diff --git a/APP/src/app/app.routes.ts b/APP/src/app/app.routes.ts
index 3ae8f7f..7695999 100644
--- a/APP/src/app/app.routes.ts
+++ b/APP/src/app/app.routes.ts
@@ -168,7 +168,9 @@ export const routes: Routes = [
                 component: ExpenseSnapshotsPageComponent,
                 canActivate: [PermissionGuard],
                 data: {
-                    permission: { module: PermissionModules.Expenses, action: 'read' },
+                    // Snapshots are a write-only management surface (the API gates every action on
+                    // Expenses:Write), so require write — a read-only user has nothing to do here.
+                    permission: { module: PermissionModules.Expenses, action: 'write' },
                     title: 'Expense Snapshots', titleZh: '費用範本', section: 'Finance',
                 },
             },
diff --git a/APP/src/app/portals/user-portal/user-portal.component.ts b/APP/src/app/portals/user-portal/user-portal.component.ts
index e7a2353..1d1c991 100644
--- a/APP/src/app/portals/user-portal/user-portal.component.ts
+++ b/APP/src/app/portals/user-portal/user-portal.component.ts
@@ -133,7 +133,7 @@ export class UserPortalComponent implements OnInit, OnDestroy {
         { text: 'Expense Categories', icon: categorizeIcon,      path: '/user-portal/finance/expense-categories',
           permission: { module: PermissionModules.ExpenseCategories, action: 'read' } },
         { text: 'Expense Snapshots', icon: categorizeIcon,      path: '/user-portal/finance/expense-snapshots',
-          permission: { module: PermissionModules.Expenses, action: 'read' } },
+          permission: { module: PermissionModules.Expenses, action: 'write' } },
         { text: 'Disbursements',      icon: banknoteOutlineIcon, path: '/user-portal/finance/disbursements',
           permission: { module: PermissionModules.Disbursements, action: 'read' } },
         { text: 'Check Register',     icon: walletOutlineIcon,   path: '/user-portal/finance/check-register',