diff --git a/dbm-ui/backend/db_meta/enums/spec.py b/dbm-ui/backend/db_meta/enums/spec.py
index b99a5a797f..1a0da044a0 100644
--- a/dbm-ui/backend/db_meta/enums/spec.py
+++ b/dbm-ui/backend/db_meta/enums/spec.py
@@ -54,70 +54,3 @@ class SpecMachineType(str, StructuredEnum):
     DORIS_FOLLOWER = EnumField("doris_follower", _("doris_follower"))
     DORIS_OBSERVER = EnumField("doris_observer", _("doris_observer"))
     DORIS_BACKEND = EnumField("doris_backend", _("doris_backend"))
-
-
-# TODO: 规格迁移脚本函数，迁移完成后删除
-def migrate_spec():
-    from django.db import transaction
-
-    from backend.configuration.constants import DBType
-    from backend.db_meta.enums import ClusterType, MachineType
-    from backend.db_meta.models.spec import Spec
-
-    # 原规格层级和新规格层级的映射
-    MIGRATE_SPEC_MACHINE_MAP = {
-        MachineType.SINGLE: SpecMachineType.BACKEND,
-        MachineType.BACKEND: SpecMachineType.BACKEND,
-        MachineType.PROXY: SpecMachineType.PROXY,
-        MachineType.SPIDER: SpecMachineType.PROXY,
-        MachineType.REMOTE: SpecMachineType.BACKEND,
-        ClusterType.TendisTwemproxyRedisInstance: {
-            MachineType.TENDISCACHE: SpecMachineType.TendisTwemproxyRedisInstance,
-            MachineType.TWEMPROXY: SpecMachineType.PROXY,
-        },
-        ClusterType.TwemproxyTendisSSDInstance: {
-            MachineType.TENDISSSD: SpecMachineType.TwemproxyTendisSSDInstance,
-            MachineType.TWEMPROXY: SpecMachineType.PROXY,
-        },
-        ClusterType.TendisPredixyTendisplusCluster: {
-            MachineType.TENDISPLUS: SpecMachineType.TendisPredixyTendisplusCluster,
-            MachineType.PREDIXY: SpecMachineType.PROXY,
-        },
-        ClusterType.TendisPredixyRedisCluster: {
-            MachineType.TENDISCACHE: SpecMachineType.TendisTwemproxyRedisInstance,
-            MachineType.PREDIXY: SpecMachineType.PROXY,
-        },
-        ClusterType.TendisRedisInstance: {
-            MachineType.TENDISCACHE: SpecMachineType.TendisTwemproxyRedisInstance,
-        },
-        MachineType.SQLSERVER_HA: SpecMachineType.SQLSERVER,
-        MachineType.SQLSERVER_SINGLE: SpecMachineType.SQLSERVER,
-        MachineType.MONGOS: SpecMachineType.MONGOS,
-        MachineType.MONGODB: SpecMachineType.MONGODB,
-        MachineType.MONOG_CONFIG: SpecMachineType.MONOG_CONFIG,
-    }
-
-    specs = Spec.objects.all()
-    with transaction.atomic():
-        for spec in specs:
-            db_type = ClusterType.cluster_type_to_db_type(spec.spec_cluster_type)
-            if db_type in [
-                DBType.Es,
-                DBType.Kafka,
-                DBType.Hdfs,
-                DBType.InfluxDB,
-                DBType.Pulsar,
-                DBType.Vm,
-                DBType.Doris,
-                DBType.Riak,
-            ]:
-                continue
-
-            if db_type == DBType.Redis:
-                spec.spec_machine_type = MIGRATE_SPEC_MACHINE_MAP[spec.spec_cluster_type][spec.spec_machine_type]
-                spec.spec_cluster_type = db_type
-                spec.save()
-            else:
-                spec.spec_machine_type = MIGRATE_SPEC_MACHINE_MAP[spec.spec_machine_type]
-                spec.spec_cluster_type = db_type
-                spec.save()
diff --git a/dbm-ui/backend/ticket/todos/__init__.py b/dbm-ui/backend/ticket/todos/__init__.py
index 35412d6cc3..ad71f9d014 100644
--- a/dbm-ui/backend/ticket/todos/__init__.py
+++ b/dbm-ui/backend/ticket/todos/__init__.py
@@ -47,6 +47,11 @@ def update_context(self, params):
             self.todo.context.update(remark=params["remark"])
         self.todo.save(update_fields=["context"])
 
+    @property
+    def allow_superuser_process(self):
+        # 是否允许超管操作，默认允许.
+        return True
+
     def process(self, username, action, params):
         # 当状态已经被确认，则不允许重复操作
         if self.todo.status not in TODO_RUNNING_STATUS:
@@ -57,7 +62,7 @@ def process(self, username, action, params):
             self._process(username, action, params)
             return
         # 允许超级用户和操作人确认
-        is_superuser = User.objects.get(username=username).is_superuser
+        is_superuser = User.objects.get(username=username).is_superuser and self.allow_superuser_process
         if not is_superuser and username not in self.todo.operators:
             raise TodoWrongOperatorException(_("{}不在处理人: {}中，无法处理").format(username, self.todo.operators))
 
diff --git a/dbm-ui/backend/ticket/todos/itsm_todo.py b/dbm-ui/backend/ticket/todos/itsm_todo.py
index 931565595b..e0a4b514f9 100644
--- a/dbm-ui/backend/ticket/todos/itsm_todo.py
+++ b/dbm-ui/backend/ticket/todos/itsm_todo.py
@@ -28,6 +28,11 @@ class ItsmTodoContext(BaseTodoContext):
 class ItsmTodo(todos.TodoActor):
     """来自审批中的待办"""
 
+    @property
+    def allow_superuser_process(self):
+        # 单据未执行前（待审批、待执行时）超管不拥有特权。规避超管误点的风险
+        return False
+
     def process(self, username, action, params):
         # itsm的todo允许本人操作
         if username == self.todo.ticket.creator and self.todo.status in TODO_RUNNING_STATUS:
diff --git a/dbm-ui/backend/ticket/todos/pause_todo.py b/dbm-ui/backend/ticket/todos/pause_todo.py
index 2211bc6790..c8997558ef 100644
--- a/dbm-ui/backend/ticket/todos/pause_todo.py
+++ b/dbm-ui/backend/ticket/todos/pause_todo.py
@@ -32,6 +32,11 @@ class ResourceReplenishTodoContext(BaseTodoContext):
 class PauseTodo(todos.TodoActor):
     """来自主流程的待办"""
 
+    @property
+    def allow_superuser_process(self):
+        # 单据未执行前（待审批、待执行时）超管不拥有特权。规避超管误点的风险
+        return False
+
     def _process(self, username, action, params):
         """确认/终止"""
         if action == ActionType.TERMINATE: