Authorization is an important issue for an information system. The system should limit a user's actions into a decent range, and protect data integrity. The Cadabia system is one kind of database system. Authorization and user permissions are an important issue for it, too. Unix's file permission is a classical security model. It allows users to easily understand, access, and control system resources. In this thesis, we focus on implementing a framework for query and control permission on the Meteor based Cadabia system, and we provide a set of Application Programming Interfaces (APIs) for other parts of the Cadabia system to control and check permission consistency and correctness.