diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml
index 9797335e3cce..0e5beac120c0 100644
--- a/config/opensearch_dashboards.yml
+++ b/config/opensearch_dashboards.yml
@@ -274,4 +274,10 @@
 # opensearchDashboards.survey.url: "https://survey.opensearch.org"
 
 # Set the value of this setting to true to enable plugin augmentation on Dashboard
-# vis_augmenter.pluginAugmentationEnabled: true
\ No newline at end of file
+# vis_augmenter.pluginAugmentationEnabled: true
+
+# Set the value to true enable workspace feature
+# workspace.enabled: false
+# Set the value to false to disable permission check on workspace
+# Permission check depends on OpenSearch Dashboards has authentication enabled, set it to false if no authentication is configured
+# workspace.permission.enabled: true
diff --git a/src/plugins/workspace/config.ts b/src/plugins/workspace/config.ts
index 79412f5c02ee..70c87ac00cfc 100644
--- a/src/plugins/workspace/config.ts
+++ b/src/plugins/workspace/config.ts
@@ -7,6 +7,9 @@ import { schema, TypeOf } from '@osd/config-schema';
 
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
+  permission: schema.object({
+    enabled: schema.boolean({ defaultValue: true }),
+  }),
 });
 
-export type ConfigSchema = TypeOf<typeof configSchema>;
+export type WorkspacePluginConfigType = TypeOf<typeof configSchema>;
diff --git a/src/plugins/workspace/server/integration_tests/routes.test.ts b/src/plugins/workspace/server/integration_tests/routes.test.ts
index 21d6f155a927..f17ba4349c9e 100644
--- a/src/plugins/workspace/server/integration_tests/routes.test.ts
+++ b/src/plugins/workspace/server/integration_tests/routes.test.ts
@@ -29,6 +29,9 @@ describe('workspace service', () => {
         osd: {
           workspace: {
             enabled: true,
+            permission: {
+              enabled: false,
+            },
           },
           migrations: { skip: false },
         },
diff --git a/src/plugins/workspace/server/plugin.ts b/src/plugins/workspace/server/plugin.ts
index f0f1a313cf26..c3b919cf3837 100644
--- a/src/plugins/workspace/server/plugin.ts
+++ b/src/plugins/workspace/server/plugin.ts
@@ -2,7 +2,8 @@
  * Copyright OpenSearch Contributors
  * SPDX-License-Identifier: Apache-2.0
  */
-
+import { Observable } from 'rxjs';
+import { first } from 'rxjs/operators';
 import {
   PluginInitializerContext,
   CoreSetup,
@@ -20,11 +21,13 @@ import {
   SavedObjectsPermissionControl,
   SavedObjectsPermissionControlContract,
 } from './permission_control/client';
+import { WorkspacePluginConfigType } from '../config';
 
 export class WorkspacePlugin implements Plugin<{}, {}> {
   private readonly logger: Logger;
   private client?: IWorkspaceClientImpl;
   private permissionControl?: SavedObjectsPermissionControlContract;
+  private readonly config$: Observable<WorkspacePluginConfigType>;
 
   private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
     /**
@@ -43,28 +46,35 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
   }
 
   constructor(initializerContext: PluginInitializerContext) {
-    this.logger = initializerContext.logger.get('plugins', 'workspace');
+    this.logger = initializerContext.logger.get();
+    this.config$ = initializerContext.config.create<WorkspacePluginConfigType>();
   }
 
   public async setup(core: CoreSetup) {
     this.logger.debug('Setting up Workspaces service');
+    const config: WorkspacePluginConfigType = await this.config$.pipe(first()).toPromise();
+    const isPermissionControlEnabled =
+      config.permission.enabled === undefined ? true : config.permission.enabled;
 
     this.client = new WorkspaceClient(core, this.logger);
 
     await this.client.setup(core);
 
-    this.proxyWorkspaceTrafficToRealHandler(core);
-    this.permissionControl = new SavedObjectsPermissionControl(this.logger);
+    this.logger.info('Workspace permission control enabled:' + isPermissionControlEnabled);
+    if (isPermissionControlEnabled) {
+      this.proxyWorkspaceTrafficToRealHandler(core);
+      this.permissionControl = new SavedObjectsPermissionControl(this.logger);
 
-    const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
-      this.permissionControl
-    );
+      const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
+        this.permissionControl
+      );
 
-    core.savedObjects.addClientWrapper(
-      0,
-      WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
-      workspaceSavedObjectsClientWrapper.wrapperFactory
-    );
+      core.savedObjects.addClientWrapper(
+        0,
+        WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
+        workspaceSavedObjectsClientWrapper.wrapperFactory
+      );
+    }
 
     registerRoutes({
       http: core.http,
@@ -72,6 +82,13 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
       client: this.client as IWorkspaceClientImpl,
     });
 
+    core.capabilities.registerProvider(() => ({
+      workspaces: {
+        enabled: true,
+        permissionEnabled: isPermissionControlEnabled,
+      },
+    }));
+
     return {
       client: this.client,
     };