diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index ec004df0b..35dc2c460 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -126,8 +126,11 @@ class WithBootstrapToken(permissions.BasePermission):
 class PermissionsMixin(UserPassesTestMixin):
     permission_classes = []
 
+    def get_permissions(self):
+        return self.permission_classes
+
     def test_func(self):
-        permission_classes = self.permission_classes
+        permission_classes = self.get_permissions()
         for permission_class in permission_classes:
             if not permission_class().has_permission(self.request, self):
                 return False
diff --git a/apps/ops/api/command.py b/apps/ops/api/command.py
index dbc3aa218..ab5b97176 100644
--- a/apps/ops/api/command.py
+++ b/apps/ops/api/command.py
@@ -20,7 +20,7 @@ class CommandExecutionViewSet(viewsets.ModelViewSet):
         )
 
     def check_permissions(self, request):
-        if not settings.SECURITY_COMMAND_EXECUTION:
+        if not settings.SECURITY_COMMAND_EXECUTION and request.user.is_common_user:
             return self.permission_denied(request, "Command execution disabled")
         return super().check_permissions(request)
 
diff --git a/apps/ops/views/command.py b/apps/ops/views/command.py
index 6275f0f3f..15e887351 100644
--- a/apps/ops/views/command.py
+++ b/apps/ops/views/command.py
@@ -59,6 +59,11 @@ class CommandExecutionStartView(PermissionsMixin, TemplateView):
     form_class = CommandExecutionForm
     permission_classes = [IsValidUser]
 
+    def get_permissions(self):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return [IsOrgAdmin]
+        return super().permission_classes()
+
     def get_user_system_users(self):
         from perms.utils import AssetPermissionUtil
         user = self.request.user
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index a0ceb6c51..983dcd38e 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -249,6 +249,16 @@ class User(AbstractUser):
     def is_auditor(self):
         return self.role == 'Auditor'
 
+    @property
+    def is_common_user(self):
+        if self.is_org_admin:
+            return False
+        if self.is_auditor:
+            return False
+        if self.is_app:
+            return False
+        return True
+
     @property
     def is_app(self):
         return self.role == 'App'