+                height: 90px;
+                .card-tip {
+                    word-break: break-all;
+                    white-space: normal;
+                    width: 300px;
+                }
+            }
+            .bk-radio-button-text {
+                height: auto;
+                line-height: initial;
+                padding: 0;
+                border: 0 none;
             }
         }
     }
@@ -352,44 +425,4 @@
         }
     }
 }
-.update-role-group-dialog {
-    .bk-dialog-body {
-        height: 500px;
-    }
-    ::v-deep .usersTextarea .bk-textarea-wrapper .bk-form-textarea{
-        height: 500px;
-    }
-    .user-list {
-        display: grid;
-        grid-template: auto / repeat(3, 1fr);
-        gap: 10px;
-        max-height: 300px;
-        overflow-y: auto;
-        .user-item {
-            height: 32px;
-            border: 1px solid var(--borderWeightColor);
-            background-color: var(--bgLighterColor);
-            .user-name {
-                max-width: 100px;
-                margin-left: 5px;
-            }
-        }
-    }
-    .update-user-list {
-        display: grid;
-        grid-template: auto / repeat(1, 1fr);
-        gap: 10px;
-        max-height: 500px;
-        overflow-y: auto;
-        .update-user-item {
-            height: 32px;
-            border: 1px solid var(--borderWeightColor);
-            background-color: var(--bgLighterColor);
-            .update-user-name {
-                max-width: 100px;
-                margin-left: 5px;
-            }
-        }
-    }
-}
 </style>
diff --git a/src/frontend/devops-repository/src/views/repoConfig/index.vue b/src/frontend/devops-repository/src/views/repoConfig/index.vue
index 5af04a4a06..ff3bbe1121 100644
--- a/src/frontend/devops-repository/src/views/repoConfig/index.vue
+++ b/src/frontend/devops-repository/src/views/repoConfig/index.vue
@@ -1,6 +1,6 @@
 <template>
     <div class="repo-config-container" v-bkloading="{ isLoading }">
-        <bk-tab class="repo-config-tab page-tab" type="unborder-card" :active.sync="tabName">
+        <bk-tab class="repo-config-tab page-tab" type="unborder-card" :active.sync="tabName" ref="tab">
             <bk-tab-panel name="baseInfo" :label="$t('repoBaseInfo')">
                 <bk-form ref="repoBaseInfo" class="repo-base-info" :label-width="150" :model="repoBaseInfo" :rules="rules">
                     <bk-form-item :label="$t('repoName')">
@@ -12,12 +12,6 @@
                     <bk-form-item :label="$t('repoAddress')">
                         <span>{{repoAddress}}</span>
                     </bk-form-item>
-                    <bk-form-item :label="$t('accessPermission')">
-                        <card-radio-group
-                            v-model="available"
-                            :list="availableList">
-                        </card-radio-group>
-                    </bk-form-item>
                     <bk-form-item :label="$t('isDisplay')">
                         <bk-radio-group v-model="repoBaseInfo.display">
                             <bk-radio class="mr20" :value="true">{{ $t('enable') }}</bk-radio>
@@ -76,18 +70,18 @@
             <bk-tab-panel v-if="showCleanConfigTab" name="cleanConfig" :label="$t('cleanConfig')">
                 <clean-config :base-data="repoBaseInfo" @refresh="getRepoInfoHandler"></clean-config>
             </bk-tab-panel>
-            <bk-tab-panel render-directive="if" v-if="showPermissionConfigTab" name="permissionConfig" :label="$t('permissionConfig')">
-                <permission-config :base-data="repoBaseInfo" @refresh="getRepoInfoHandler"></permission-config>
-            </bk-tab-panel>
             <bk-tab-panel render-directive="if" v-if="showControlConfigTab" name="controlConfig" :label="$t('rootDirectoryPermissionTitle')">
-                <control-config :base-data="repoBaseInfo" @refresh="getRepoInfoHandler"></control-config>
+                <control-config :base-data="repoBaseInfo" @refresh="getRepoInfoHandler" @showPermissionConfigTab="changePermissionConfigTabStatus"></control-config>
             </bk-tab-panel>
         </bk-tab>
+        <div class="showPermissionConfigTab" v-if="showPermissionConfig && tabName === 'controlConfig'">
+            <span style="font-weight: 500;font-size: larger;margin-left: 20px">{{ $t('permissionConfig')}}</span>
+            <permission-config style="margin-top: 10px;margin-left: 20px" :base-data="repoBaseInfo" @refresh="getRepoInfoHandler"></permission-config>
+        </div>
         <iam-deny-dialog :visible.sync="showIamDenyDialog" :show-data="showData"></iam-deny-dialog>
     </div>
 </template>
 <script>
-    import CardRadioGroup from '@repository/components/CardRadioGroup'
     import proxyConfig from '@repository/views/repoConfig/proxyConfig'
     import iamDenyDialog from '@repository/components/IamDenyDialog/IamDenyDialog'
     import permissionConfig from './permissionConfig/permissionConfig'
@@ -98,7 +92,6 @@
     export default {
         name: 'repoConfig',
         components: {
-            CardRadioGroup,
             proxyConfig,
             iamDenyDialog,
             permissionConfig,
@@ -106,43 +99,6 @@
             controlConfig
         },
         data () {
-            const filenameRule = [
-                {
-                    required: true,
-                    message: this.$t('pleaseFileName'),
-                    trigger: 'blur'
-                }
-            ]
-            const metadataRule = [
-                {
-                    required: true,
-                    message: this.$t('pleaseMetadata'),
-                    trigger: 'blur'
-                },
-                {
-                    regex: /^[^\s]+:[^\s]+/,
-                    message: this.$t('metadataRule'),
-                    trigger: 'blur'
-                }
-            ]
-            const ipSegmentRule = [
-                {
-                    required: true,
-                    message: this.$t('pleaseIpSegment'),
-                    trigger: 'blur'
-                },
-                {
-                    validator: function (val) {
-                        const ipList = val.split(',')
-                        return ipList.every(ip => {
-                            if (!ip) return true
-                            return /(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\b\/([0-9]|[1-2][0-9]|3[0-2])\b)/.test(ip)
-                        })
-                    },
-                    message: this.$t('ipSegmentRule'),
-                    trigger: 'blur'
-                }
-            ]
             return {
                 specialRepoEnum,
                 tabName: 'baseInfo',
@@ -180,12 +136,10 @@
                         }
                     }
                 },
-                filenameRule,
-                metadataRule,
-                ipSegmentRule,
                 showIamDenyDialog: false,
                 showData: {},
-                rbacStatus: false
+                rbacStatus: false,
+                showPermissionConfig: false
             }
         },
         computed: {
@@ -205,16 +159,8 @@
             showCleanConfigTab () {
                 return ['docker', 'generic', 'helm'].includes(this.repoType) && (this.userInfo.admin || this.userInfo.manage)
             },
-            showPermissionConfigTab () {
-                if (this.permissionConfig === true) {
-                    return ['generic', 'ddc'].includes(this.repoType)
-                        && (this.userInfo.admin || this.userInfo.manage)
-                } else {
-                    return false
-                }
-            },
             showControlConfigTab () {
-                return (this.userInfo.admin || this.userInfo.manage) && this.repoName !== 'pipeline'
+                return this.userInfo.admin || this.userInfo.manage
             },
             repoAddress () {
                 const { repoType, name } = this.repoBaseInfo
@@ -226,27 +172,6 @@
             isCommunity () {
                 return RELEASE_MODE === 'community'
             },
-            genericInterceptorsList () {
-                return this.isCommunity ? ['mobile', 'web'] : ['mobile', 'web', 'ip_segment']
-            },
-            available: {
-                get () {
-                    if (this.repoBaseInfo.public) return 'public'
-                    if (this.repoBaseInfo.system) return 'system'
-                    return 'project'
-                },
-                set (val) {
-                    this.repoBaseInfo.public = val === 'public'
-                    this.repoBaseInfo.system = val === 'system'
-                }
-            },
-            availableList () {
-                return [
-                    { label: this.$t('openProjectLabel'), value: 'project', tip: this.$t('openProjectTip') },
-                    // { label: '系统内公开', value: 'system', tip: '系统内成员可以使用' },
-                    { label: this.$t('openPublicLabel'), value: 'public', tip: this.$t('openPublicTip') }
-                ]
-            },
             rules () {
                 return {
                     repodataDepth: [
@@ -451,6 +376,16 @@
                 }).finally(() => {
                     this.repoBaseInfo.loading = false
                 })
+            },
+            changePermissionConfigTabStatus (val) {
+                this.showPermissionConfig = val
+                this.$nextTick(() => {
+                    if (val) {
+                        this.$refs.tab.$el.style.height = '60%'
+                    } else {
+                        this.$refs.tab.$el.style.height = '100%'
+                    }
+                })
             }
         }
     }
@@ -475,5 +410,17 @@
             }
         }
     }
+    .showPermissionConfigTab {
+        background-image: none!important;
+        margin-top: 10px;
+        &:before {
+            content: '';
+            position: absolute;
+            width: 100%;
+            height: 10px;
+            bottom: 40%;
+            background-color: var(--bgWeightColor);
+        }
+    }
 }
 </style>
diff --git a/src/frontend/devops-repository/src/views/repoConfig/permissionConfig/permissionConfig.vue b/src/frontend/devops-repository/src/views/repoConfig/permissionConfig/permissionConfig.vue
index 11c1b2b8b5..0dc865c820 100644
--- a/src/frontend/devops-repository/src/views/repoConfig/permissionConfig/permissionConfig.vue
+++ b/src/frontend/devops-repository/src/views/repoConfig/permissionConfig/permissionConfig.vue
@@ -2,7 +2,6 @@
     <div class="permission-container" v-bkloading="{ isLoading }">
         <div class="mb10 flex-between-center">
             <bk-button icon="plus" theme="primary" @click="showCreatePermission">{{ $t('add') }}</bk-button>
-            <bk-link theme="primary" @click="showUserGroup" style="margin-right: auto;margin-left: 10px">{{ $t('userGroup') }}</bk-link>
         </div>
         <div class="permission-head">
             <div class="permission-name">{{$t('name')}}</div>
diff --git a/src/frontend/devops-repository/src/views/repoList/createRepoDialog.vue b/src/frontend/devops-repository/src/views/repoList/createRepoDialog.vue
index 224f4cc44d..720552e29e 100644
--- a/src/frontend/devops-repository/src/views/repoList/createRepoDialog.vue
+++ b/src/frontend/devops-repository/src/views/repoList/createRepoDialog.vue
@@ -1,7 +1,7 @@
 <template>
     <canway-dialog
         v-model="show"
-        width="800"
+        width="900"
         height-num="603"
         :title="title"
         @cancel="cancel">
@@ -24,6 +24,7 @@
             </bk-form-item>
             <bk-form-item :label="$t('accessPermission')">
                 <card-radio-group
+                    class="permission-card"
                     v-model="available"
                     :list="availableList">
                 </card-radio-group>
@@ -138,7 +139,8 @@
                 showIamDenyDialog: false,
                 showData: {},
                 title: this.$t('createRepository'),
-                rbacStatus: false
+                rbacStatus: false,
+                accessControl: ''
             }
         },
         computed: {
@@ -244,24 +246,44 @@
             available: {
                 get () {
                     if (this.repoBaseInfo.public) return 'public'
-                    if (this.repoBaseInfo.system) return 'system'
-                    return 'project'
+                    if (this.accessControl === 'DIR_CTRL') return 'folder'
+                    if (this.accessControl === 'STRICT') return 'strict'
+                    return 'default'
                 },
                 set (val) {
-                    this.repoBaseInfo.public = val === 'public'
-                    this.repoBaseInfo.system = val === 'system'
+                    if (val === 'public') {
+                        this.repoBaseInfo.public = true
+                        this.accessControl = null
+                    } else if (val === 'folder') {
+                        this.repoBaseInfo.public = false
+                        this.accessControl = 'DIR_CTRL'
+                    } else if (val === 'strict') {
+                        this.repoBaseInfo.public = false
+                        this.accessControl = 'STRICT'
+                    } else {
+                        this.repoBaseInfo.public = false
+                        this.accessControl = 'DEFAULT'
+                    }
                 }
             },
             availableList () {
-                return [
-                    { label: this.$t('openProjectLabel'), value: 'project', tip: this.$t('openProjectTip') },
-                    // { label: '系统内公开', value: 'system', tip: '系统内成员可以使用' },
-                    { label: this.$t('openPublicLabel'), value: 'public', tip: this.$t('openPublicTip') }
-                ]
+                if (this.repoBaseInfo.type === 'generic' || this.repoBaseInfo.type === 'ddc') {
+                    return [
+                        { label: this.$t('permissionTitle.default'), value: 'default', tip: this.$t('permissionTip.default') },
+                        { label: this.$t('permissionTitle.strict'), value: 'strict', tip: this.$t('permissionTip.strict') },
+                        { label: this.$t('permissionTitle.folder'), value: 'folder', tip: this.$t('permissionTip.folder') },
+                        { label: this.$t('permissionTitle.public'), value: 'public', tip: this.$t('permissionTip.public') }
+                    ]
+                } else {
+                    return [
+                        { label: this.$t('permissionTitle.default'), value: 'default', tip: this.$t('permissionTip.default') },
+                        { label: this.$t('permissionTitle.public'), value: 'public', tip: this.$t('permissionTip.public') }
+                    ]
+                }
             }
         },
         methods: {
-            ...mapActions(['createRepo', 'checkRepoName', 'getPermissionUrl', 'getIamPermissionStatus']),
+            ...mapActions(['createRepo', 'checkRepoName', 'getPermissionUrl', 'getIamPermissionStatus', 'createOrUpdateRootPermission']),
             showDialogHandler () {
                 this.show = true
                 this.repoBaseInfo = getRepoBaseInfo()
@@ -338,12 +360,7 @@
                 this.createRepo({
                     body: body
                 }).then(() => {
-                    this.$bkMessage({
-                        theme: 'success',
-                        message: this.$t('create') + this.$t('space') + this.$t('repository') + this.$t('space') + this.$t('success')
-                    })
-                    this.cancel()
-                    this.$emit('refresh')
+                    this.saveRepoMode()
                 }).catch(err => {
                     if (err.status === 403) {
                         this.getPermissionUrl({
@@ -373,6 +390,30 @@
                 }).finally(() => {
                     this.loading = false
                 })
+            },
+            saveRepoMode () {
+                const body = {
+                    projectId: this.projectId,
+                    repoName: this.repoBaseInfo.name,
+                    accessControlMode: this.accessControl
+                }
+                this.createOrUpdateRootPermission({
+                    body: body
+                }).then(() => {
+                    this.$bkMessage({
+                        theme: 'success',
+                        message: this.$t('create') + this.$t('space') + this.$t('repository') + this.$t('space') + this.$t('success')
+                    })
+                    this.cancel()
+                    this.$emit('refresh')
+                }).catch(() => {
+                    this.$bkMessage({
+                        theme: 'error',
+                        message: this.$t('create') + this.$t('space') + this.$t('repository') + this.$t('space') + this.$t('abnormal')
+                    })
+                    this.cancel()
+                    this.$emit('refresh')
+                })
             }
         }
     }
@@ -406,5 +447,26 @@
         }
         width: 250px;
     }
+    .permission-card {
+        ::v-deep .bk-form-radio-button {
+            margin-top: 10px;
+            .card-radio {
+                min-width: 180px;
+                max-width: 315px;
+                height: 90px;
+                .card-tip {
+                    word-break: break-all;
+                    white-space: normal;
+                    width: 300px;
+                }
+            }
+            .bk-radio-button-text {
+                height: auto;
+                line-height: initial;
+                padding: 0;
+                border: 0 none;
+            }
+        }
+    }
 }
 </style>
diff --git a/src/frontend/locale/repository/en-US.json b/src/frontend/locale/repository/en-US.json
index 6914461fb2..11d8ea1266 100644
--- a/src/frontend/locale/repository/en-US.json
+++ b/src/frontend/locale/repository/en-US.json
@@ -225,8 +225,20 @@
     "blueKingPermission": "Bk permission",
     "exist": "Exist",
     "createRepository": "New Repository",
-    "openProjectLabel": "Open within the project",
-    "openProjectTip": "Members of the project can use",
+    "permissionTitle": {
+        "default": "Default",
+        "strict": "Strict Mode",
+        "folder": "Specify Directory",
+        "public": "Public(Be Careful)",
+        "pipeline": "Pipeline"
+    },
+    "permissionTip": {
+        "default": "All members of the project can upload/download",
+        "strict": "Manage permissions by first-level directory. Only users with permissions can upload/download",
+        "folder": "Only the first-level directory is strictly authenticated, and all other directory project members can access it",
+        "public": "No authentication required, any terminal can download",
+        "pipeline": "Aligned with pipeline permissions, only this permission can upload/download/share products"
+    },
     "dockerRepoTip": "The docker repository name does not support capital English letters",
     "openPublicLabel": "Anonymous Download Supported",
     "openPublicTip": "No authentication, any terminal can download",
diff --git a/src/frontend/locale/repository/zh-CN.json b/src/frontend/locale/repository/zh-CN.json
index 072062894f..249306f800 100644
--- a/src/frontend/locale/repository/zh-CN.json
+++ b/src/frontend/locale/repository/zh-CN.json
@@ -231,8 +231,20 @@
     "blueKingPermission": "蓝鲸权限校验",
     "exist": "已存在",
     "createRepository": "创建仓库",
-    "openProjectLabel": "项目内公开",
-    "openProjectTip": "项目内成员可以使用",
+    "permissionTitle": {
+        "default": "默认",
+        "strict": "严格模式",
+        "folder": "指定目录控制模式",
+        "public": "公开模式(请谨慎使用)",
+        "pipeline": "流水线内联模式"
+    },
+    "permissionTip": {
+        "default": "项目下的成员均可上传/下载",
+        "strict": "按一级目录管理权限，仅开通权限的用户可以上传/下载",
+        "folder": "仅指定一级目录进行严格鉴权，其余的项目成员均可访问",
+        "public": "不鉴权，任意终端均可下载",
+        "pipeline": "和流水线权限对齐，仅有此权限才能上传/下载/分享制品"
+    },
     "dockerRepoTip": "docker仓库名称不支持大写英文字母",
     "openPublicLabel": "可匿名下载",
     "openPublicTip": "不鉴权，任意终端都可下载",
@@ -877,5 +889,5 @@
     "rootDirectoryPermissionTip": "开启之后项目成员访问此仓库下路径需要授权",
     "errMsg": "错误信息",
     "blackUserList": "办公网访问黑名单",
-    "controlConfigPlaceholder": "选择用户组"
+    "controlConfigPlaceholder": "可选择多个用户组"
 }
diff --git a/support-files/kubernetes/charts/bkrepo/templates/gateway/deployment.yaml b/support-files/kubernetes/charts/bkrepo/templates/gateway/deployment.yaml
index 6bda2e6da1..764f032262 100644
--- a/support-files/kubernetes/charts/bkrepo/templates/gateway/deployment.yaml
+++ b/support-files/kubernetes/charts/bkrepo/templates/gateway/deployment.yaml
@@ -77,6 +77,8 @@ spec:
               value: {{ include "bkrepo.authorization" . }}
             - name: BK_REPO_DEPLOY_MODE
               value: {{ .Values.gateway.deployMode }}
+            - name: BK_REPO_RELEASE_MODE
+              value: {{ .Values.gateway.releaseMode }}
             - name: BK_REPO_AUTH_MODE
               value: {{ .Values.gateway.authMode }}
             - name: BK_CI_HOST
diff --git a/support-files/kubernetes/charts/bkrepo/values.yaml b/support-files/kubernetes/charts/bkrepo/values.yaml
index c045b2f2b5..6689a233ec 100644
--- a/support-files/kubernetes/charts/bkrepo/values.yaml
+++ b/support-files/kubernetes/charts/bkrepo/values.yaml
@@ -251,6 +251,8 @@ gateway:
   secretKey: ""
   ## 部署模式，standalone: 独立模式，ci: 与ci搭配模式 , saas模式: 蓝鲸saas部署模式
   deployMode: standalone
+  ## 发行模式，社区版不用填写
+  releaseMode:
   ## 网关认证模式，ticket, 校验bk_ticket token ，校验bk_token
   authMode: token
   ## bkci 域名