diff --git a/apps/authentication/api/access_key.py b/apps/authentication/api/access_key.py
index 0762d0de9..bbda04c02 100644
--- a/apps/authentication/api/access_key.py
+++ b/apps/authentication/api/access_key.py
@@ -2,14 +2,14 @@
 #
 
 from rest_framework.viewsets import ModelViewSet
-
-from common.permissions import IsValidUser
 from .. import serializers
+from rbac.permissions import RBACPermission
 
 
 class AccessKeyViewSet(ModelViewSet):
     serializer_class = serializers.AccessKeySerializer
     search_fields = ['^id', '^secret']
+    permission_classes = [RBACPermission]
 
     def get_queryset(self):
         return self.request.user.access_keys.all()
diff --git a/apps/authentication/api/temp_token.py b/apps/authentication/api/temp_token.py
index a8fcc02af..6e640edd6 100644
--- a/apps/authentication/api/temp_token.py
+++ b/apps/authentication/api/temp_token.py
@@ -3,15 +3,18 @@ from rest_framework.response import Response
 from rest_framework.decorators import action
 
 from common.drf.api import JMSModelViewSet
-from common.permissions import IsValidUser
 from ..models import TempToken
 from ..serializers import TempTokenSerializer
+from rbac.permissions import RBACPermission
 
 
 class TempTokenViewSet(JMSModelViewSet):
     serializer_class = TempTokenSerializer
-    permission_classes = [IsValidUser]
+    permission_classes = [RBACPermission]
     http_method_names = ['post', 'get', 'options', 'patch']
+    rbac_perms = {
+        'expire': 'authentication.change_temptoken',
+    }
 
     def get_queryset(self):
         username = self.request.user.username
diff --git a/apps/common/validators.py b/apps/common/validators.py
index 352482a1b..4be90d855 100644
--- a/apps/common/validators.py
+++ b/apps/common/validators.py
@@ -42,7 +42,7 @@ class NoSpecialChars:
 
 
 class PhoneValidator:
-    pattern = re.compile(r"^1[356789]\d{9}$")
+    pattern = re.compile(r"^1[3456789]\d{9}$")
     message = _('The mobile phone number format is incorrect')
 
     def __call__(self, value):
diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py
index a199c149c..c99181d4e 100644
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@@ -4,7 +4,8 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions
 
 system_user_perms = (
     ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
-    ('authentication', 'temptoken', 'add', 'temptoken'),
+    ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
+    ('authentication', 'accesskey', '*', '*'),
     ('tickets', 'ticket', 'view', 'ticket'),
     ('orgs', 'organization', 'view', 'rootorg'),
 )
diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index 5d6ae08ec..d9b80b78a 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -25,6 +25,7 @@ exclude_permissions = (
     ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'),
     ('authentication', 'ssotoken', '*', '*'),
     ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
+    ('authentication', 'temptoken', 'delete', 'temptoken'),
     ('users', 'userpasswordhistory', '*', '*'),
     ('applications', 'applicationuser', '*', '*'),
     ('applications', 'historicalaccount', '*', '*'),