diff --git a/scripts/load_path.py b/scripts/load_path.py
new file mode 100644
index 0000000..1ccea1c
--- /dev/null
+++ b/scripts/load_path.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+"""Pipeline bridge module RBAC permission registration"""
+import os, sys, subprocess
+
+# Find Sage root
+SAGE_ROOT = None
+for candidate in [os.path.expanduser("~/repos/sage"), os.path.expanduser("~/sage")]:
+    if os.path.isdir(os.path.join(candidate, "wwwroot")):
+        SAGE_ROOT = candidate
+        break
+
+if not SAGE_ROOT:
+    print("ERROR: Sage root not found")
+    sys.exit(1)
+
+MOD = "pipeline"
+SET_PERM = os.path.join(SAGE_ROOT, "set_role_perm.py")
+PY = os.path.join(SAGE_ROOT, "py3", "bin", "python")
+
+def set_perm(role, path):
+    cmd = [PY, SET_PERM, role, path]
+    r = subprocess.run(cmd, capture_output=True, text=True)
+    if r.returncode != 0:
+        print(f"  WARN: {path} -> {r.stderr.strip()}")
+
+# Public resources (no auth needed)
+PATHS_ANY = [
+    f"/{MOD}/pipeline.css",
+    f"/{MOD}/pipeline.js",
+]
+
+# Authenticated endpoints
+PATHS_LOGINED = [
+    f"/{MOD}",
+    f"/{MOD}/api/pipeline_list.dspy",
+    f"/{MOD}/api/pipeline_detail.dspy",
+    f"/{MOD}/api/pipeline_submit.dspy",
+    f"/{MOD}/api/pipeline_modify.dspy",
+    f"/{MOD}/api/pipeline_node.dspy",
+]
+
+print(f"Registering RBAC permissions for {MOD}...")
+for p in PATHS_ANY:
+    set_perm("any", p)
+for p in PATHS_LOGINED:
+    set_perm("logined", p)
+print("Done.")