diff --git a/src/core/server/workspaces/index.ts b/src/core/server/workspaces/index.ts
index b9f765e4bba..5441216c731 100644
--- a/src/core/server/workspaces/index.ts
+++ b/src/core/server/workspaces/index.ts
@@ -11,3 +11,5 @@ export {
 } from './workspaces_service';
 
 export { WorkspaceAttribute, WorkspaceFindOptions } from './types';
+
+export { WorkspacePermissionControl } from './workspace_permission_control';
diff --git a/src/core/server/workspaces/workspace_permission_control.ts b/src/core/server/workspaces/workspace_permission_control.ts
new file mode 100644
index 00000000000..bf85562c466
--- /dev/null
+++ b/src/core/server/workspaces/workspace_permission_control.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { OpenSearchDashboardsRequest } from '../http';
+
+export enum WorkspacePermissionMode {
+  Read,
+  Admin,
+}
+
+export class WorkspacePermissionControl {
+  public async validate(
+    workspaceId: string,
+    permissionModeOrModes: WorkspacePermissionMode | WorkspacePermissionMode[],
+    request: OpenSearchDashboardsRequest
+  ) {
+    return true;
+  }
+
+  public async setup() {}
+}
diff --git a/src/core/server/workspaces/workspaces_service.ts b/src/core/server/workspaces/workspaces_service.ts
index 7aa01db34be..887cf46af86 100644
--- a/src/core/server/workspaces/workspaces_service.ts
+++ b/src/core/server/workspaces/workspaces_service.ts
@@ -14,13 +14,16 @@ import {
 } from '../saved_objects';
 import { IWorkspaceDBImpl } from './types';
 import { WorkspacesClientWithSavedObject } from './workspaces_client';
+import { WorkspacePermissionControl } from './workspace_permission_control';
 
 export interface WorkspacesServiceSetup {
   client: IWorkspaceDBImpl;
+  permissionControl: WorkspacePermissionControl;
 }
 
 export interface WorkspacesServiceStart {
   client: IWorkspaceDBImpl;
+  permissionControl: WorkspacePermissionControl;
 }
 
 export interface WorkspacesSetupDeps {
@@ -40,6 +43,8 @@ export class WorkspacesService
   implements CoreService<WorkspacesServiceSetup, WorkspacesServiceStart> {
   private logger: Logger;
   private client?: IWorkspaceDBImpl;
+  private permissionControl?: WorkspacePermissionControl;
+
   constructor(coreContext: CoreContext) {
     this.logger = coreContext.logger.get('workspaces-service');
   }
@@ -65,7 +70,11 @@ export class WorkspacesService
     this.logger.debug('Setting up Workspaces service');
 
     this.client = new WorkspacesClientWithSavedObject(setupDeps);
+    this.permissionControl = new WorkspacePermissionControl();
+
     await this.client.setup(setupDeps);
+    await this.permissionControl.setup();
+
     this.proxyWorkspaceTrafficToRealHandler(setupDeps);
 
     registerRoutes({
@@ -76,6 +85,7 @@ export class WorkspacesService
 
     return {
       client: this.client,
+      permissionControl: this.permissionControl,
     };
   }
 
@@ -84,6 +94,7 @@ export class WorkspacesService
 
     return {
       client: this.client as IWorkspaceDBImpl,
+      permissionControl: this.permissionControl as WorkspacePermissionControl,
     };
   }