diff --git a/apps/perms/api.py b/apps/perms/api.py
index 92cfa23d5..e9f91b49c 100644
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -2,8 +2,17 @@
 # 
 
 from rest_framework.views import APIView, Response
-from users.backends import IsValidUser
+from rest_framework.generics import ListCreateAPIView
+from users.backends import IsValidUser, IsSuperUser
 from .utils import get_user_granted_assets, get_user_granted_asset_groups
+from .models import AssetPermission
+from . import serializers
+
+
+class AssetPermissionListCreateApi(ListCreateAPIView):
+    queryset = AssetPermission.objects.all()
+    serializer_class = serializers.AssetPermissionSerializer
+    permission_classes = (IsSuperUser,)
 
 
 class UserAssetsGrantedApi(APIView):
@@ -34,3 +43,26 @@ class UserAssetsGrantedApi(APIView):
 
         return Response(assets_json, status=200)
 
+
+class UserAssetsGroupsGrantedApi(APIView):
+    permission_classes = (IsValidUser,)
+
+    def get(self, request, *args, **kwargs):
+        asset_groups = {}
+        user = request.user
+
+        if user:
+            assets = get_user_granted_assets(user)
+            for asset in assets:
+                for asset_group in asset.groups.all():
+                    if asset_group.id in asset_groups:
+                        asset_groups[asset_group.id]['asset_num'] += 1
+                    else:
+                        asset_groups[asset_group.id] = {
+                            'id': asset_group.id,
+                            'name': asset_group.name,
+                            'asset_num': 1
+                        }
+
+        asset_groups_json = asset_groups.values()
+        return Response(asset_groups_json, status=200)
\ No newline at end of file
diff --git a/apps/perms/models.py b/apps/perms/models.py
index b771d086d..f1d4b4b1f 100644
--- a/apps/perms/models.py
+++ b/apps/perms/models.py
@@ -11,19 +11,19 @@ from common.utils import date_expired_default, combine_seq
 
 
 class AssetPermission(models.Model):
-    PRIVATE_FOR_CHOICE = (
-        ('N', 'None'),
-        ('U', 'user'),
-        ('G', 'user group'),
-    )
+    # PRIVATE_FOR_CHOICE = (
+    #     ('N', 'None'),
+    #     ('U', 'user'),
+    #     ('G', 'user group'),
+    # )
     name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
     users = models.ManyToManyField(User, related_name='asset_permissions', blank=True)
     user_groups = models.ManyToManyField(UserGroup, related_name='asset_permissions', blank=True)
     assets = models.ManyToManyField(Asset, related_name='granted_by_permissions', blank=True)
     asset_groups = models.ManyToManyField(AssetGroup, related_name='granted_by_permissions', blank=True)
     system_users = models.ManyToManyField(SystemUser, related_name='granted_by_permissions')
-    private_for = models.CharField(choices=PRIVATE_FOR_CHOICE, max_length=1, default='N', blank=True,
-                                   verbose_name=_('Private for'))
+    # private_for = models.CharField(choices=PRIVATE_FOR_CHOICE, max_length=1, default='N', blank=True,
+    #                                verbose_name=_('Private for'))
     is_active = models.BooleanField(default=True, verbose_name=_('Active'))
     date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
     created_by = models.CharField(max_length=128, blank=True, verbose_name=_('Created by'))
diff --git a/apps/perms/serializers.py b/apps/perms/serializers.py
index f19a64d9a..78857cf0c 100644
--- a/apps/perms/serializers.py
+++ b/apps/perms/serializers.py
@@ -1,4 +1,34 @@
 # -*- coding: utf-8 -*-
 #
 
+from rest_framework  import serializers
+from .models import AssetPermission
+
+
+class AssetPermissionSerializer(serializers.ModelSerializer):
+    # users_amount = serializers.SerializerMethodField()
+    # user_groups_amount = serializers.SerializerMethodField()
+    # assets_amount = serializers.SerializerMethodField()
+    # asset_groups_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = AssetPermission
+        fields = ['id', 'name', 'users', 'user_groups', 'assets', 'asset_groups',
+                  'system_users', 'is_active', 'comment', 'date_expired']
+
+    # @staticmethod
+    # def get_users_amount(obj):
+    #     return obj.users.count()
+    #
+    # @staticmethod
+    # def get_user_groups_amount(obj):
+    #     return obj.user_groups.count()
+    #
+    # @staticmethod
+    # def get_assets_amount(obj):
+    #     return obj.assets.count()
+    #
+    # @staticmethod
+    # def get_asset_groups_amount(obj):
+    #     return obj.asset_groups.count()
 
diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html
index 6332e2e6d..1c1b167c3 100644
--- a/apps/perms/templates/perms/asset_permission_list.html
+++ b/apps/perms/templates/perms/asset_permission_list.html
@@ -1,73 +1,120 @@
 {% extends '_base_list.html' %}
 {% load i18n %}
+{% load static %}
 {% load common_tags %}
-{% block content_left_head %}
-    <a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary "> {% trans "Create permission" %} </a>
+{% block custom_head_css_js %}
+    {{ block.super }}
+    <style>
+        div.dataTables_wrapper div.dataTables_filter,
+        .dataTables_length {
+            float: right !important;
+        }
+
+        div.dataTables_wrapper div.dataTables_filter {
+            margin-left: 15px;
+        }
+</style>
+{% endblock %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+    <div class="uc pull-left m-l-5 m-r-5">
+        <a href="{% url 'perms:asset-permission-create' %}" class="btn btn-sm btn-primary "> {% trans "Create permission" %} </a>
+    </div>
+    <table class="table table-striped table-bordered table-hover " id="asset-permission-list-table" >
+        <thead>
+            <tr>
+                <th class="text-center">
+                    <div class="checkbox checkbox-default">
+                        <input type="checkbox" class="ipt_check_all">
+                    </div>
+                </th>
+                <th class="text-center">{% trans 'Name' %}</th>
+                <th class="text-center">{% trans 'User' %}</th>
+                <th class="text-center">{% trans 'User group' %}</th>
+                <th class="text-center">{% trans 'Asset' %}</th>
+                <th class="text-center">{% trans 'Asset group' %}</th>
+                <th class="text-center">{% trans 'System user' %}</th>
+                <th class="text-center"><a href="{% url 'users:user-list' %}?sort=date_expired">{% trans 'Is valid' %}</a></th>
+                <th class="text-center">{% trans 'Action' %}</th>
+            </tr>
+        </thead>
+    </table>
 {% endblock %}
 
-{% block table_head %}
-    <th class="text-center">
-        <input type="checkbox" id="check_all" onclick="checkAll('check_all', 'checked')">
-    </th>
-    <th class="text-center"><a href="{% url 'perms:asset-permission-list' %}?sort=name">{% trans 'Name' %}</a></th>
-    <th class="text-center">{% trans 'User count' %}</th>
-    <th class="text-center">{% trans 'User group count' %}</th>
-    <th class="text-center">{% trans 'Asset count' %}</th>
-    <th class="text-center">{% trans 'Asset group count' %}</th>
-    <th class="text-center">{% trans 'System user count' %}</th>
-    <th class="text-center"><a href="{% url 'users:user-list' %}?sort=date_expired">{% trans 'Is valid' %}</a></th>
-    <th class="text-center"></th>
-{% endblock %}
+{% block custom_foot_js %}
+<script>
 
-{% block table_body %}
-     {% for asset_permission in asset_permission_list %}
-         <tr class="gradeX">
-             <td class="text-center">
-                 <input type="checkbox" name="checked" value="{{ asset_permission.id }}">
-             </td>
-             <td class="text-center">
-                 <a href="{% url 'perms:asset-permission-detail' pk=asset_permission.id %}">
-                     {{ asset_permission.name }}
-                 </a>
-             </td>
-             <td class="text-center">{{ asset_permission.users.count}}</td>
-             <td class="text-center">{{ asset_permission.user_groups.count}}</td>
-             <td class="text-center">{{ asset_permission.assets.count }}</td>
-             <td class="text-center">{{ asset_permission.asset_groups.count }}</td>
-             <td class="text-center">{{ asset_permission.system_users.count }}</td>
-             <td class="text-center">
-             {% if asset_permission.is_valid %}
-                 <i class="fa fa-check text-navy"></i>
-             {% else %}
-                 <i class="fa fa-times text-danger"></i>
-             {% endif %}
-             </td>
-             <td class="text-center">
-                 <a href="{% url 'perms:asset-permission-update' pk=asset_permission.id %}" class="btn btn-xs btn-info">{% trans 'Update' %}</a>
-                 <a href="{% url 'perms:asset-permission-delete' pk=asset_permission.id %}" class="btn btn-xs btn-danger del">{% trans 'Delete' %}</a>
-             </td>
-         </tr>
-     {% endfor %}
-{% endblock %}
+function assetPermissionTableDraw(url) {
+    var options = {
+        ele: $('#asset-permission-list-table'),
+        buttons: [],
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "perms:asset-permission-detail" pk=99991937 %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('99991937', rowData.id));
+             }},
+            {targets: 2, createdCell: function (td, cellData) {
+                if (cellData) {
+                    $(td).html(cellData.length)
+                }
+            }},
+            {targets: 3, createdCell: function (td, cellData) {
+                if (cellData) {
+                    $(td).html(cellData.length)
+                }
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                if (cellData) {
+                    $(td).html(cellData.length)
+                }
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                if (cellData) {
+                    $(td).html(cellData.length)
+                }
+            }},
+            {targets: 6, createdCell: function (td, cellData) {
+                if (cellData) {
+                    $(td).html(cellData.length)
+                }
+            }},
+            {targets: 7, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+             }},
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "audits:proxy-log-detail" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Detail" %}</a>'
+                        .replace('99991937', cellData);
+                var delete_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_delete" data-uid="99991937" data-name="99991938">{% trans "Delete" %}</a>'
+                        .replace('99991937', cellData)
+                        .replace('99991938', rowData.name);
+                $(td).html(detail_btn + delete_btn)
+            }}
+        ],
+        ajax_url: url,
+        columns: [{data: function(){return ""}}, {data: "name" }, {data: "users"},
+                  {data: "user_groups"}, {data: "assets"}, {data: 'asset_groups'},
+                  {data: "system_users"}, {data: "is_active"}, {data: 'id'}],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
 
-{% block content_bottom_left %}
-    <form id="" method="get" action="" class=" mail-search">
-        <div class="input-group">
-            <select class="form-control m-b" style="width: auto">
-                <option>{% trans 'Delete selected' %}</option>
-                <option>{% trans 'Update selected' %}</option>
-                <option>{% trans 'Deactive selected' %}</option>
-                <option>{% trans 'Export selected' %}</option>
-            </select>
+}
 
-            <div class="input-group-btn pull-left" style="padding-left: 5px;">
-                <button id='search_btn' type="submit" style="height: 32px;"  class="btn btn-sm btn-primary">
-                 {% trans 'Submit' %}
-                </button>
-            </div>
+function searchAssetPermission() {
+    var value = $('.dataTables_filter input').val();
+    assetPermissionTableDraw()
+}
 
-        </div>
-   </form>
+$(document).ready(function(){
+    assetPermissionTableDraw('{% url "perms:asset-permission-list-create-api" %}');
+}).on('keyup', '.dataTables_filter input', function () {
+    searchAssetPermission()
+})
+</script>
 {% endblock %}
 
 
diff --git a/apps/perms/urls.py b/apps/perms/urls.py
index 33681da6d..e44177915 100644
--- a/apps/perms/urls.py
+++ b/apps/perms/urls.py
@@ -22,7 +22,11 @@ urlpatterns = [
 ]
 
 urlpatterns += [
+    url(r'^v1/asset-permission/$', api.AssetPermissionListCreateApi.as_view(),
+        name='asset-permission-list-create-api'),
     url(r'^v1/user/assets/granted/$', api.UserAssetsGrantedApi.as_view(),
         name='user-assets-granted'),
+    url(r'^v1/user/asset-groups/granted/$', api.UserAssetsGroupsGrantedApi.as_view(),
+        name='user-asset-groups-granted'),
 ]
 
diff --git a/apps/perms/views.py b/apps/perms/views.py
index f3704a3d1..546eff80b 100644
--- a/apps/perms/views.py
+++ b/apps/perms/views.py
@@ -34,7 +34,6 @@ class AssetPermissionListView(AdminUserRequiredMixin, ListView):
         return super(AssetPermissionListView, self).get_context_data(**kwargs)
 
     def get_queryset(self):
-        # Todo: Default order by lose asset connection num
         self.queryset = super(AssetPermissionListView, self).get_queryset()
         self.keyword = keyword = self.request.GET.get('keyword', '')
         self.sort = sort = self.request.GET.get('sort', '-date_created')
diff --git a/apps/users/backends.py b/apps/users/backends.py
index bb2bf597b..00061bdec 100644
--- a/apps/users/backends.py
+++ b/apps/users/backends.py
@@ -81,8 +81,7 @@ class AccessTokenAuthentication(authentication.BaseAuthentication):
         user = get_object_or_none(User, id=user_id)
 
         if not user:
-            msg = _('Invalid token')
-            raise exceptions.AuthenticationFailed(msg)
+            return None
 
         remote_addr = request.META.get('REMOTE_ADDR', '')
         remote_addr = base64.b16encode(remote_addr).replace('=', '')
diff --git a/apps/users/forms.py b/apps/users/forms.py
index 4df402d57..08c14f860 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -108,7 +108,7 @@ class UserPrivateAssetPermissionForm(forms.ModelForm):
 
     def save(self, commit=True):
         self.instance = super(UserPrivateAssetPermissionForm, self).save(commit=commit)
-        self.instance.private_for = 'U'
+        # self.instance.private_for = 'U'
         self.instance.users = [self.user]
         self.instance.save()
         return self.instance
@@ -116,7 +116,7 @@ class UserPrivateAssetPermissionForm(forms.ModelForm):
     class Meta:
         model = AssetPermission
         fields = [
-            'assets', 'asset_groups', 'system_users', 'private_for', 'name',
+            'assets', 'asset_groups', 'system_users', 'name',
         ]
         widgets = {
             'assets': forms.SelectMultiple(attrs={'class': 'select2',