diff --git a/backend/README.md b/backend/README.md
index 8e5eb6a..4c34151 100644
--- a/backend/README.md
+++ b/backend/README.md
@@ -57,5 +57,4 @@ psql "$DATABASE_URL" -f scripts/init_schema.sql
 - `GET /internal/members`
 - `POST /internal/users/upsert-by-sub`
 - `GET /internal/users/{user_sub}/roles`
-- `GET /internal/permissions/{user_sub}/snapshot`
 - `POST /internal/idp/users/ensure`
diff --git a/backend/app/api/internal.py b/backend/app/api/internal.py
index 00b8437..f76f445 100644
--- a/backend/app/api/internal.py
+++ b/backend/app/api/internal.py
@@ -7,11 +7,9 @@ from app.repositories.users_repo import UsersRepository
 from app.repositories.user_sites_repo import UserSitesRepository
 from app.schemas.idp_admin import ProviderEnsureUserRequest, ProviderEnsureUserResponse
 from app.schemas.internal import InternalUpsertUserBySubResponse, InternalUserRoleItem, InternalUserRoleResponse
-from app.schemas.permissions import RoleSnapshotResponse
 from app.schemas.users import UserUpsertBySubRequest
 from app.security.api_client_auth import require_api_client
 from app.services.idp_admin_service import ProviderAdminService
-from app.services.permission_service import PermissionService
 from app.services.runtime_cache import runtime_cache
 
 router = APIRouter(prefix="/internal", tags=["internal"], dependencies=[Depends(require_api_client)])
@@ -104,22 +102,6 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
     return result
 
 
-@router.get("/permissions/{user_sub}/snapshot", response_model=RoleSnapshotResponse)
-def get_permission_snapshot(
-    user_sub: str,
-    db: Session = Depends(get_db),
-) -> RoleSnapshotResponse:
-    cache_key = f"internal:permissions_snapshot:{user_sub}"
-    cached = runtime_cache.get(cache_key)
-    if isinstance(cached, RoleSnapshotResponse):
-        return cached
-
-    rows = _build_user_role_rows(db, user_sub)
-    result = PermissionService.build_role_snapshot(user_sub=user_sub, rows=rows)
-    runtime_cache.set(cache_key, result, ttl_seconds=30)
-    return result
-
-
 @router.post("/provider/users/ensure", response_model=ProviderEnsureUserResponse)
 @router.post("/idp/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
 @router.post("/keycloak/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
diff --git a/docs/INTERNAL_API_HANDOFF.md b/docs/INTERNAL_API_HANDOFF.md
index 043a7b8..81b097b 100644
--- a/docs/INTERNAL_API_HANDOFF.md
+++ b/docs/INTERNAL_API_HANDOFF.md
@@ -21,10 +21,9 @@
 5. `GET /internal/members`
 6. `POST /internal/users/upsert-by-sub`
 7. `GET /internal/users/{user_sub}/roles`
-8. `GET /internal/permissions/{user_sub}/snapshot`（相容路徑，回 role 聚合資料）
-9. `POST /internal/provider/users/ensure`
-10. `POST /internal/idp/users/ensure`（舊路徑相容，不建議新串接使用）
-11. `POST /internal/keycloak/users/ensure`（舊路徑相容，不建議新串接使用）
+8. `POST /internal/provider/users/ensure`
+9. `POST /internal/idp/users/ensure`（舊路徑相容，不建議新串接使用）
+10. `POST /internal/keycloak/users/ensure`（舊路徑相容，不建議新串接使用）
 
 ## 角色聚合回應（`GET /internal/users/{user_sub}/roles`）
 ```json