diff --git a/apps/users/serializers/profile.py b/apps/users/serializers/profile.py
index 8b773dc25..3434260e6 100644
--- a/apps/users/serializers/profile.py
+++ b/apps/users/serializers/profile.py
@@ -147,8 +147,6 @@ class UserProfileSerializer(UserSerializer):
             'date_expired': {'read_only': True},
             'date_joined': {'read_only': True},
             'last_login': {'read_only': True},
-            'system_roles': {'read_only': True},
-            'org_roles': {'read_only': True},
         })
 
         if 'password' in fields:
diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py
index 5cc019cde..7a7950aba 100644
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@@ -21,7 +21,6 @@ __all__ = [
 
 class RolesSerializerMixin(serializers.Serializer):
     system_roles = serializers.ManyRelatedField(
-        allow_empty=False,
         child_relation=serializers.PrimaryKeyRelatedField(queryset=Role.system_roles),
         label=_('System roles'),
     )
@@ -70,16 +69,6 @@ class RolesSerializerMixin(serializers.Serializer):
         self.pop_roles_if_need(fields)
         return fields
 
-    @staticmethod
-    def _validate_org_roles(attrs):
-        if current_org.is_root():
-            attrs.pop('org_roles', None)
-            return attrs
-        org_roles = attrs.get('org_roles', None)
-        if not org_roles:
-            raise serializers.ValidationError({'org_roles': _('This field is required.')})
-        return attrs
-
 
 class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializers.ModelSerializer):
     password_strategy = serializers.ChoiceField(
@@ -188,7 +177,6 @@ class UserSerializer(RolesSerializerMixin, CommonBulkSerializerMixin, serializer
         return attrs
 
     def validate(self, attrs):
-        attrs = self._validate_org_roles(attrs)
         attrs = self.change_password_to_raw(attrs)
         attrs = self.clean_auth_fields(attrs)
         attrs.pop('password_strategy', None)