diff --git a/app/Http/Controllers/Auth/Permission/ListController.php b/app/Http/Controllers/Auth/Permission/ListController.php
new file mode 100644
index 0000000..29256f1
--- /dev/null
+++ b/app/Http/Controllers/Auth/Permission/ListController.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Controllers\Auth\Permission;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use App\Http\Requests\Auth\Permission\ListRequest;
+use App\Http\Resources\Auth\Permission\ListResource;
+use App\Repositories\Auth\PermissionRepository;
+
+class ListController extends Controller
+{
+    /**
+     * Handle the incoming request.
+     */
+    public function __invoke(ListRequest $request, PermissionRepository $repository)
+    {
+        $params = $request->validated();
+        $data = $repository->list($params);
+        return ListResource::collection($data);
+    }
+}
diff --git a/app/Http/Requests/Auth/Permission/ListRequest.php b/app/Http/Requests/Auth/Permission/ListRequest.php
new file mode 100644
index 0000000..c8febbe
--- /dev/null
+++ b/app/Http/Requests/Auth/Permission/ListRequest.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Requests\Auth\Permission;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class ListRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return auth()->user()->checkPermission("auth.role:read");
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            'limit' => 'nullable',
+            'offset' => 'nullable',
+            'search' => 'nullable',
+
+            'filter' => 'nullable|array',
+            'filter.*.column' => 'required|in:name,email',
+            'filter.*.operator' => 'nullable|in:eq,in',
+            'filter.*.query' => 'required',
+
+            'sort' => 'nullable|array',
+            'sort.column' => 'nullable|in:name,email',
+            'sort.dir' => 'nullable',
+        ];
+    }
+}
diff --git a/app/Http/Resources/Auth/CurrentResource.php b/app/Http/Resources/Auth/CurrentResource.php
index 105bdf8..a6cebce 100644
--- a/app/Http/Resources/Auth/CurrentResource.php
+++ b/app/Http/Resources/Auth/CurrentResource.php
@@ -4,7 +4,7 @@ namespace App\Http\Resources\Auth;
 
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
-use App\Http\Resources\Auth\Role\ListResource as RoleResource;
+use App\Http\Resources\Auth\Role\SimpleResource as RoleResource;
 
 class CurrentResource extends JsonResource
 {
diff --git a/app/Http/Resources/Auth/Permission/ListResource.php b/app/Http/Resources/Auth/Permission/ListResource.php
new file mode 100644
index 0000000..0b7ef74
--- /dev/null
+++ b/app/Http/Resources/Auth/Permission/ListResource.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Resources\Auth\Permission;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class ListResource extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @return array<string, mixed>
+     */
+    public function toArray(Request $request): array
+    {
+        return [
+            "id" => $this->id,
+            "code" => $this->code,
+            "name" => $this->name
+        ];
+    }
+}
diff --git a/app/Http/Resources/Auth/Role/ListResource.php b/app/Http/Resources/Auth/Role/ListResource.php
index 5d318a8..7b96a55 100644
--- a/app/Http/Resources/Auth/Role/ListResource.php
+++ b/app/Http/Resources/Auth/Role/ListResource.php
@@ -4,6 +4,7 @@ namespace App\Http\Resources\Auth\Role;
 
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
+use App\Http\Resources\Auth\Permission\ListResource as PermissionResource;
 
 class ListResource extends JsonResource
 {
@@ -17,6 +18,7 @@ class ListResource extends JsonResource
         return [
             "id" => $this->id,
             "name" => $this->name,
+            "permissions" => PermissionResource::collection($this->permissions)
         ];
     }
 }
diff --git a/app/Http/Resources/Auth/Role/SimpleResource.php b/app/Http/Resources/Auth/Role/SimpleResource.php
new file mode 100644
index 0000000..677341c
--- /dev/null
+++ b/app/Http/Resources/Auth/Role/SimpleResource.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Resources\Auth\Role;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class SimpleResource extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @return array<string, mixed>
+     */
+    public function toArray(Request $request): array
+    {
+        return [
+            "id" => $this->id,
+            "name" => $this->name,
+        ];
+    }
+}
diff --git a/app/Repositories/Auth/PermissionRepository.php b/app/Repositories/Auth/PermissionRepository.php
new file mode 100644
index 0000000..d3854d6
--- /dev/null
+++ b/app/Repositories/Auth/PermissionRepository.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Repositories\Auth;
+
+use App\Models\Permission;
+
+class PermissionRepository
+{
+
+    public function list($params){
+
+        $limit = @$params["limit"] ?? 10;
+        $offset = @$params["offset"] ?? 0;
+        $sortColumn = @$params["sort"]["column"] ?? "id";
+        $sortDir = @$params["sort"]["dir"] ?? "desc";
+        $search = @$params["search"];
+
+        return Permission::skip($offset)
+            ->orderBy($sortColumn, $sortDir)
+            ->when($search, function ($query) use ($search){
+                $query->where(function($query) use ($search){
+                    $query->where("name","ilike","%$search%");
+                    $query->orWhere("code","ilike","%$search%");
+                });
+            })
+            ->when(@$params["filter"], function ($query) use ($params) {
+                foreach ($params["filter"] as $filter) {
+                    $query->where($filter["column"], $filter["query"]);
+                }
+            })
+            ->paginate($limit);
+    }
+
+    public function create($params){
+
+        return $model;
+    }
+
+    public function update($model, $params){
+
+        return $model;
+    }
+
+    public function delete($model){
+
+        $model->delete();
+    }
+}
+
diff --git a/routes/auth.php b/routes/auth.php
index f8c3dc7..8fab807 100644
--- a/routes/auth.php
+++ b/routes/auth.php
@@ -21,3 +21,9 @@ Route::group(["namespace" => "Role", "prefix" => "role", "middleware" => "auth:s
     Route::post('/{role}', 'UpdateController')->middleware("auth:sanctum");
     Route::post('/{role}/delete', 'DeleteController')->middleware("auth:sanctum");
 });
+
+
+Route::group(["namespace" => "Permission", "prefix" => "permission", "middleware" => "auth:sanctum"], function () {
+
+    Route::get('/', 'ListController')->middleware("auth:sanctum");
+});
diff --git a/tests/Feature/Auth/Permission/ListTest.php b/tests/Feature/Auth/Permission/ListTest.php
new file mode 100644
index 0000000..36326a6
--- /dev/null
+++ b/tests/Feature/Auth/Permission/ListTest.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace Tests\Feature\Auth\Permission;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Foundation\Testing\WithFaker;
+use Tests\TestCase;
+
+use App\Models\Role;
+use App\Models\Permission;
+
+use App\Models\User;
+use Laravel\Sanctum\Sanctum;
+
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+
+class ListTest extends TestCase
+{
+    use DatabaseTransactions;
+
+    /**
+     * A basic feature test example.
+     */
+    public function test_success(): void
+    {
+        $permission = Permission::where("code","auth.role:read")->first();
+        $role = Role::factory()->create();
+        $role->permissions()->attach($permission->id);
+        $user = User::factory()->create();
+        $user->roles()->attach($role->id);
+
+        Sanctum::actingAs($user);
+
+        $response = $this->get('/auth/permission?search=auth.role:read');
+
+        $response->assertStatus(200);
+        $response->assertJson([
+            "data" => [
+                [
+                    "id" => $permission->id,
+                    "name" => $permission->name
+                ]
+            ]
+        ]);
+    }
+}