diff --git a/app/Filament/Resources/UserResource.php b/app/Filament/Resources/UserResource.php
index dd27dbe5..95a98f58 100644
--- a/app/Filament/Resources/UserResource.php
+++ b/app/Filament/Resources/UserResource.php
@@ -12,6 +12,10 @@
 use Filament\Resources\Table;
 use Filament\Tables;
 use Illuminate\Support\HtmlString;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Filament\Notifications\Notification;
+use Carbon\Carbon;
 
 class UserResource extends Resource
 {
@@ -73,7 +77,15 @@ public static function form(Form $form): Form
                                     ->label(__('Permission roles'))
                                     ->required()
                                     ->columns(3)
-                                    ->relationship('roles', 'name'),
+                                    ->relationship(
+                                        'roles',
+                                        'name',
+                                        function ($query) {
+                                            if (!Auth::user()->hasRole('Superadmin')) {
+                                                $query->where('name', '!=', 'Superadmin');
+                                            }
+                                        }
+                                    )
                             ]),
                     ])
             ]);
@@ -132,7 +144,40 @@ public static function table(Table $table): Table
             ->actions([
                 Tables\Actions\ViewAction::make(),
                 Tables\Actions\EditAction::make(),
-            ])
+                Tables\Actions\Action::make('verifyEmail')
+                    ->label('Verifikasi Email')
+                    ->icon('heroicon-o-check-circle')
+                    ->color('success')
+                    ->requiresConfirmation()
+                    ->visible(fn ($record) =>
+                        Auth::user()->hasRole('Superadmin')
+                    )
+                    ->disabled(fn ($record) => !is_null($record->email_verified_at))
+                    ->action(function ($record) {
+                        $record->update([
+                            'email_verified_at' => Carbon::now(),
+                        ]);
+                        Notification::make()
+                            ->title('Email berhasil diverifikasi')
+                            ->success()
+                            ->send();
+                    }),
+                Tables\Actions\Action::make('resetPassword')
+                    ->label('Reset Password')
+                    ->icon('heroicon-o-key')
+                    ->color('danger')
+                    ->requiresConfirmation()
+                    ->visible(fn () => Auth::user()->hasRole('Superadmin'))
+                    ->action(function ($record) {
+                        $record->update([
+                            'password' => Hash::make('12345678'),
+                        ]);
+                        Notification::make()
+                            ->title('Password berhasil direset ke 12345678')
+                            ->success()
+                            ->send();
+                    })
+                ])
             ->bulkActions([
                 Tables\Actions\DeleteBulkAction::make(),
             ]);
diff --git a/app/Policies/IssueSourcePolicy.php b/app/Policies/IssueSourcePolicy.php
new file mode 100644
index 00000000..0dec52d6
--- /dev/null
+++ b/app/Policies/IssueSourcePolicy.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\IssueSource;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class IssueSourcePolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function viewAny(User $user)
+    {
+        return $user->can('List issue sources');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\IssueSource  $issueSource
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function view(User $user, IssueSource $issueSource)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function create(User $user)
+    {
+        return $user->can('Create issue sources');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\IssueSource  $issueSource
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function update(User $user, IssueSource $issueSource)
+    {
+        return $user->can('Update issue sources');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\IssueSource  $issueSource
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function delete(User $user, IssueSource $issueSource)
+    {
+        return $user->can('Delete issue sources');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\IssueSource  $issueSource
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function restore(User $user, IssueSource $issueSource)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\IssueSource  $issueSource
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function forceDelete(User $user, IssueSource $issueSource)
+    {
+        //
+    }
+}
diff --git a/app/Policies/MasterApplicationPolicy.php b/app/Policies/MasterApplicationPolicy.php
new file mode 100644
index 00000000..e457f6ac
--- /dev/null
+++ b/app/Policies/MasterApplicationPolicy.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\MasterApplication;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class MasterApplicationPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function viewAny(User $user)
+    {
+        return $user->can('List master applications');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\MasterApplication  $masterApplication
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function view(User $user, MasterApplication $masterApplication)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function create(User $user)
+    {
+        return $user->can('Create master applications');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\MasterApplication  $masterApplication
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function update(User $user, MasterApplication $masterApplication)
+    {
+        return $user->can('Update master applications');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\MasterApplication  $masterApplication
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function delete(User $user, MasterApplication $masterApplication)
+    {
+        return $user->can('Delete master applications');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\MasterApplication  $masterApplication
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function restore(User $user, MasterApplication $masterApplication)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\MasterApplication  $masterApplication
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function forceDelete(User $user, MasterApplication $masterApplication)
+    {
+        //
+    }
+}
diff --git a/app/Policies/MilestonePolicy.php b/app/Policies/MilestonePolicy.php
new file mode 100644
index 00000000..638c041d
--- /dev/null
+++ b/app/Policies/MilestonePolicy.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Milestone;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class MilestonePolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function viewAny(User $user)
+    {
+        return $user->can('List milestones');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Milestone  $milestone
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function view(User $user, Milestone $milestone)
+    {
+        // return $user->can('View milestone');
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function create(User $user)
+    {
+        return $user->can('Create milestone');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Milestone  $milestone
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function update(User $user, Milestone $milestone)
+    {
+        return $user->can('Update milestone');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Milestone  $milestone
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function delete(User $user, Milestone $milestone)
+    {
+        return $user->can('Delete milestone');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Milestone  $milestone
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function restore(User $user, Milestone $milestone)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Milestone  $milestone
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function forceDelete(User $user, Milestone $milestone)
+    {
+        //
+    }
+}
diff --git a/app/Policies/TicketCategoryPolicy.php b/app/Policies/TicketCategoryPolicy.php
new file mode 100644
index 00000000..7d24dea5
--- /dev/null
+++ b/app/Policies/TicketCategoryPolicy.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\TicketCategory;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class TicketCategoryPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view any models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function viewAny(User $user)
+    {
+        return $user->can('List ticket categories');
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\TicketCategory  $ticketCategory
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function view(User $user, TicketCategory $ticketCategory)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can create models.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function create(User $user)
+    {
+        return $user->can('Create ticket categories');
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\TicketCategory  $ticketCategory
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function update(User $user, TicketCategory $ticketCategory)
+    {
+        return $user->can('Update ticket categories');
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\TicketCategory  $ticketCategory
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function delete(User $user, TicketCategory $ticketCategory)
+    {
+        return $user->can('Delete ticket categories');
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\TicketCategory  $ticketCategory
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function restore(User $user, TicketCategory $ticketCategory)
+    {
+        //
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\TicketCategory  $ticketCategory
+     * @return \Illuminate\Auth\Access\Response|bool
+     */
+    public function forceDelete(User $user, TicketCategory $ticketCategory)
+    {
+        //
+    }
+}
diff --git a/database/seeders/PermissionsSeeder.php b/database/seeders/PermissionsSeeder.php
index 3ef10705..84b5e50e 100644
--- a/database/seeders/PermissionsSeeder.php
+++ b/database/seeders/PermissionsSeeder.php
@@ -15,7 +15,8 @@ class PermissionsSeeder extends Seeder
     private array $modules = [
         'permission', 'project', 'project status', 'role', 'ticket',
         'ticket priority', 'ticket status', 'ticket type', 'user',
-        'activity', 'sprint'
+        'activity', 'sprint', 'master application', 'milestone', 'ticket category',
+        'issue source'
     ];
 
     private array $pluralActions = [
diff --git a/database/seeders/SuperadminSeeder.php b/database/seeders/SuperadminSeeder.php
new file mode 100644
index 00000000..8df42f8f
--- /dev/null
+++ b/database/seeders/SuperadminSeeder.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace Database\Seeders;
+
+use Illuminate\Database\Console\Seeds\WithoutModelEvents;
+use Illuminate\Database\Seeder;
+use Spatie\Permission\Models\Role;
+use Spatie\Permission\Models\Permission;
+use App\Models\User;
+
+class SuperadminSeeder extends Seeder
+{
+    /**
+     * Run the database seeds.
+     *
+     * @return void
+     */
+    public function run()
+    {
+        // Buat role Superadmin jika belum ada
+        $superadmin = Role::firstOrCreate(['name' => 'Superadmin']);
+
+        // Ambil semua permission yang ada
+        $permissions = Permission::pluck('name')->toArray();
+
+        // Assign semua permission ke Superadmin
+        $superadmin->syncPermissions($permissions);
+
+        // Cari user dengan ID 1
+        $user = User::find(1);
+        if ($user) {
+            $user->assignRole('Superadmin');
+        }
+
+        $this->command->info('Superadmin diberi semua permission.');
+        $this->command->info('user dengan ID 1 telah diberikan role Superadmin.');
+
+    }
+}