diff --git a/src/core/server/saved_objects/serialization/serializer.ts b/src/core/server/saved_objects/serialization/serializer.ts
index 5c3e22ac646a..500e10b039ce 100644
--- a/src/core/server/saved_objects/serialization/serializer.ts
+++ b/src/core/server/saved_objects/serialization/serializer.ts
@@ -114,6 +114,7 @@ export class SavedObjectsSerializer {
       version,
       references,
       workspaces,
+      permissions,
     } = savedObj;
     const source = {
       [type]: attributes,
@@ -125,6 +126,7 @@ export class SavedObjectsSerializer {
       ...(migrationVersion && { migrationVersion }),
       ...(updated_at && { updated_at }),
       ...(workspaces && { workspaces }),
+      ...(permissions && { permissions }),
     };
 
     return {
diff --git a/src/core/server/saved_objects/serialization/types.ts b/src/core/server/saved_objects/serialization/types.ts
index 360cdc6b3a62..fee9f503dceb 100644
--- a/src/core/server/saved_objects/serialization/types.ts
+++ b/src/core/server/saved_objects/serialization/types.ts
@@ -73,6 +73,7 @@ interface SavedObjectDoc<T = unknown> {
   updated_at?: string;
   originId?: string;
   workspaces?: string[];
+  permissions?: Permissions;
 }
 
 interface Referencable {
diff --git a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
index 9eca07bd7f49..84165deb66c7 100644
--- a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
+++ b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
@@ -22,7 +22,7 @@ import {
 } from 'opensearch-dashboards/server';
 import { SavedObjectsPermissionControlContract } from '../../saved_objects/permission_control/client';
 import { WORKSPACE_TYPE } from '../constants';
-import { PUBLIC_WORKSPACE, PermissionMode } from '../../../utils';
+import { PermissionMode } from '../../../utils';
 import { ACL } from '../../saved_objects/permission_control/acl';
 
 // Can't throw unauthorized for now, the page will be refreshed if unauthorized
@@ -214,8 +214,7 @@ export class WorkspaceSavedObjectsClientWrapper {
         );
         if (options.workspaces) {
           const isEveryWorkspaceIsPermitted = options.workspaces.every((item) =>
-            // TODO modify this line to use permittedWorkspaceIds if public workspace is also a workspace
-            [PUBLIC_WORKSPACE, ...(permittedWorkspaceIds || [])]?.includes(item)
+            (permittedWorkspaceIds || []).includes(item)
           );
           if (!isEveryWorkspaceIsPermitted) {
             throw generateWorkspacePermissionError();
diff --git a/src/core/server/workspaces/workspaces_service.ts b/src/core/server/workspaces/workspaces_service.ts
index 0c7b536433a3..1d46281b6f56 100644
--- a/src/core/server/workspaces/workspaces_service.ts
+++ b/src/core/server/workspaces/workspaces_service.ts
@@ -129,7 +129,6 @@ export class WorkspacesService
   }
 
   private async setupWorkspaces(startDeps: WorkpsaceStartDeps) {
-    return;
     const internalRepository = startDeps.savedObjects.createInternalRepository();
     const publicWorkspaceACL = new ACL()
       .addPermission([PermissionMode.LibraryRead, PermissionMode.LibraryWrite], {