diff --git a/backend/apps/db/db.py b/backend/apps/db/db.py
index 5add5f81..c5223d75 100644
--- a/backend/apps/db/db.py
+++ b/backend/apps/db/db.py
@@ -670,7 +670,7 @@ def check_sql_read(sql: str, ds: CoreDatasource | AssistantOutDsSchema):
         write_types = (
             exp.Insert, exp.Update, exp.Delete,
             exp.Create, exp.Drop, exp.Alter,
-            exp.Merge, exp.Command
+            exp.Merge, exp.Command, exp.Copy
         )
 
         for stmt in statements:
diff --git a/backend/apps/terminology/api/terminology.py b/backend/apps/terminology/api/terminology.py
index 7240b278..b74cb19b 100644
--- a/backend/apps/terminology/api/terminology.py
+++ b/backend/apps/terminology/api/terminology.py
@@ -165,6 +165,7 @@ def inner():
 
 @router.post("/uploadExcel", summary=f"{PLACEHOLDER_PREFIX}upload_term")
 @system_log(LogConfig(operation_type=OperationType.IMPORT, module=OperationModules.TERMINOLOGY))
+@require_permissions(permission=SqlbotPermission(role=['ws_admin']))
 async def upload_excel(trans: Trans, current_user: CurrentUser, file: UploadFile = File(...)):
     ALLOWED_EXTENSIONS = {"xlsx", "xls"}
     if not file.filename.lower().endswith(tuple(ALLOWED_EXTENSIONS)):