diff --git a/CHANGELOG.md b/CHANGELOG.md
index 29e4f2f1..65cdac67 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 [Releases](https://github.com/Huawei/eSDK_K8S_Plugin/releases)
 
+## Changes since v3.0.0
+
+**Fixes**
+
+- Optimization secretGenerate tool
+
+**Enhancements**
+
+- support configure the permission for attaching volumes
+
+
 ## Changes since v2.2.16
 
 **Enhancements**
diff --git a/Makefile b/Makefile
index da4d8b53..02efb7ae 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,31 @@
+# usage: make -f Makefile VER=3.0.0 PLATFORM=X86 RELEASE_VER=2.5.RC2
+
+# [3.0.0]
+VER=VER
+# [X86 ARM]
 PLATFORM=PLATFORM
+# eSDK Version: [2.5.RC1 2.5.RC2 ...]
 RELEASE_VER=RELEASE_VER
-VER=VER
+
 export GO111MODULE=on
 export GOPATH:=$(GOPATH):$(shell pwd)
-export PACKAGE=eSDK_Enterprise_Storage_${RELEASE_VER}_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
-export CLOUD_PACKAGE=eSDK_Cloud_Storage_${RELEASE_VER}_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
+ifeq (${RELEASE_VER}, RELEASE_VER)
+       export PACKAGE=eSDK_Enterprise_Storage_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
+       export CLOUD_PACKAGE=eSDK_Cloud_Storage_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
+else
+       export PACKAGE=eSDK_Enterprise_Storage_${RELEASE_VER}_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
+       export CLOUD_PACKAGE=eSDK_Cloud_Storage_${RELEASE_VER}_Kubernetes_CSI_Plugin_V${VER}_${PLATFORM}_64
+endif
+
 
-all:COMMON_1 DIFF COMMON_2
+all:PREPARE BUILD COPY_FILE PACK
 
-COMMON_1:
+PREPARE:
 	rm -rf ./${PACKAGE} ./${CLOUD_PACKAGE}
 	rm -rf ./src/vendor
 	mkdir -p ./${PACKAGE}/bin
 
-DIFF:
+BUILD:
 ifeq (${PLATFORM}, X86)
 	go build -o ./${PACKAGE}/bin/huawei-csi	./csi
 	go build -o ./${PACKAGE}/bin/secretGenerate  ./tools/secretGenerate
@@ -26,7 +38,7 @@ ifeq (${PLATFORM}, ARM)
 	GOOS=linux GOARCH=arm64 go build -o ./${PACKAGE}/bin/secretUpdate ./tools/secretUpdate
 endif
 
-COMMON_2:
+COPY_FILE:
 	mkdir -p ./${PACKAGE}/deploy
 	cp -r ./deploy/huawei-csi-node.yaml ./deploy/huawei-csi-rbac.yaml ./deploy/huawei-csi-configmap ./${PACKAGE}/deploy
 	cp ./deploy/huawei-csi-controller-snapshot-v1.yaml ./${PACKAGE}/deploy/huawei-csi-controller.yaml
@@ -41,6 +53,7 @@ COMMON_2:
 	mkdir -p ./${PACKAGE}/tools
 	cp -r ./tools/imageUpload/* ./${PACKAGE}/tools
 
+PACK:
 	zip -r ${PACKAGE}.zip ./${PACKAGE}
 	mv ${PACKAGE} ${CLOUD_PACKAGE}
 	zip -r ${CLOUD_PACKAGE}.zip ./${CLOUD_PACKAGE}
diff --git a/csi/backend/plugin/fusionstorage.go b/csi/backend/plugin/fusionstorage.go
index e5b7220f..5340b0fa 100644
--- a/csi/backend/plugin/fusionstorage.go
+++ b/csi/backend/plugin/fusionstorage.go
@@ -82,6 +82,9 @@ func (p *FusionStoragePlugin) getParams(name string,
 		"authClient",
 		"storageQuota",
 		"accountName",
+		"fsPermission",
+		"allSquash",
+		"rootSquash",
 	}
 
 	for _, key := range paramKeys {
diff --git a/csi/backend/plugin/oceanstor.go b/csi/backend/plugin/oceanstor.go
index aa6087f6..d1ad2d86 100644
--- a/csi/backend/plugin/oceanstor.go
+++ b/csi/backend/plugin/oceanstor.go
@@ -139,6 +139,9 @@ func (p *OceanstorPlugin) getParams(ctx context.Context,
 		"sourceVolumeName",
 		"snapshotParentId",
 		"applicationType",
+		"fsPermission",
+		"allSquash",
+		"rootSquash",
 	}
 
 	for _, key := range paramKeys {
diff --git a/csi/backend/plugin/plugin.go b/csi/backend/plugin/plugin.go
index cbc3a70e..9e41fb6c 100644
--- a/csi/backend/plugin/plugin.go
+++ b/csi/backend/plugin/plugin.go
@@ -3,6 +3,7 @@ package plugin
 import (
 	"context"
 	"errors"
+	"regexp"
 
 	"github.com/container-storage-interface/spec/lib/go/csi"
 
@@ -160,7 +161,34 @@ func (p *basePlugin) lunStageVolume(ctx context.Context,
 		"accessMode": parameters["accessMode"].(csi.VolumeCapability_AccessMode_Mode),
 	}
 
-	return p.stageVolume(ctx, connectInfo)
+	err := p.stageVolume(ctx, connectInfo)
+	if err != nil {
+		return err
+	}
+
+	chmodFsPermission(ctx, parameters)
+	return nil
+}
+
+func chmodFsPermission(ctx context.Context, parameters map[string]interface{}) {
+	fsPermission, exist := parameters["fsPermission"].(string)
+	if !exist || fsPermission == "" {
+		log.AddContext(ctx).Infoln("Global mount directory permission dose not need to be modified.")
+		return
+	}
+	reg := regexp.MustCompile(`^\d\d\d$`)
+	match := reg.FindStringSubmatch(fsPermission)
+	if match == nil {
+		log.AddContext(ctx).Errorf("fsPermission [%s] in storageClass.yaml format must be \"^\\d\\d\\d$\". "+
+			"Chmod targetPath: [%v] fsPermission failed.", fsPermission, parameters["targetPath"])
+		return
+	}
+
+	_, err := utils.ExecShellCmd(ctx, "chmod %v %v", fsPermission, parameters["targetPath"])
+	if err != nil {
+		log.AddContext(ctx).Errorf("Failed to modify the directory permission. "+
+			"targetPath: [%v], fsPermission: [%s]", parameters["targetPath"], fsPermission)
+	}
 }
 
 func (p *basePlugin) lunConnectVolume(ctx context.Context,
diff --git a/csi/driver/controller.go b/csi/driver/controller.go
index 3231bee7..3a2089f8 100644
--- a/csi/driver/controller.go
+++ b/csi/driver/controller.go
@@ -121,8 +121,9 @@ func (d *Driver) getCreatedVolume(ctx context.Context,
 
 	volName := vol.GetVolumeName()
 	attributes := map[string]string{
-		"backend": pool.Parent,
-		"name":    volName,
+		"backend":      pool.Parent,
+		"name":         volName,
+		"fsPermission": req.Parameters["fsPermission"],
 	}
 
 	if lunWWN, err := vol.GetLunWWN(); err == nil {
diff --git a/csi/driver/node.go b/csi/driver/node.go
index 2b79eacf..7348a62d 100644
--- a/csi/driver/node.go
+++ b/csi/driver/node.go
@@ -60,6 +60,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		parameters["fsType"] = mnt.GetFsType()
 		parameters["mountFlags"] = strings.Join(opts, ",")
 		parameters["accessMode"] = volumeAccessMode
+		parameters["fsPermission"] = req.VolumeContext["fsPermission"]
 	default:
 		msg := fmt.Sprintf("Invalid volume capability.")
 		log.AddContext(ctx).Errorln(msg)
diff --git a/docs/en/eSDK Cloud Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf b/docs/en/eSDK Cloud Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf
similarity index 54%
rename from docs/en/eSDK Cloud Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf
rename to docs/en/eSDK Cloud Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf
index 775d6f27..e720785b 100644
Binary files a/docs/en/eSDK Cloud Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf and b/docs/en/eSDK Cloud Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf differ
diff --git a/docs/en/eSDK Enterprise Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf b/docs/en/eSDK Enterprise Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf
similarity index 55%
rename from docs/en/eSDK Enterprise Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf
rename to docs/en/eSDK Enterprise Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf
index 66efb4d8..21ce1ff9 100644
Binary files a/docs/en/eSDK Enterprise Storage Plugins V3.0.0 User Guide (Kubernetes CSI) 01.pdf and b/docs/en/eSDK Enterprise Storage Plugins V3.0.1 User Guide (Kubernetes CSI) 01.pdf differ
diff --git "a/docs/zh/eSDK Cloud Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" "b/docs/zh/eSDK Cloud Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
similarity index 52%
rename from "docs/zh/eSDK Cloud Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
rename to "docs/zh/eSDK Cloud Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
index 93397dc3..93648e00 100644
Binary files "a/docs/zh/eSDK Cloud Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" and "b/docs/zh/eSDK Cloud Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" differ
diff --git "a/docs/zh/eSDK Enterprise Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" "b/docs/zh/eSDK Enterprise Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
similarity index 51%
rename from "docs/zh/eSDK Enterprise Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
rename to "docs/zh/eSDK Enterprise Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf"
index 2909c74e..d5d2d34b 100644
Binary files "a/docs/zh/eSDK Enterprise Storage Plugins V3.0.0 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" and "b/docs/zh/eSDK Enterprise Storage Plugins V3.0.1 \347\224\250\346\210\267\346\214\207\345\215\227\357\274\210Kubernetes CSI\357\274\211 01.pdf" differ
diff --git a/helm/esdk/Chart.yaml b/helm/esdk/Chart.yaml
index d149a034..e03b5fb1 100644
--- a/helm/esdk/Chart.yaml
+++ b/helm/esdk/Chart.yaml
@@ -18,7 +18,7 @@ type: application
 version: 1.0.0
 
 # compatible Kubernetes versions, helm installation fails fail if the cluster runs an unsupported Kubernetes version
-kubeVersion: ">= 1.21.0 < 1.25.0"
+kubeVersion: ">= 1.19.0 < 1.25.0"
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
diff --git a/storage/fusionstorage/client/client.go b/storage/fusionstorage/client/client.go
index 4a54c8e0..3d9b30e5 100644
--- a/storage/fusionstorage/client/client.go
+++ b/storage/fusionstorage/client/client.go
@@ -1095,6 +1095,10 @@ func (cli *Client) CreateFileSystem(ctx context.Context, params map[string]inter
 		data["forbidden_dpc"] = notForbidden
 	}
 
+	if params["fspermission"] != nil && params["fspermission"] != "" {
+		data["unix_permission"] = params["fspermission"]
+	}
+
 	resp, err := cli.post(ctx, "/api/v2/converged_service/namespaces", data)
 	if err != nil {
 		return nil, err
@@ -1302,8 +1306,8 @@ func (cli *Client) AllowNfsShareAccess(ctx context.Context, params map[string]in
 		"share_id":     params["shareid"].(string),
 		"access_value": params["accessval"].(int),
 		"sync":         0,
-		"all_squash":   1,
-		"root_squash":  1,
+		"all_squash":   params["allsquash"].(int),
+		"root_squash":  params["rootsquash"].(int),
 		"type":         0,
 		"account_id":   params["accountid"].(string),
 	}
diff --git a/storage/fusionstorage/volume/nas.go b/storage/fusionstorage/volume/nas.go
index c8d3954e..ebc502e8 100644
--- a/storage/fusionstorage/volume/nas.go
+++ b/storage/fusionstorage/volume/nas.go
@@ -86,6 +86,29 @@ func (p *NAS) preCreate(ctx context.Context, params map[string]interface{}) erro
 		}
 	}
 
+	// all_squash root_squash
+	params["allsquash"], exist = params["allsquash"].(string)
+	if !exist || params["allsquash"] == "" {
+		params["allsquash"] = 1
+	} else {
+		allSquash, err := strconv.Atoi(params["allsquash"].(string))
+		if err != nil {
+			return utils.Errorf(ctx, "parameter allSquash [%v] in sc needs to be a number.", params["allsquash"])
+		}
+		params["allsquash"] = allSquash
+	}
+
+	params["rootsquash"], exist = params["rootsquash"].(string)
+	if !exist || params["rootsquash"] == "" {
+		params["rootsquash"] = 1
+	} else {
+		rootSquash, err := strconv.Atoi(params["rootsquash"].(string))
+		if err != nil {
+			return utils.Errorf(ctx, "parameter rootSquash [%v] in sc needs to be a number.", params["rootsquash"])
+		}
+		params["rootsquash"] = rootSquash
+	}
+
 	return nil
 }
 
@@ -303,7 +326,7 @@ func (p *NAS) createShare(ctx context.Context,
 		}
 	}
 	return map[string]interface{}{
-		"shareID": share["id"].(string),
+		"shareID":   share["id"].(string),
 		"accountId": accountId,
 	}, nil
 }
@@ -345,10 +368,12 @@ func (p *NAS) deleteShare(ctx context.Context, shareID, accountId string) error
 func (p *NAS) allowShareAccess(ctx context.Context,
 	params, taskResult map[string]interface{}) (map[string]interface{}, error) {
 	createParams := map[string]interface{}{
-		"name":      params["authclient"].(string),
-		"shareid":   taskResult["shareID"].(string),
-		"accessval": 1,
-		"accountid": params["accountid"].(string),
+		"name":       params["authclient"].(string),
+		"shareid":    taskResult["shareID"].(string),
+		"accessval":  1,
+		"accountid":  params["accountid"].(string),
+		"allsquash":  params["allsquash"].(int),
+		"rootsquash": params["rootsquash"].(int),
 	}
 
 	err := p.cli.AllowNfsShareAccess(ctx, createParams)
diff --git a/storage/oceanstor/client/file_system_client.go b/storage/oceanstor/client/file_system_client.go
index c069cb73..1cec9b9c 100644
--- a/storage/oceanstor/client/file_system_client.go
+++ b/storage/oceanstor/client/file_system_client.go
@@ -34,6 +34,10 @@ func (cli *Client) CreateFileSystem(ctx context.Context,
 		"ISSHOWSNAPDIR": false,
 	}
 
+	if params["fspermission"] != nil && params["fspermission"] != "" {
+		data["unixPermissions"] = params["fspermission"]
+	}
+
 	if hyperMetro, hyperMetroOK := params["hypermetro"].(bool); hyperMetroOK && hyperMetro {
 		data["fileSystemMode"] = hyperMetroFilesystem
 		if vstoreId, exist := params["vstoreId"].(string); exist && vstoreId != "" {
@@ -81,17 +85,17 @@ func (cli *Client) CreateFileSystem(ctx context.Context,
 func dealCreateFSError(ctx context.Context, code int64) error {
 	suggestMsg := "Suggestion: delete current PVC and specify the proper capacity of the file system and try again."
 	if code == exceedFSCapacityUpper {
-		return utils.Errorf(ctx,"create filesystem error. ErrorCode: %d. Reason: the entered capacity is " +
+		return utils.Errorf(ctx, "create filesystem error. ErrorCode: %d. Reason: the entered capacity is "+
 			"greater than the maximum capacity of the file system. %s", code, suggestMsg)
 	}
 
 	if code == lessFSCapacityLower {
-		return utils.Errorf(ctx,"create filesystem error. ErrorCode: %d. Reason: the entered capacity is " +
+		return utils.Errorf(ctx, "create filesystem error. ErrorCode: %d. Reason: the entered capacity is "+
 			"less than the minimum capacity of the file system. %s", code, suggestMsg)
 	}
 
 	if code != 0 {
-		return utils.Errorf(ctx,"Create filesystem error. ErrorCode: %d. Please contact technical " +
+		return utils.Errorf(ctx, "Create filesystem error. ErrorCode: %d. Please contact technical "+
 			"support.", code)
 	}
 
diff --git a/storage/oceanstor/volume/nas.go b/storage/oceanstor/volume/nas.go
index 1a11e55c..8670cfea 100644
--- a/storage/oceanstor/volume/nas.go
+++ b/storage/oceanstor/volume/nas.go
@@ -536,6 +536,29 @@ func (p *NAS) allowShareAccess(ctx context.Context,
 		return nil, err
 	}
 
+	var allSquash int
+	var exist bool
+	params["allsquash"], exist = params["allsquash"].(string)
+	if !exist || params["allsquash"] == "" {
+		allSquash = 1
+	} else {
+		allSquash, err = strconv.Atoi(params["allsquash"].(string))
+		if err != nil {
+			return nil, utils.Errorf(ctx, "parameter allSquash [%v] in sc needs to be a number.", params["allsquash"])
+		}
+	}
+
+	var rootSquash int
+	params["rootsquash"], exist = params["rootsquash"].(string)
+	if !exist || params["rootsquash"] == "" {
+		rootSquash = 1
+	} else {
+		rootSquash, err = strconv.Atoi(params["rootsquash"].(string))
+		if err != nil {
+			return nil, utils.Errorf(ctx, "parameter rootSquash [%v] in sc needs to be a number.", params["allsquash"])
+		}
+	}
+
 	for _, i := range strings.Split(authClient, ";") {
 		_, exist := accesses[i]
 		delete(accesses, i)
@@ -549,8 +572,8 @@ func (p *NAS) allowShareAccess(ctx context.Context,
 			"PARENTID":   shareID,
 			"ACCESSVAL":  1,
 			"SYNC":       0,
-			"ALLSQUASH":  1,
-			"ROOTSQUASH": 1,
+			"ALLSQUASH":  allSquash,
+			"ROOTSQUASH": rootSquash,
 		}
 		if vStoreID != "" {
 			params["vstoreId"] = vStoreID