diff --git a/apps/authentication/migrations/0012_auto_20220816_1629.py b/apps/authentication/migrations/0012_auto_20220816_1629.py
index 23bcccb68..8310c4fbb 100644
--- a/apps/authentication/migrations/0012_auto_20220816_1629.py
+++ b/apps/authentication/migrations/0012_auto_20220816_1629.py
@@ -16,9 +16,9 @@ def migrate_system_user_to_account(apps, schema_editor):
         count += len(connection_tokens)
         updated = []
         for connection_token in connection_tokens:
-            connection_token.account = connection_token.system_user.username
+            connection_token.account_username = connection_token.system_user.username
             updated.append(connection_token)
-        connection_token_model.objects.bulk_update(updated, ['account'])
+        connection_token_model.objects.bulk_update(updated, ['account_username'])
 
 
 class Migration(migrations.Migration):
@@ -42,7 +42,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AddField(
             model_name='connectiontoken',
-            name='account',
+            name='account_username',
             field=models.CharField(default='', max_length=128, verbose_name='Account'),
         ),
         migrations.RunPython(migrate_system_user_to_account),
diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py
index 9476d348c..7bf66a2ee 100644
--- a/apps/authentication/models/connection_token.py
+++ b/apps/authentication/models/connection_token.py
@@ -25,12 +25,12 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
         'assets.Asset', on_delete=models.SET_NULL, null=True, blank=True,
         related_name='connection_tokens', verbose_name=_('Asset'),
     )
-    user_display = models.CharField(max_length=128, default='', verbose_name=_("User display"))
-    asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
-    account = models.CharField(max_length=128, default='', verbose_name=_("Account"))
     protocol = models.CharField(
         choices=Protocol.choices, max_length=16, default=Protocol.ssh, verbose_name=_("Protocol")
     )
+    user_display = models.CharField(max_length=128, default='', verbose_name=_("User display"))
+    asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
+    account_username = models.CharField(max_length=128, default='', verbose_name=_("Account"))
     secret = models.CharField(max_length=64, default='', verbose_name=_("Secret"))
     date_expired = models.DateTimeField(
         default=date_expired_default, verbose_name=_("Date expired")
@@ -43,6 +43,10 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
             ('view_connectiontokensecret', _('Can view connection token secret'))
         ]
 
+    @property
+    def is_valid(self):
+        return not self.is_expired
+
     @property
     def is_expired(self):
         return self.date_expired < timezone.now()
@@ -55,10 +59,6 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
             seconds = 0
         return int(seconds)
 
-    @property
-    def is_valid(self):
-        return not self.is_expired
-
     @classmethod
     def get_default_date_expired(cls):
         return date_expired_default()
@@ -81,30 +81,21 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
             is_valid = False
             error = _('Connection token expired at: {}').format(as_current_tz(self.date_expired))
             return is_valid, error
-        if not self.user:
+        if not self.user or not self.user.is_valid:
             is_valid = False
-            error = _('User not exists')
+            error = _('No user or invalid user')
             return is_valid, error
-        if not self.user.is_valid:
+        if not self.asset or self.asset.is_active:
             is_valid = False
-            error = _('User invalid, disabled or expired')
-            return is_valid, error
-        if not self.asset:
-            is_valid = False
-            error = _('Asset not exists')
-            return is_valid, error
-        if not self.asset.is_active:
-            is_valid = False
-            error = _('Asset inactive')
+            error = _('No asset or inactive asset')
             return is_valid, error
         if not self.account:
             is_valid = False
-            error = _('Account not exists')
+            error = _('No account')
             return is_valid, error
 
-        actions, expire_at = PermAccountUtil().validate_permission(
-            self.user, self.asset, self.account
-        )
+        account_util = PermAccountUtil()
+        actions, expire_at = account_util.validate_permission(self.user, self.asset, self.account)
         if not actions or expire_at < time.time():
             is_valid = False
             error = _('User has no permission to access asset or permission expired')