diff --git a/packages/nc-gui/composables/useUIPermission/rolePermissions.ts b/packages/nc-gui/composables/useUIPermission/rolePermissions.ts
index 95dbc6e40d..368fc30146 100644
--- a/packages/nc-gui/composables/useUIPermission/rolePermissions.ts
+++ b/packages/nc-gui/composables/useUIPermission/rolePermissions.ts
@@ -17,10 +17,14 @@ const rolePermissions = {
 
   // Project role permissions
   [ProjectRole.Creator]: {
-    exclude: ['appStore'],
+    exclude: {
+      appStore: true,
+    },
   },
   [ProjectRole.Owner]: {
-    exclude: ['appStore'],
+    exclude: {
+      appStore: true,
+    },
   },
   [ProjectRole.Editor]: {
     include: {
diff --git a/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts b/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
index f44674c0f1..b024ef7ab4 100644
--- a/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
+++ b/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
@@ -57,7 +57,11 @@ export default function (handlerFn, permissionName) {
           return (
             hasRole &&
             projectAcl[name] &&
-            (projectAcl[name] === '*' || projectAcl[name][permissionName])
+            (projectAcl[name] === '*' ||
+              (projectAcl[name].exclude &&
+                !projectAcl[name].exclude[permissionName]) ||
+              (projectAcl[name].include &&
+                projectAcl[name].include[permissionName]))
           );
         });
       if (!isAllowed) {
diff --git a/packages/nocodb/src/lib/utils/projectAcl.ts b/packages/nocodb/src/lib/utils/projectAcl.ts
index cf0b1f91b8..cc970a30e0 100644
--- a/packages/nocodb/src/lib/utils/projectAcl.ts
+++ b/packages/nocodb/src/lib/utils/projectAcl.ts
@@ -1,8 +1,24 @@
 export default {
-  owner: '*',
-  creator: '*',
+  owner: {
+    exclude: {
+      pluginList:true,
+      pluginTest:true,
+      pluginRead:true,
+      pluginUpdate:true,
+      isPluginActive:true,
+    },
+  },
+  creator: {
+    exclude: {
+      pluginList:true,
+      pluginTest:true,
+      pluginRead:true,
+      pluginUpdate:true,
+      isPluginActive:true,
+    },
+  },
   guest: {},
-  editor: {
+  editor:{ include: {
     hideAllColumns: true,
     showAllColumns: true,
     auditRowUpdate: true,
@@ -137,7 +153,9 @@ export default {
     upload: true,
     uploadViaURL: true,
   },
+  },
   commenter: {
+    include: {
     formViewGet: true,
     passwordChange: true,
     // project
@@ -192,7 +210,9 @@ export default {
     xcExportAsCsv: true,
     dataCount: true,
   },
+  },
   viewer: {
+    include: {
     formViewGet: true,
     passwordChange: true,
     // project
@@ -243,12 +263,16 @@ export default {
     xcExportAsCsv: true,
     dataCount: true
   },
+  },
   user_new: {
-    passwordChange: true,
-    projectList: true,
+    include: {
+      passwordChange: true,
+      projectList: true,
+    }
   },
   super: '*',
   user: {
+    include : {
     upload: true,
     uploadViaURL: true,
     passwordChange: true,
@@ -269,6 +293,7 @@ export default {
     xcMetaTablesExportDbToZip: true,
     auditRowUpdate: true,
   },
+  },
 };
 
 /**