diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index e2934c58f..dbb07a94b 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -263,7 +263,6 @@ REST_FRAMEWORK = {
     # Use Django's standard `django.contrib.auth` permissions,
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': (
-        # 'rest_framework.permissions.IsAuthenticated',
         'users.backends.IsValidUser',
     ),
     'DEFAULT_AUTHENTICATION_CLASSES': (
@@ -273,6 +272,7 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.BasicAuthentication',
         'rest_framework.authentication.SessionAuthentication',
     ),
+    'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
 }
 
 # Custom User Auth model
diff --git a/apps/users/api.py b/apps/users/api.py
index f122b49cf..4d1619af6 100644
--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -3,6 +3,7 @@
 
 import base64
 
+from rest_framework import filters
 from django.shortcuts import get_object_or_404
 from django.core.cache import cache
 from django.conf import settings
@@ -11,6 +12,7 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView, BulkModelViewSet
 from rest_framework import authentication
+from django_filters.rest_framework import DjangoFilterBackend
 
 from common.mixins import BulkDeleteApiMixin
 from common.utils import get_logger
@@ -28,9 +30,9 @@ class UserViewSet(BulkModelViewSet):
     queryset = User.objects.all()
     serializer_class = serializers.UserSerializer
     permission_classes = (IsSuperUser,)
-
-    def allow_bulk_destroy(self, qs, filtered):
-        return qs is not filtered
+    filter_backends = (DjangoFilterBackend,)
+    # filter_fields = ('username', 'email', 'name', 'id')
+    ordering_fields = ('username', 'email')
 
 
 class UserUpdateGroupApi(generics.RetrieveUpdateAPIView):
diff --git a/requirements.txt b/requirements.txt
index 93204aeea..af5607b65 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,4 +15,5 @@ paramiko==2.0.2
 django-redis-cache==1.7.1
 requests==2.11.1
 itsdangerous==0.24
-unicodecsv==0.14.1
\ No newline at end of file
+unicodecsv==0.14.1
+django-filter==1.0.0