diff --git a/internal/admin/enterprise_handler.go b/internal/admin/enterprise_handler.go
index a408135709..863df29a76 100644
--- a/internal/admin/enterprise_handler.go
+++ b/internal/admin/enterprise_handler.go
@@ -20,7 +20,9 @@ import (
 	"errors"
 	"net/http"
 	"ragflow/internal/common"
+	"ragflow/internal/dao"
 	"strconv"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 )
@@ -215,6 +217,189 @@ func (h *Handler) ListResources(c *gin.Context) {
 	success(c, resources, "")
 }
 
+func (h *Handler) ShowRoleDefaultModels(c *gin.Context) {
+	roleName := c.Param("role_name")
+	if roleName == "" {
+		errorResponse(c, "Role name is required", 400)
+		return
+	}
+
+	result, err := h.service.ShowRoleDefaultModels(roleName)
+	if err != nil {
+		errorResponse(c, err.Error(), 500)
+		return
+	}
+	success(c, result, "Role default model set successfully")
+}
+
+type SetRoleDefaultModelRequest struct {
+	ModelID   string `json:"model_id"`
+	ModelType string `json:"model_type" binding:"required"`
+}
+
+func (h *Handler) SetRoleDefaultModel(c *gin.Context) {
+	roleName := c.Param("role_name")
+	if roleName == "" {
+		errorResponse(c, "Role name is required", 400)
+		return
+	}
+
+	var request SetRoleDefaultModelRequest
+	if err := c.ShouldBindJSON(&request); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    common.CodeBadRequest,
+			"data":    nil,
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	result, err := h.service.SetRoleDefaultModel(roleName, request.ModelID, request.ModelType)
+	if err != nil {
+		errorResponse(c, err.Error(), 500)
+		return
+	}
+	success(c, result, "Role default model set successfully")
+}
+
+type ResetRoleDefaultModelRequest struct {
+	ModelType string `json:"model_type" binding:"required"`
+}
+
+func (h *Handler) ResetRoleDefaultModel(c *gin.Context) {
+	roleName := c.Param("role_name")
+	if roleName == "" {
+		errorResponse(c, "Role name is required", 400)
+		return
+	}
+
+	var request ResetRoleDefaultModelRequest
+	if err := c.ShouldBindJSON(&request); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    common.CodeBadRequest,
+			"data":    nil,
+			"message": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	result, err := h.service.ResetRoleDefaultModel(roleName, request.ModelType)
+	if err != nil {
+		errorResponse(c, err.Error(), 500)
+		return
+	}
+	success(c, result, "Role default model set successfully")
+}
+
+func (h *Handler) ListProviders(c *gin.Context) {
+
+	keywords := ""
+	if queryKeywords := c.Query("available"); queryKeywords != "" {
+		keywords = queryKeywords
+	}
+
+	// convert keywords to small case
+	keywords = strings.ToLower(keywords)
+	if keywords == "true" {
+		// list pool providers
+		providers, err := dao.GetModelProviderManager().ListProviders()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"code":    common.CodeNotFound,
+				"message": err.Error(),
+			})
+			return
+		}
+
+		c.JSON(http.StatusOK, gin.H{
+			"code":    0,
+			"message": "success",
+			"data":    providers,
+		})
+	}
+}
+
+func (h *Handler) ShowProvider(c *gin.Context) {
+	providerName := c.Param("provider_name")
+	if providerName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    400,
+			"message": "Provider name is required",
+		})
+		return
+	}
+
+	provider, err := dao.GetModelProviderManager().GetProviderByName(providerName)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code":    common.CodeNotFound,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"code":    0,
+		"message": "success",
+		"data":    provider,
+	})
+}
+
+func (h *Handler) ListModels(c *gin.Context) {
+	providerName := c.Param("provider_name")
+	if providerName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    400,
+			"message": "Provider name is required",
+		})
+		return
+	}
+	models, err := dao.GetModelProviderManager().ListModels(providerName)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code":    common.CodeNotFound,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"code":    0,
+		"message": "success",
+		"data":    models,
+	})
+}
+
+func (h *Handler) ShowModel(c *gin.Context) {
+	providerName := c.Param("provider_name")
+	if providerName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    400,
+			"message": "Provider name is required",
+		})
+		return
+	}
+	modelName := c.Param("model_name")
+	if modelName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code":    400,
+			"message": "Model name is required",
+		})
+		return
+	}
+	model, err := dao.GetModelProviderManager().GetModelByName(providerName, modelName)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code":    common.CodeNotFound,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"code":    0,
+		"message": "success",
+		"data":    model,
+	})
+}
+
 type ListModelsOrShowModelRequest struct {
 	ModelName string `json:"model_name"`
 }
diff --git a/internal/admin/enterprise_service.go b/internal/admin/enterprise_service.go
index 48724fbb1a..fd25592008 100644
--- a/internal/admin/enterprise_service.go
+++ b/internal/admin/enterprise_service.go
@@ -132,6 +132,37 @@ func (s *Service) ListResources() (map[string]interface{}, error) {
 	return result, nil
 }
 
+func (s *Service) ShowRoleDefaultModels(roleName string) ([]map[string]interface{}, error) {
+	return []map[string]interface{}{
+		{
+			"command":   "show_role_default_models",
+			"role_name": roleName,
+			"error":     "'show role default models' is implemented in enterprise edition",
+		},
+	}, nil
+}
+
+// SetRoleDefaultModel set role default model
+func (s *Service) SetRoleDefaultModel(roleName, modelID, modelType string) (map[string]interface{}, error) {
+	return map[string]interface{}{
+		"command":    "set_role_default_model",
+		"role_name":  roleName,
+		"model_id":   modelID,
+		"model_type": modelType,
+		"error":      "'set role default model' is implemented in enterprise edition",
+	}, nil
+}
+
+// ResetRoleDefaultModel reset role default model
+func (s *Service) ResetRoleDefaultModel(roleName, modelType string) (map[string]interface{}, error) {
+	return map[string]interface{}{
+		"command":    "reset_role_default_model",
+		"role_name":  roleName,
+		"model_type": modelType,
+		"error":      "'reset role default model' is implemented in enterprise edition",
+	}, nil
+}
+
 // ListAllModels list all models
 func (s *Service) ListAllModels() ([]map[string]interface{}, error) {
 	return []map[string]interface{}{
diff --git a/internal/admin/handler.go b/internal/admin/handler.go
index 6634878f8e..6e9ceaedf2 100644
--- a/internal/admin/handler.go
+++ b/internal/admin/handler.go
@@ -22,14 +22,12 @@ import (
 	"fmt"
 	"net/http"
 	"ragflow/internal/common"
-	"ragflow/internal/dao"
 	"ragflow/internal/engine"
 	"ragflow/internal/engine/redis"
 	"ragflow/internal/server"
 	"ragflow/internal/service"
 	"ragflow/internal/utility"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -656,115 +654,6 @@ func (h *Handler) RestartService(c *gin.Context) {
 	success(c, result, "")
 }
 
-func (h *Handler) ListProviders(c *gin.Context) {
-
-	keywords := ""
-	if queryKeywords := c.Query("available"); queryKeywords != "" {
-		keywords = queryKeywords
-	}
-
-	// convert keywords to small case
-	keywords = strings.ToLower(keywords)
-	if keywords == "true" {
-		// list pool providers
-		providers, err := dao.GetModelProviderManager().ListProviders()
-		if err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"code":    common.CodeNotFound,
-				"message": err.Error(),
-			})
-			return
-		}
-
-		c.JSON(http.StatusOK, gin.H{
-			"code":    0,
-			"message": "success",
-			"data":    providers,
-		})
-	}
-}
-
-func (h *Handler) ShowProvider(c *gin.Context) {
-	providerName := c.Param("provider_name")
-	if providerName == "" {
-		c.JSON(http.StatusBadRequest, gin.H{
-			"code":    400,
-			"message": "Provider name is required",
-		})
-		return
-	}
-
-	provider, err := dao.GetModelProviderManager().GetProviderByName(providerName)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"code":    common.CodeNotFound,
-			"message": err.Error(),
-		})
-		return
-	}
-	c.JSON(http.StatusOK, gin.H{
-		"code":    0,
-		"message": "success",
-		"data":    provider,
-	})
-}
-
-func (h *Handler) ListModels(c *gin.Context) {
-	providerName := c.Param("provider_name")
-	if providerName == "" {
-		c.JSON(http.StatusBadRequest, gin.H{
-			"code":    400,
-			"message": "Provider name is required",
-		})
-		return
-	}
-	models, err := dao.GetModelProviderManager().ListModels(providerName)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"code":    common.CodeNotFound,
-			"message": err.Error(),
-		})
-		return
-	}
-	c.JSON(http.StatusOK, gin.H{
-		"code":    0,
-		"message": "success",
-		"data":    models,
-	})
-}
-
-func (h *Handler) ShowModel(c *gin.Context) {
-	providerName := c.Param("provider_name")
-	if providerName == "" {
-		c.JSON(http.StatusBadRequest, gin.H{
-			"code":    400,
-			"message": "Provider name is required",
-		})
-		return
-	}
-	modelName := c.Param("model_name")
-	if modelName == "" {
-		c.JSON(http.StatusBadRequest, gin.H{
-			"code":    400,
-			"message": "Model name is required",
-		})
-		return
-	}
-	model, err := dao.GetModelProviderManager().GetModelByName(providerName, modelName)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"code":    common.CodeNotFound,
-			"message": err.Error(),
-		})
-		return
-	}
-	c.JSON(http.StatusOK, gin.H{
-		"code":    0,
-		"message": "success",
-		"data":    model,
-	})
-}
-
 // ListVariables handle list variables
 func (h *Handler) ListVariables(c *gin.Context) {
 	// Check if request has body content
diff --git a/internal/admin/router.go b/internal/admin/router.go
index 8f5e4ba6bc..35b4b47132 100644
--- a/internal/admin/router.go
+++ b/internal/admin/router.go
@@ -94,14 +94,6 @@ func (r *Router) Setup(engine *gin.Engine) {
 			protected.GET("/log_level", r.handler.GetLogLevel)
 			protected.PUT("/log_level", r.handler.SetLogLevel)
 
-			provider := protected.Group("/providers")
-			{
-				provider.GET("/", r.handler.ListProviders)
-				provider.GET("/:provider_name", r.handler.ShowProvider)
-				provider.GET("/:provider_name/models", r.handler.ListModels)
-				provider.GET("/:provider_name/models/:model_name", r.handler.ShowModel)
-			}
-
 			queue := protected.Group("/queue")
 			{
 				queue.GET("/", r.handler.ShowMessageQueue)
@@ -176,8 +168,33 @@ func (r *Router) Setup(engine *gin.Engine) {
 			protected.POST("/roles/:role_name/permission", r.handler.GrantRolePermission)
 			protected.DELETE("/roles/:role_name/permission", r.handler.RevokeRolePermission)
 			protected.GET("/roles/resource", r.handler.ListResources)
+			protected.GET("/roles/:role_name/default-models", r.handler.ShowRoleDefaultModels)
+			protected.PATCH("/roles/:role_name/default-models", r.handler.SetRoleDefaultModel)
+			protected.DELETE("/roles/:role_name/default-models", r.handler.ResetRoleDefaultModel)
+
+			// Providers and models
+			provider := protected.Group("/providers")
+			{
+				provider.GET("/", r.handler.ListProviders)
+				//	provider.PUT("/", r.handler.AddProvider)
+				provider.GET("/:provider_name", r.handler.ShowProvider)
+				//	provider.DELETE("/:provider_name", r.handler.DeleteProvider)
+				provider.GET("/:provider_name/models", r.handler.ListModels)
+				provider.GET("/:provider_name/models/:model_name", r.handler.ShowModel)
+				//	provider.POST("/:provider_name/instances", r.handler.CreateProviderInstance)
+				//	provider.GET("/:provider_name/instances", r.handler.ListProviderInstances)
+				//	provider.GET("/:provider_name/instances/:instance_name", r.handler.ShowProviderInstance)
+				//	provider.GET("/:provider_name/instances/:instance_name/balance", r.handler.ShowInstanceBalance)
+				//	provider.GET("/:provider_name/instances/:instance_name/connection", r.handler.CheckInstanceConnection)
+				//	provider.POST("/:provider_name/connection", r.handler.CheckProviderConnection)
+				//	provider.PUT("/:provider_name/instances/:instance_name", r.handler.AlterProviderInstance)
+				//	provider.DELETE("/:provider_name/instances", r.handler.DropProviderInstance)
+				//	provider.GET("/:provider_name/instances/:instance_name/models", r.handler.ListInstanceModels)
+				//	provider.PATCH("/:provider_name/instances/:instance_name/models/*model_name", r.handler.EnableOrDisableModel)
+				//	provider.POST("/:provider_name/instances/:instance_name/models", r.handler.AddModel)
+				//	provider.DELETE("/:provider_name/instances/:instance_name/models", r.handler.DropInstanceModels)
+			}
 
-			// Models
 			protected.GET("/all-models", r.handler.ListModelsOrShowModel)
 
 			// License
diff --git a/internal/cli/admin_command.go b/internal/cli/admin_command.go
index 3415fc6950..68cfafd641 100644
--- a/internal/cli/admin_command.go
+++ b/internal/cli/admin_command.go
@@ -1074,6 +1074,107 @@ func (c *CLI) SetVariable(cmd *Command) (ResponseIf, error) {
 	return &result, nil
 }
 
+// AdminSetRoleDefaultModelsCommand set role default models (admin mode only).
+func (c *CLI) AdminSetRoleDefaultModelsCommand(cmd *Command) (ResponseIf, error) {
+	if c.Config.CLIMode != AdminMode || c.AdminServerClient.LoginToken == nil {
+		return nil, fmt.Errorf("this command is only allowed in ADMIN mode or already login")
+	}
+
+	roleName, ok := cmd.Params["role_name"].(string)
+	if !ok {
+		return nil, fmt.Errorf("role_name not provided")
+	}
+
+	modelType, ok := cmd.Params["model_type"].(string)
+	if !ok {
+		return nil, fmt.Errorf("model_type not provided")
+	}
+
+	payload := map[string]interface{}{
+		"model_type": modelType,
+	}
+
+	var modelName string
+	modelID, ok := cmd.Params["model_id"].(string)
+	if ok {
+		payload["model_id"] = modelID
+	} else {
+		modelName, ok = cmd.Params["composite_model_name"].(string)
+		if ok {
+			payload["model_name"] = modelName
+		} else {
+			return nil, fmt.Errorf("model_id or model_name not provided")
+		}
+	}
+
+	endPoint := fmt.Sprintf("/admin/roles/%s/default-models", roleName)
+
+	resp, err := c.AdminServerClient.Request("PATCH", endPoint, "admin", nil, payload)
+	if err != nil {
+		return nil, fmt.Errorf("failed to set role default models: %w", err)
+	}
+
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("failed to set role default models: HTTP %d, body: %s", resp.StatusCode, string(resp.Body))
+	}
+
+	var result CommonDataResponse
+	if err = json.Unmarshal(resp.Body, &result); err != nil {
+		return nil, fmt.Errorf("set role default models failed: invalid JSON (%w)", err)
+	}
+
+	if result.Code != 0 {
+		return nil, fmt.Errorf("%s", result.Message)
+	}
+
+	result.Duration = resp.Duration
+	return &result, nil
+}
+
+// AdminResetRoleDefaultModelsCommand reset role default models (admin mode only).
+func (c *CLI) AdminResetRoleDefaultModelsCommand(cmd *Command) (ResponseIf, error) {
+	if c.Config.CLIMode != AdminMode || c.AdminServerClient.LoginToken == nil {
+		return nil, fmt.Errorf("this command is only allowed in ADMIN mode or already login")
+	}
+
+	roleName, ok := cmd.Params["role_name"].(string)
+	if !ok {
+		return nil, fmt.Errorf("role_name not provided")
+	}
+
+	modelType, ok := cmd.Params["model_type"].(string)
+	if !ok {
+		return nil, fmt.Errorf("model_type not provided")
+	}
+
+	payload := map[string]interface{}{
+		"model_type": modelType,
+	}
+
+	endPoint := fmt.Sprintf("/admin/roles/%s/default-models", roleName)
+
+	resp, err := c.AdminServerClient.Request("DELETE", endPoint, "admin", nil, payload)
+	if err != nil {
+		return nil, fmt.Errorf("failed to reset role default models: %w", err)
+	}
+
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("failed to reset role default models: HTTP %d, body: %s", resp.StatusCode, string(resp.Body))
+	}
+
+	var result CommonDataResponse
+	if err = json.Unmarshal(resp.Body, &result); err != nil {
+		return nil, fmt.Errorf("reset role default models failed: invalid JSON (%w)", err)
+	}
+
+	if result.Code != 0 {
+		return nil, fmt.Errorf("%s", result.Message)
+	}
+
+	result.Duration = resp.Duration
+	return &result, nil
+}
+
 // AdminDropUserCommand deletes a user (admin mode only)
 func (c *CLI) AdminDropUserCommand(cmd *Command) (ResponseIf, error) {
 	if c.Config.CLIMode != AdminMode || c.AdminServerClient.LoginToken == nil {
@@ -1731,6 +1832,38 @@ func (c *CLI) AdminShowRoleCommand(cmd *Command) (ResponseIf, error) {
 	return &result, nil
 }
 
+// AdminShowRoleDefaultModelsCommand show role default models command (admin mode only)
+func (c *CLI) AdminShowRoleDefaultModelsCommand(cmd *Command) (ResponseIf, error) {
+	if c.Config.CLIMode != AdminMode || c.AdminServerClient.LoginToken == nil {
+		return nil, fmt.Errorf("this command is only allowed in ADMIN mode or already login")
+	}
+
+	roleName := cmd.Params["role_name"].(string)
+
+	endPoint := fmt.Sprintf("/admin/roles/%s/default-models", roleName)
+
+	resp, err := c.AdminServerClient.Request("GET", endPoint, "admin", nil, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to show role default models: %w", err)
+	}
+
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("failed to show role default models: HTTP %d, body: %s", resp.StatusCode, string(resp.Body))
+	}
+
+	var result CommonResponse
+	if err = json.Unmarshal(resp.Body, &result); err != nil {
+		return nil, fmt.Errorf("show role default models failed: invalid JSON (%w)", err)
+	}
+
+	if result.Code != 0 {
+		return nil, fmt.Errorf("%s", result.Message)
+	}
+
+	result.Duration = resp.Duration
+	return &result, nil
+}
+
 func (c *CLI) AdminShowUserActivityCommand(cmd *Command) (ResponseIf, error) {
 
 	if c.Config.CLIMode != AdminMode || c.AdminServerClient.LoginToken == nil {
diff --git a/internal/cli/admin_parser.go b/internal/cli/admin_parser.go
index c7b7bee5fe..22982b5093 100644
--- a/internal/cli/admin_parser.go
+++ b/internal/cli/admin_parser.go
@@ -278,7 +278,7 @@ func (p *Parser) parseAdminListModels() (*Command, error) {
 
 // region SHOW commands
 
-func (p *Parser) parseAdminShowCommand() (*Command, error) {
+func (p *Parser) parseAdminShowCommands() (*Command, error) {
 	p.nextToken() // consume SHOW
 
 	switch p.curToken.Type {
@@ -531,6 +531,7 @@ func (p *Parser) parseAdminShowUserPermissionCommand(userName string) (*Command,
 }
 
 // SHOW ROLE 'role_name';
+// SHOW ROLE 'role_name' DEFAULT MODELS;
 func (p *Parser) parseAdminShowRole() (*Command, error) {
 	p.nextToken() // consume ROLE
 
@@ -541,19 +542,28 @@ func (p *Parser) parseAdminShowRole() (*Command, error) {
 	p.nextToken()
 
 	var cmd *Command
-	if p.curToken.Type == TokenPermission {
+
+	switch p.curToken.Type {
+	case TokenPermission:
 		p.nextToken()
 		cmd = NewCommand("admin_show_role_permission")
 		cmd.Params["role_name"] = roleName
-	} else {
+	case TokenDefault:
+		p.nextToken()
+		if p.curToken.Type != TokenModels {
+			return nil, fmt.Errorf("expect MODELS after DEFAULT")
+		}
+		p.nextToken()
+		cmd = NewCommand("admin_show_role_default_models")
+		cmd.Params["role_name"] = roleName
+	case TokenSemicolon:
+		p.nextToken()
 		cmd = NewCommand("admin_show_role")
 		cmd.Params["role_name"] = roleName
+	default:
+		return nil, fmt.Errorf("invalid command %s", tokenTypeToString(p.curToken.Type))
 	}
 
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
 	return cmd, nil
 }
 
@@ -1387,8 +1397,8 @@ func (p *Parser) parseAdminSetCommand() (*Command, error) {
 		return p.parseAdminSetLicense()
 	case TokenVar:
 		return p.parseAdminSetVariable()
-	case TokenDefault:
-		return p.parseAdminSetDefault()
+	case TokenRole:
+		return p.parseAdminSetRoleDefaultModel()
 	default:
 		return nil, fmt.Errorf("unknown SET target: %s", p.curToken.Value)
 	}
@@ -1458,8 +1468,19 @@ func (p *Parser) parseAdminSetVariable() (*Command, error) {
 	return cmd, nil
 }
 
-func (p *Parser) parseAdminSetDefault() (*Command, error) {
-	p.nextToken() // consume DEFAULT
+func (p *Parser) parseAdminSetRoleDefaultModel() (*Command, error) {
+	p.nextToken() // consume ROLE
+
+	roleName, err := p.parseQuotedString()
+	if err != nil {
+		return nil, err
+	}
+	p.nextToken()
+
+	if p.curToken.Type != TokenDefault {
+		return nil, fmt.Errorf("expected DEFAULT")
+	}
+	p.nextToken()
 
 	var modelType string
 
@@ -1481,14 +1502,15 @@ func (p *Parser) parseAdminSetDefault() (*Command, error) {
 	default:
 		return nil, fmt.Errorf("unknown model type: %s", p.curToken.Value)
 	}
-
 	p.nextToken()
+
 	modelNameOrID, err := p.parseQuotedString()
 	if err != nil {
 		return nil, err
 	}
 
-	cmd := NewCommand("set_default_model")
+	cmd := NewCommand("admin_set_role_default_model")
+	cmd.Params["role_name"] = roleName
 	cmd.Params["model_type"] = modelType
 	if common.IsCompositeModelName(modelNameOrID) {
 		cmd.Params["composite_model_name"] = modelNameOrID
@@ -1506,27 +1528,19 @@ func (p *Parser) parseAdminSetDefault() (*Command, error) {
 	return cmd, nil
 }
 
-func (p *Parser) parseAdminSetToken() (*Command, error) {
-	p.nextToken() // consume TOKEN
+func (p *Parser) parseAdminResetCommand() (*Command, error) {
+	p.nextToken() // consume RESET
 
-	tokenValue, err := p.parseQuotedString()
+	if p.curToken.Type != TokenRole {
+		return nil, fmt.Errorf("expected ROLE")
+	}
+	p.nextToken()
+
+	roleName, err := p.parseQuotedString()
 	if err != nil {
 		return nil, err
 	}
-
-	cmd := NewCommand("set_token")
-	cmd.Params["token"] = tokenValue
-
 	p.nextToken()
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
-	return cmd, nil
-}
-
-func (p *Parser) parseAdminResetCommand() (*Command, error) {
-	p.nextToken() // consume RESET
 
 	if p.curToken.Type != TokenDefault {
 		return nil, fmt.Errorf("expected DEFAULT")
@@ -1552,151 +1566,12 @@ func (p *Parser) parseAdminResetCommand() (*Command, error) {
 	default:
 		return nil, fmt.Errorf("unknown model type: %s", p.curToken.Value)
 	}
+	p.nextToken()
 
-	cmd := NewCommand("reset_default_model")
+	cmd := NewCommand("admin_reset_role_default_model")
+	cmd.Params["role_name"] = roleName
 	cmd.Params["model_type"] = modelType
 
-	p.nextToken()
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
-	return cmd, nil
-}
-
-func (p *Parser) parseAdminImportCommand() (*Command, error) {
-	p.nextToken() // consume IMPORT
-	documentPaths, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	p.nextToken()
-	if p.curToken.Type != TokenInto {
-		return nil, fmt.Errorf("expected INTO")
-	}
-	p.nextToken()
-	if p.curToken.Type != TokenDataset {
-		return nil, fmt.Errorf("expected DATASET")
-	}
-	p.nextToken()
-
-	datasetName, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	cmd := NewCommand("import_docs_into_dataset")
-	cmd.Params["document_paths"] = documentPaths
-	cmd.Params["dataset_name"] = datasetName
-
-	p.nextToken()
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
-	return cmd, nil
-}
-
-func (p *Parser) parseAdminRetrieveCommand() (*Command, error) {
-	p.nextToken() // consume SEARCH
-	question, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	p.nextToken()
-	if p.curToken.Type != TokenOn {
-		return nil, fmt.Errorf("expected ON")
-	}
-	p.nextToken()
-	if p.curToken.Type != TokenDatasets {
-		return nil, fmt.Errorf("expected DATASETS")
-	}
-	p.nextToken()
-
-	datasets, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	cmd := NewCommand("search_on_datasets")
-	cmd.Params["question"] = question
-	cmd.Params["datasets"] = datasets
-
-	p.nextToken()
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
-	return cmd, nil
-}
-
-func (p *Parser) parseAdminParseCommand() (*Command, error) {
-	p.nextToken() // consume PARSE
-
-	if p.curToken.Type == TokenDataset {
-		return p.parseParseDataset()
-	}
-
-	return p.parseParseDocs()
-}
-
-func (p *Parser) parseAdminParseDataset() (*Command, error) {
-	p.nextToken() // consume DATASET
-	datasetName, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	p.nextToken()
-	var method string
-	if p.curToken.Type == TokenSync {
-		method = "sync"
-	} else if p.curToken.Type == TokenAsync {
-		method = "async"
-	} else {
-		return nil, fmt.Errorf("expected SYNC or ASYNC")
-	}
-
-	cmd := NewCommand("parse_dataset")
-	cmd.Params["dataset_name"] = datasetName
-	cmd.Params["method"] = method
-
-	p.nextToken()
-	// Semicolon is optional
-	if p.curToken.Type == TokenSemicolon {
-		p.nextToken()
-	}
-	return cmd, nil
-}
-
-func (p *Parser) parseAdminParseDocs() (*Command, error) {
-	documentNames, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	p.nextToken()
-	if p.curToken.Type != TokenOf {
-		return nil, fmt.Errorf("expected OF")
-	}
-	p.nextToken()
-	if p.curToken.Type != TokenDataset {
-		return nil, fmt.Errorf("expected DATASET")
-	}
-	p.nextToken()
-
-	datasetName, err := p.parseQuotedString()
-	if err != nil {
-		return nil, err
-	}
-
-	cmd := NewCommand("parse_dataset_docs")
-	cmd.Params["document_names"] = documentNames
-	cmd.Params["dataset_name"] = datasetName
-
-	p.nextToken()
 	// Semicolon is optional
 	if p.curToken.Type == TokenSemicolon {
 		p.nextToken()
diff --git a/internal/cli/cli_http.go b/internal/cli/cli_http.go
index 5dc1918f45..f8035fdcb5 100644
--- a/internal/cli/cli_http.go
+++ b/internal/cli/cli_http.go
@@ -101,6 +101,10 @@ func (c *CLI) ExecuteAdminCommand(cmd *Command) (ResponseIf, error) {
 		return c.AdminSetLicenseConfigCommand(cmd)
 	case "set_variable":
 		return c.SetVariable(cmd)
+	case "admin_set_role_default_model":
+		return c.AdminSetRoleDefaultModelsCommand(cmd)
+	case "admin_reset_role_default_model":
+		return c.AdminResetRoleDefaultModelsCommand(cmd)
 	case "list_user_datasets":
 		return c.ListUserDatasets(cmd)
 	case "admin_list_resources_command":
@@ -153,6 +157,8 @@ func (c *CLI) ExecuteAdminCommand(cmd *Command) (ResponseIf, error) {
 		return c.AdminShowUserCommand(cmd)
 	case "admin_show_role":
 		return c.AdminShowRoleCommand(cmd)
+	case "admin_show_role_default_models":
+		return c.AdminShowRoleDefaultModelsCommand(cmd)
 	case "admin_show_user_activity_command":
 		return c.AdminShowUserActivityCommand(cmd)
 	case "admin_show_user_summary_command":
diff --git a/internal/cli/lexer.go b/internal/cli/lexer.go
index 7bf930f67c..c95784d689 100644
--- a/internal/cli/lexer.go
+++ b/internal/cli/lexer.go
@@ -205,8 +205,6 @@ func (l *Lexer) lookupIdent(ident string) Token {
 		return Token{Type: TokenService, Value: ident}
 	case "SHUTDOWN":
 		return Token{Type: TokenShutdown, Value: ident}
-	case "STARTUP":
-		return Token{Type: TokenStartup, Value: ident}
 	case "RESTART":
 		return Token{Type: TokenRestart, Value: ident}
 	case "USERS":
diff --git a/internal/cli/parser.go b/internal/cli/parser.go
index dc40ce87a6..96de3a8862 100644
--- a/internal/cli/parser.go
+++ b/internal/cli/parser.go
@@ -89,7 +89,7 @@ func (p *Parser) parseAdminCommand() (*Command, error) {
 	case TokenList:
 		return p.parseAdminListCommand()
 	case TokenShow:
-		return p.parseAdminShowCommand()
+		return p.parseAdminShowCommands()
 	case TokenCheck:
 		return p.parseAdminCheck()
 	case TokenCreate:
diff --git a/internal/cli/types.go b/internal/cli/types.go
index fdd4a71294..e9e504f2b3 100644
--- a/internal/cli/types.go
+++ b/internal/cli/types.go
@@ -34,7 +34,6 @@ const (
 	TokenCreate
 	TokenService
 	TokenShutdown
-	TokenStartup
 	TokenRestart
 	TokenUsers
 	TokenDrop
diff --git a/internal/service/tenant.go b/internal/service/tenant.go
index ff3ccb5120..9befb6b736 100644
--- a/internal/service/tenant.go
+++ b/internal/service/tenant.go
@@ -419,10 +419,6 @@ type ModelItem struct {
 	Enable        bool    `json:"enable"`
 }
 
-type DefaultModelResponse struct {
-	Models []ModelItem `json:"models,omitempty"`
-}
-
 // GetDefaultModelName returns the full default model ID for a tenant and model type
 // Format: modelName@instanceName@providerName or modelName@providerName
 // Returns empty string if no default model is set