diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml
index b4442c6a2c47..523a483d1cec 100644
--- a/config/opensearch_dashboards.yml
+++ b/config/opensearch_dashboards.yml
@@ -277,4 +277,7 @@
 # vis_augmenter.pluginAugmentationEnabled: true
 
 # Set the value to true to enable workspace feature
-# workspace.enabled: false
\ No newline at end of file
+# workspace.enabled: false
+# Set the value to false to disable permission check on workspace
+# Permission check depends on OpenSearch Dashboards has authentication enabled, set it to false if no authentication is configured
+# workspace.permission.enabled: true
diff --git a/src/plugins/workspace/config.ts b/src/plugins/workspace/config.ts
index 79412f5c02ee..70c87ac00cfc 100644
--- a/src/plugins/workspace/config.ts
+++ b/src/plugins/workspace/config.ts
@@ -7,6 +7,9 @@ import { schema, TypeOf } from '@osd/config-schema';
 
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
+  permission: schema.object({
+    enabled: schema.boolean({ defaultValue: true }),
+  }),
 });
 
-export type ConfigSchema = TypeOf<typeof configSchema>;
+export type WorkspacePluginConfigType = TypeOf<typeof configSchema>;
diff --git a/src/plugins/workspace/server/integration_tests/routes.test.ts b/src/plugins/workspace/server/integration_tests/routes.test.ts
index 21d6f155a927..f17ba4349c9e 100644
--- a/src/plugins/workspace/server/integration_tests/routes.test.ts
+++ b/src/plugins/workspace/server/integration_tests/routes.test.ts
@@ -29,6 +29,9 @@ describe('workspace service', () => {
         osd: {
           workspace: {
             enabled: true,
+            permission: {
+              enabled: false,
+            },
           },
           migrations: { skip: false },
         },
diff --git a/src/plugins/workspace/server/plugin.ts b/src/plugins/workspace/server/plugin.ts
index b85909ef01f7..45f5577caaad 100644
--- a/src/plugins/workspace/server/plugin.ts
+++ b/src/plugins/workspace/server/plugin.ts
@@ -2,7 +2,8 @@
  * Copyright OpenSearch Contributors
  * SPDX-License-Identifier: Apache-2.0
  */
-
+import { Observable } from 'rxjs';
+import { first } from 'rxjs/operators';
 import {
   PluginInitializerContext,
   CoreSetup,
@@ -24,12 +25,14 @@ import {
   SavedObjectsPermissionControl,
   SavedObjectsPermissionControlContract,
 } from './permission_control/client';
+import { WorkspacePluginConfigType } from '../config';
 
 export class WorkspacePlugin implements Plugin<{}, {}> {
   private readonly logger: Logger;
   private client?: IWorkspaceClientImpl;
   private workspaceConflictControl?: WorkspaceConflictSavedObjectsClientWrapper;
   private permissionControl?: SavedObjectsPermissionControlContract;
+  private readonly config$: Observable<WorkspacePluginConfigType>;
 
   private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
     /**
@@ -48,11 +51,15 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
   }
 
   constructor(initializerContext: PluginInitializerContext) {
-    this.logger = initializerContext.logger.get('plugins', 'workspace');
+    this.logger = initializerContext.logger.get();
+    this.config$ = initializerContext.config.create<WorkspacePluginConfigType>();
   }
 
   public async setup(core: CoreSetup) {
     this.logger.debug('Setting up Workspaces service');
+    const config: WorkspacePluginConfigType = await this.config$.pipe(first()).toPromise();
+    const isPermissionControlEnabled =
+      config.permission.enabled === undefined ? true : config.permission.enabled;
 
     this.client = new WorkspaceClient(core, this.logger);
 
@@ -67,17 +74,20 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
       this.workspaceConflictControl.wrapperFactory
     );
 
-    this.permissionControl = new SavedObjectsPermissionControl(this.logger);
+    this.logger.info('Workspace permission control enabled:' + isPermissionControlEnabled);
+    if (isPermissionControlEnabled) {
+      this.permissionControl = new SavedObjectsPermissionControl(this.logger);
 
-    const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
-      this.permissionControl
-    );
+      const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
+        this.permissionControl
+      );
 
-    core.savedObjects.addClientWrapper(
-      0,
-      WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
-      workspaceSavedObjectsClientWrapper.wrapperFactory
-    );
+      core.savedObjects.addClientWrapper(
+        0,
+        WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
+        workspaceSavedObjectsClientWrapper.wrapperFactory
+      );
+    }
 
     registerRoutes({
       http: core.http,
@@ -85,7 +95,12 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
       client: this.client as IWorkspaceClientImpl,
     });
 
-    core.capabilities.registerProvider(() => ({ workspaces: { enabled: true } }));
+    core.capabilities.registerProvider(() => ({
+      workspaces: {
+        enabled: true,
+        permissionEnabled: isPermissionControlEnabled,
+      },
+    }));
 
     return {
       client: this.client,