diff --git a/apps/rbac/backends.py b/apps/rbac/backends.py
index 6f0d53c49..bc9dbb56a 100644
--- a/apps/rbac/backends.py
+++ b/apps/rbac/backends.py
@@ -18,7 +18,10 @@ class RBACBackend(JMSBaseAuthBackend):
     def has_perm(self, user_obj, perm, obj=None):
         if not user_obj.is_active:
             raise PermissionDenied()
-        has_perm = perm in user_obj.perms
+        if perm == '*':
+            return True
+        perm_set = set(i.strip() for i in perm.split('|'))
+        has_perm = bool(perm_set & set(user_obj.perms))
         if not has_perm:
             raise PermissionDenied()
         return has_perm
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 04ed568c9..fec7311b7 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -806,15 +806,6 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
             return True
         return False
 
-    def has_perms(self, perm_list, obj=None):
-        """
-        Return True if the user has each of the specified permissions. If
-        object is passed, check if the user has all required perms for it.
-        """
-        if '*' in perm_list:
-            return True
-        return all(any(self.has_perm(perm, obj) for perm in perms.split(' | ')) for perms in perm_list)
-
 
 class UserPasswordHistory(models.Model):
     id = models.UUIDField(default=uuid.uuid4, primary_key=True)