diff --git a/api/services/enterprise/rbac_service.py b/api/services/enterprise/rbac_service.py
index 39a3a61a781..c32a5759105 100644
--- a/api/services/enterprise/rbac_service.py
+++ b/api/services/enterprise/rbac_service.py
@@ -321,6 +321,8 @@ _LEGACY_WORKSPACE_OWNER_KEYS: list[str] = [
     "dataset.external.connect",
     "tool.manage",
     "mcp.manage",
+    "snippets.create_and_modify",
+    "snippets.management",
 ]
 
 _LEGACY_WORKSPACE_ADMIN_KEYS: list[str] = [
@@ -343,6 +345,8 @@ _LEGACY_WORKSPACE_ADMIN_KEYS: list[str] = [
     "dataset.external.connect",
     "tool.manage",
     "mcp.manage",
+    "snippets.create_and_modify",
+    "snippets.management",
 ]
 
 _LEGACY_WORKSPACE_EDITOR_KEYS: list[str] = [
@@ -357,6 +361,7 @@ _LEGACY_WORKSPACE_EDITOR_KEYS: list[str] = [
     "dataset.tag.manage",
     "dataset.external.connect",
     "tool.manage",
+    "snippets.create_and_modify",
 ]
 
 _LEGACY_WORKSPACE_NORMAL_KEYS: list[str] = [
diff --git a/api/tests/unit_tests/services/enterprise/test_rbac_service.py b/api/tests/unit_tests/services/enterprise/test_rbac_service.py
index aa4780af0b4..dfd5662cf3e 100644
--- a/api/tests/unit_tests/services/enterprise/test_rbac_service.py
+++ b/api/tests/unit_tests/services/enterprise/test_rbac_service.py
@@ -621,6 +621,38 @@ class TestMyPermissions:
         assert out.app.overrides == []
         assert out.dataset.overrides == []
 
+    @pytest.mark.parametrize(
+        ("role", "expected_snippet_keys"),
+        [
+            ("owner", {"snippets.create_and_modify", "snippets.management"}),
+            ("admin", {"snippets.create_and_modify", "snippets.management"}),
+            ("editor", {"snippets.create_and_modify"}),
+            ("normal", set()),
+            ("dataset_operator", set()),
+        ],
+    )
+    def test_get_uses_legacy_snippet_permissions_when_rbac_disabled(
+        self,
+        mock_send: MagicMock,
+        role: str,
+        expected_snippet_keys: set[str],
+    ):
+        mock_session = MagicMock()
+        mock_session.__enter__.return_value = mock_session
+        mock_session.scalar.return_value = role
+        with (
+            patch(f"{MODULE}.dify_config.RBAC_ENABLED", False),
+            patch(f"{MODULE}.session_factory.create_session", return_value=mock_session),
+        ):
+            out = svc.RBACService.MyPermissions.get("tenant-1", "acct-1")
+
+        actual_snippet_keys = {
+            permission_key for permission_key in out.workspace.permission_keys if permission_key.startswith("snippets.")
+        }
+
+        mock_send.assert_not_called()
+        assert actual_snippet_keys == expected_snippet_keys
+
     def test_get_returns_empty_when_role_missing_and_rbac_disabled(self, mock_send: MagicMock):
         mock_session = MagicMock()
         mock_session.__enter__.return_value = mock_session