diff --git a/app/Filament/Resources/Activities/Tables/ActivitiesTable.php b/app/Filament/Resources/Activities/Tables/ActivitiesTable.php
index b200bdf..3c07020 100644
--- a/app/Filament/Resources/Activities/Tables/ActivitiesTable.php
+++ b/app/Filament/Resources/Activities/Tables/ActivitiesTable.php
@@ -17,7 +17,7 @@ class ActivitiesTable
     {
         return $table
             ->modifyQueryUsing(function ($query) {
-                if (! auth()->user()->hasRole('super_admin')) {
+                if (! auth()->user()->can('ViewDraft:Activity')) {
                     $query->where(fn ($q) => $q
                         ->where('status', '!=', 'draft')
                         ->orWhere('created_by', auth()->id())
@@ -60,7 +60,7 @@ class ActivitiesTable
                     ->color('success')
                     ->requiresConfirmation()
                     ->visible(fn ($record) => $record->status === 'pending'
-                        && auth()->user()->hasAnyRole(['ketua', 'super_admin']))
+                        && auth()->user()->can('Update:Activity'))
                     ->action(fn ($record) => $record->update([
                         'status'      => 'approved',
                         'approved_by' => auth()->id(),
@@ -72,7 +72,7 @@ class ActivitiesTable
                     ->color('danger')
                     ->requiresConfirmation()
                     ->visible(fn ($record) => $record->status === 'pending'
-                        && auth()->user()->hasAnyRole(['ketua', 'super_admin']))
+                        && auth()->user()->can('Update:Activity'))
                     ->action(fn ($record) => $record->update(['status' => 'rejected'])),
             ])
             ->toolbarActions([BulkActionGroup::make([DeleteBulkAction::make()])]);
diff --git a/app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php b/app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php
index 2bd5251..e4d80b1 100644
--- a/app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php
+++ b/app/Filament/Resources/CashRecords/Tables/CashRecordsTable.php
@@ -67,7 +67,7 @@ class CashRecordsTable
                     ->color('success')
                     ->requiresConfirmation()
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
+                        if (! auth()->user()->can('Update:Approval')) return false;
                         if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
                         $approval = Approval::where('model_type', CashRecord::class)
                             ->where('model_id', $record->id)->first();
@@ -101,7 +101,7 @@ class CashRecordsTable
                     ->icon('heroicon-o-x-circle')
                     ->color('danger')
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin'])) return false;
+                        if (! auth()->user()->can('Update:Approval')) return false;
                         if ($record->amount < 500_000 || $record->amount > 2_000_000) return false;
                         $approval = Approval::where('model_type', CashRecord::class)
                             ->where('model_id', $record->id)->first();
@@ -137,7 +137,7 @@ class CashRecordsTable
                     ->requiresConfirmation()
                     ->hidden(fn (CashRecord $record) => $record->verified_at !== null)
                     ->visible(function (CashRecord $record): bool {
-                        if (! auth()->user()->hasAnyRole(['ketua', 'super_admin', 'bendahara'])) return false;
+                        if (! auth()->user()->can('Update:CashRecord')) return false;
                         if ($record->verified_at) return false;
                         // Cek threshold
                         if ($record->amount >= 500_000 && $record->amount <= 2_000_000) {
diff --git a/app/Filament/Resources/Posts/PostResource.php b/app/Filament/Resources/Posts/PostResource.php
index fcca69b..149e824 100644
--- a/app/Filament/Resources/Posts/PostResource.php
+++ b/app/Filament/Resources/Posts/PostResource.php
@@ -23,17 +23,16 @@ class PostResource extends Resource
     // Label dinamis sesuai role
     public static function getModelLabel(): string
     {
-        return auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])
+        return auth()->user()?->can('ViewAny:Post') && auth()->user()?->can('Update:Post')
             ? 'Artikel'
             : 'Artikel Saya';
     }
 
-    // Scope: ketua/super_admin/auditor lihat semua, lainnya hanya milik sendiri
     public static function getEloquentQuery(): Builder
     {
         $query = parent::getEloquentQuery();
 
-        if (auth()->user()?->hasAnyRole(['super_admin', 'ketua', 'auditor'])) {
+        if (auth()->user()?->can('Update:Post')) {
             return $query;
         }
 
diff --git a/app/Filament/Resources/Posts/Schemas/PostForm.php b/app/Filament/Resources/Posts/Schemas/PostForm.php
index 1ece865..07fd8fd 100644
--- a/app/Filament/Resources/Posts/Schemas/PostForm.php
+++ b/app/Filament/Resources/Posts/Schemas/PostForm.php
@@ -13,7 +13,7 @@ class PostForm
 {
     public static function configure(Schema $schema): Schema
     {
-        $isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
+        $isAdmin = auth()->user()?->can('Update:Post');
 
         return $schema->components([
             TextInput::make('title')->label('Judul')->required()
diff --git a/app/Filament/Resources/Posts/Tables/PostsTable.php b/app/Filament/Resources/Posts/Tables/PostsTable.php
index f8afcb7..c346a4d 100644
--- a/app/Filament/Resources/Posts/Tables/PostsTable.php
+++ b/app/Filament/Resources/Posts/Tables/PostsTable.php
@@ -16,7 +16,7 @@ class PostsTable
 {
     public static function configure(Table $table): Table
     {
-        $isAdmin = auth()->user()?->hasAnyRole(['super_admin', 'ketua']);
+        $isAdmin = auth()->user()?->can('Update:Post');
 
         return $table
             ->columns([
diff --git a/app/Policies/ActivityPolicy.php b/app/Policies/ActivityPolicy.php
index 089d63c..fca1a6a 100644
--- a/app/Policies/ActivityPolicy.php
+++ b/app/Policies/ActivityPolicy.php
@@ -20,7 +20,7 @@ class ActivityPolicy
     public function view(AuthUser $authUser, Activity $activity): bool
     {
         if ($activity->status === 'draft' && $activity->created_by !== $authUser->id) {
-            return $authUser->hasRole('super_admin');
+            return $authUser->can('ViewDraft:Activity');
         }
         return $authUser->can('View:Activity');
     }
diff --git a/database/seeders/PermissionSeeder.php b/database/seeders/PermissionSeeder.php
index 577741b..4fe0ca2 100644
--- a/database/seeders/PermissionSeeder.php
+++ b/database/seeders/PermissionSeeder.php
@@ -17,6 +17,11 @@ class PermissionSeeder extends Seeder
         $pengurus = Role::findByName('pengurus');
         $anggota = Role::findByName('anggota');
         $auditor = Role::findByName('auditor');
+        $superAdmin = Role::findByName('super_admin');
+
+        // Permission khusus yang tidak di-generate Shield
+        Permission::firstOrCreate(['name' => 'ViewDraft:Activity', 'guard_name' => 'web']);
+        $superAdmin->givePermissionTo('ViewDraft:Activity');
 
         // Ketua: akses penuh kecuali shield roles
         $ketua->syncPermissions(Permission::where('name', 'not like', '%Role%')