diff --git a/apps/applications/hands.py b/apps/applications/hands.py
index ffe1e35c5..7c83e1332 100644
--- a/apps/applications/hands.py
+++ b/apps/applications/hands.py
@@ -11,6 +11,5 @@
 """
 
 
-from common.permissions import AdminUserRequiredMixin
 from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
 from users.models import User, UserGroup
diff --git a/apps/applications/views/remote_app.py b/apps/applications/views/remote_app.py
index e21db3ad8..dbf0b51c0 100644
--- a/apps/applications/views/remote_app.py
+++ b/apps/applications/views/remote_app.py
@@ -10,7 +10,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin
 from django.urls import reverse_lazy
 
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from common.const import create_success_msg, update_success_msg
 
 from ..models import RemoteApp
@@ -23,8 +23,9 @@ __all__ = [
 ]
 
 
-class RemoteAppListView(AdminUserRequiredMixin, TemplateView):
+class RemoteAppListView(PermissionsMixin, TemplateView):
     template_name = 'applications/remote_app_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -35,11 +36,12 @@ class RemoteAppListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class RemoteAppCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
     template_name = 'applications/remote_app_create_update.html'
     model = RemoteApp
     form_class = forms.RemoteAppCreateUpdateForm
     success_url = reverse_lazy('applications:remote-app-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -53,11 +55,12 @@ class RemoteAppCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVie
         return create_success_msg % ({'name': cleaned_data['name']})
 
 
-class RemoteAppUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class RemoteAppUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     template_name = 'applications/remote_app_create_update.html'
     model = RemoteApp
     form_class = forms.RemoteAppCreateUpdateForm
     success_url = reverse_lazy('applications:remote-app-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_initial(self):
         return {k: v for k, v in self.object.params.items()}
@@ -74,10 +77,11 @@ class RemoteAppUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
         return update_success_msg % ({'name': cleaned_data['name']})
 
 
-class RemoteAppDetailView(AdminUserRequiredMixin, DetailView):
+class RemoteAppDetailView(PermissionsMixin, DetailView):
     template_name = 'applications/remote_app_detail.html'
     model = RemoteApp
     context_object_name = 'remote_app'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
diff --git a/apps/assets/hands.py b/apps/assets/hands.py
index ffe1e35c5..7c83e1332 100644
--- a/apps/assets/hands.py
+++ b/apps/assets/hands.py
@@ -11,6 +11,5 @@
 """
 
 
-from common.permissions import AdminUserRequiredMixin
 from common.permissions import IsAppUser, IsOrgAdmin, IsValidUser, IsOrgAdminOrAppUser
 from users.models import User, UserGroup
diff --git a/apps/assets/views/admin_user.py b/apps/assets/views/admin_user.py
index fe00e29ac..6c6f866da 100644
--- a/apps/assets/views/admin_user.py
+++ b/apps/assets/views/admin_user.py
@@ -11,7 +11,7 @@ from django.views.generic.detail import DetailView, SingleObjectMixin
 from common.const import create_success_msg, update_success_msg
 from .. import forms
 from ..models import AdminUser, Node
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 
 __all__ = [
     'AdminUserCreateView', 'AdminUserDetailView',
@@ -20,9 +20,10 @@ __all__ = [
 ]
 
 
-class AdminUserListView(AdminUserRequiredMixin, TemplateView):
+class AdminUserListView(PermissionsMixin, TemplateView):
     model = AdminUser
     template_name = 'assets/admin_user_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -33,7 +34,7 @@ class AdminUserListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class AdminUserCreateView(AdminUserRequiredMixin,
+class AdminUserCreateView(PermissionsMixin,
                           SuccessMessageMixin,
                           CreateView):
     model = AdminUser
@@ -41,6 +42,7 @@ class AdminUserCreateView(AdminUserRequiredMixin,
     template_name = 'assets/admin_user_create_update.html'
     success_url = reverse_lazy('assets:admin-user-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -51,12 +53,13 @@ class AdminUserCreateView(AdminUserRequiredMixin,
         return super().get_context_data(**kwargs)
 
 
-class AdminUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class AdminUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     model = AdminUser
     form_class = forms.AdminUserForm
     template_name = 'assets/admin_user_create_update.html'
     success_url = reverse_lazy('assets:admin-user-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -67,11 +70,12 @@ class AdminUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
         return super().get_context_data(**kwargs)
 
 
-class AdminUserDetailView(AdminUserRequiredMixin, DetailView):
+class AdminUserDetailView(PermissionsMixin, DetailView):
     model = AdminUser
     template_name = 'assets/admin_user_detail.html'
     context_object_name = 'admin_user'
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -83,11 +87,12 @@ class AdminUserDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+class AdminUserAssetsView(PermissionsMixin, SingleObjectMixin, ListView):
     paginate_by = settings.DISPLAY_PER_PAGE
     template_name = 'assets/admin_user_assets.html'
     context_object_name = 'admin_user'
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=AdminUser.objects.all())
@@ -108,9 +113,10 @@ class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class AdminUserDeleteView(AdminUserRequiredMixin, DeleteView):
+class AdminUserDeleteView(PermissionsMixin, DeleteView):
     model = AdminUser
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('assets:admin-user-list')
+    permission_classes = [IsOrgAdmin]
 
 
diff --git a/apps/assets/views/asset.py b/apps/assets/views/asset.py
index c884b4902..36e9bb8ea 100644
--- a/apps/assets/views/asset.py
+++ b/apps/assets/views/asset.py
@@ -27,7 +27,7 @@ from django.forms.formsets import formset_factory
 
 from common.mixins import JSONResponseMixin
 from common.utils import get_object_or_none, get_logger
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin ,IsOrgAdmin
 from common.const import (
     create_success_msg, update_success_msg, KEY_CACHE_RESOURCES_ID
 )
@@ -43,8 +43,9 @@ __all__ = [
 logger = get_logger(__file__)
 
 
-class AssetListView(AdminUserRequiredMixin, TemplateView):
+class AssetListView(PermissionsMixin, TemplateView):
     template_name = 'assets/asset_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         Node.root()
@@ -58,10 +59,11 @@ class AssetListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class AssetUserListView(AdminUserRequiredMixin, DetailView):
+class AssetUserListView(PermissionsMixin, DetailView):
     model = Asset
     context_object_name = 'asset'
     template_name = 'assets/asset_asset_user_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -85,11 +87,12 @@ class UserAssetListView(LoginRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class AssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class AssetCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
     model = Asset
     form_class = forms.AssetCreateForm
     template_name = 'assets/asset_create.html'
     success_url = reverse_lazy('assets:asset-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class=form_class)
@@ -133,7 +136,7 @@ class AssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
         return create_success_msg % ({"name": cleaned_data["hostname"]})
 
 
-class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
+class AssetBulkUpdateView(PermissionsMixin, ListView):
     model = Asset
     form_class = forms.AssetBulkUpdateForm
     template_name = 'assets/asset_bulk_update.html'
@@ -141,6 +144,7 @@ class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
     success_message = _("Bulk update asset success")
     id_list = None
     form = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         spm = request.GET.get('spm', '')
@@ -173,11 +177,12 @@ class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class AssetUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class AssetUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     model = Asset
     form_class = forms.AssetUpdateForm
     template_name = 'assets/asset_update.html'
     success_url = reverse_lazy('assets:asset-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_protocol_formset(self):
         ProtocolFormset = formset_factory(forms.ProtocolForm, extra=0, min_num=1, max_num=5)
@@ -202,10 +207,11 @@ class AssetUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
         return update_success_msg % ({"name": cleaned_data["hostname"]})
 
 
-class AssetDeleteView(AdminUserRequiredMixin, DeleteView):
+class AssetDeleteView(PermissionsMixin, DeleteView):
     model = Asset
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('assets:asset-list')
+    permission_classes = [IsOrgAdmin]
 
 
 class AssetDetailView(LoginRequiredMixin, DetailView):
@@ -272,8 +278,9 @@ class AssetExportView(LoginRequiredMixin, View):
         return JsonResponse({'redirect': url})
 
 
-class BulkImportAssetView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
+class BulkImportAssetView(PermissionsMixin, JSONResponseMixin, FormView):
     form_class = forms.FileForm
+    permission_classes = [IsOrgAdmin]
 
     def form_valid(self, form):
         node_id = self.request.GET.get("node_id")
diff --git a/apps/assets/views/cmd_filter.py b/apps/assets/views/cmd_filter.py
index 56c15885b..354c1d852 100644
--- a/apps/assets/views/cmd_filter.py
+++ b/apps/assets/views/cmd_filter.py
@@ -8,7 +8,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.urls import reverse_lazy
 from django.shortcuts import get_object_or_404, reverse
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from common.const import create_success_msg, update_success_msg
 from ..models import CommandFilter, CommandFilterRule, SystemUser
 from ..forms import CommandFilterForm, CommandFilterRuleForm
@@ -22,8 +22,9 @@ __all__ = (
 )
 
 
-class CommandFilterListView(AdminUserRequiredMixin, TemplateView):
+class CommandFilterListView(PermissionsMixin, TemplateView):
     template_name = 'assets/cmd_filter_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -34,12 +35,13 @@ class CommandFilterListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterCreateView(AdminUserRequiredMixin, CreateView):
+class CommandFilterCreateView(PermissionsMixin, CreateView):
     model = CommandFilter
     template_name = 'assets/cmd_filter_create_update.html'
     form_class = CommandFilterForm
     success_url = reverse_lazy('assets:cmd-filter-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -50,12 +52,13 @@ class CommandFilterCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterUpdateView(AdminUserRequiredMixin, UpdateView):
+class CommandFilterUpdateView(PermissionsMixin, UpdateView):
     model = CommandFilter
     template_name = 'assets/cmd_filter_create_update.html'
     form_class = CommandFilterForm
     success_url = reverse_lazy('assets:cmd-filter-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -66,9 +69,10 @@ class CommandFilterUpdateView(AdminUserRequiredMixin, UpdateView):
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterDetailView(AdminUserRequiredMixin, DetailView):
+class CommandFilterDetailView(PermissionsMixin, DetailView):
     model = CommandFilter
     template_name = 'assets/cmd_filter_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         system_users_remain = SystemUser.objects\
@@ -83,10 +87,11 @@ class CommandFilterDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterRuleListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateView):
+class CommandFilterRuleListView(PermissionsMixin, SingleObjectMixin, TemplateView):
     template_name = 'assets/cmd_filter_rule_list.html'
     model = CommandFilter
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=self.model.objects.all())
@@ -102,12 +107,13 @@ class CommandFilterRuleListView(AdminUserRequiredMixin, SingleObjectMixin, Templ
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterRuleCreateView(AdminUserRequiredMixin, CreateView):
+class CommandFilterRuleCreateView(PermissionsMixin, CreateView):
     template_name = 'assets/cmd_filter_rule_create_update.html'
     model = CommandFilterRule
     form_class = CommandFilterRuleForm
     success_message = create_success_msg
     cmd_filter = None
+    permission_classes = [IsOrgAdmin]
 
     def get_success_url(self):
         return reverse('assets:cmd-filter-rule-list', kwargs={
@@ -135,12 +141,13 @@ class CommandFilterRuleCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class CommandFilterRuleUpdateView(AdminUserRequiredMixin, UpdateView):
+class CommandFilterRuleUpdateView(PermissionsMixin, UpdateView):
     template_name = 'assets/cmd_filter_rule_create_update.html'
     model = CommandFilterRule
     form_class = CommandFilterRuleForm
     success_message = create_success_msg
     cmd_filter = None
+    permission_classes = [IsOrgAdmin]
 
     def get_success_url(self):
         return reverse('assets:cmd-filter-rule-list', kwargs={
diff --git a/apps/assets/views/domain.py b/apps/assets/views/domain.py
index 0bfce6905..797bae1f4 100644
--- a/apps/assets/views/domain.py
+++ b/apps/assets/views/domain.py
@@ -7,7 +7,7 @@ from django.views.generic.detail import SingleObjectMixin
 from django.utils.translation import ugettext_lazy as _
 from django.urls import reverse_lazy, reverse
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin ,IsOrgAdmin
 from common.const import create_success_msg, update_success_msg
 from common.utils import get_object_or_none
 from ..models import Domain, Gateway
@@ -21,8 +21,9 @@ __all__ = (
 )
 
 
-class DomainListView(AdminUserRequiredMixin, TemplateView):
+class DomainListView(PermissionsMixin, TemplateView):
     template_name = 'assets/domain_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -33,12 +34,13 @@ class DomainListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class DomainCreateView(AdminUserRequiredMixin, CreateView):
+class DomainCreateView(PermissionsMixin, CreateView):
     model = Domain
     template_name = 'assets/domain_create_update.html'
     form_class = DomainForm
     success_url = reverse_lazy('assets:domain-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -49,12 +51,13 @@ class DomainCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class DomainUpdateView(AdminUserRequiredMixin, UpdateView):
+class DomainUpdateView(PermissionsMixin, UpdateView):
     model = Domain
     template_name = 'assets/domain_create_update.html'
     form_class = DomainForm
     success_url = reverse_lazy('assets:domain-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -65,9 +68,10 @@ class DomainUpdateView(AdminUserRequiredMixin, UpdateView):
         return super().get_context_data(**kwargs)
 
 
-class DomainDetailView(AdminUserRequiredMixin, DetailView):
+class DomainDetailView(PermissionsMixin, DetailView):
     model = Domain
     template_name = 'assets/domain_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -78,16 +82,18 @@ class DomainDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class DomainDeleteView(AdminUserRequiredMixin, DeleteView):
+class DomainDeleteView(PermissionsMixin, DeleteView):
     model = Domain
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('assets:domain-list')
+    permission_classes = [IsOrgAdmin]
 
 
-class DomainGatewayListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateView):
+class DomainGatewayListView(PermissionsMixin, SingleObjectMixin, TemplateView):
     template_name = 'assets/domain_gateway_list.html'
     model = Domain
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=self.model.objects.all())
@@ -103,11 +109,12 @@ class DomainGatewayListView(AdminUserRequiredMixin, SingleObjectMixin, TemplateV
         return super().get_context_data(**kwargs)
 
 
-class DomainGatewayCreateView(AdminUserRequiredMixin, CreateView):
+class DomainGatewayCreateView(PermissionsMixin, CreateView):
     model = Gateway
     template_name = 'assets/gateway_create_update.html'
     form_class = GatewayForm
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_success_url(self):
         domain = self.object.domain
@@ -130,11 +137,12 @@ class DomainGatewayCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class DomainGatewayUpdateView(AdminUserRequiredMixin, UpdateView):
+class DomainGatewayUpdateView(PermissionsMixin, UpdateView):
     model = Gateway
     template_name = 'assets/gateway_create_update.html'
     form_class = GatewayForm
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_success_url(self):
         domain = self.object.domain
diff --git a/apps/assets/views/label.py b/apps/assets/views/label.py
index 9ed289e3e..b53a5d040 100644
--- a/apps/assets/views/label.py
+++ b/apps/assets/views/label.py
@@ -6,7 +6,7 @@ from django.views.generic import TemplateView, CreateView, \
 from django.utils.translation import ugettext_lazy as _
 from django.urls import reverse_lazy
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from common.const import create_success_msg, update_success_msg
 from ..models import Label
 from ..forms import LabelForm
@@ -18,8 +18,9 @@ __all__ = (
 )
 
 
-class LabelListView(AdminUserRequiredMixin, TemplateView):
+class LabelListView(PermissionsMixin, TemplateView):
     template_name = 'assets/label_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -30,13 +31,14 @@ class LabelListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class LabelCreateView(AdminUserRequiredMixin, CreateView):
+class LabelCreateView(PermissionsMixin, CreateView):
     model = Label
     template_name = 'assets/label_create_update.html'
     form_class = LabelForm
     success_url = reverse_lazy('assets:label-list')
     success_message = create_success_msg
     disable_name = ['draw', 'search', 'limit', 'offset', '_']
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -57,12 +59,13 @@ class LabelCreateView(AdminUserRequiredMixin, CreateView):
         return super().form_valid(form)
 
 
-class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
+class LabelUpdateView(PermissionsMixin, UpdateView):
     model = Label
     template_name = 'assets/label_create_update.html'
     form_class = LabelForm
     success_url = reverse_lazy('assets:label-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -73,11 +76,12 @@ class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
         return super().get_context_data(**kwargs)
 
 
-class LabelDetailView(AdminUserRequiredMixin, DetailView):
+class LabelDetailView(PermissionsMixin, DetailView):
     pass
 
 
-class LabelDeleteView(AdminUserRequiredMixin, DeleteView):
+class LabelDeleteView(PermissionsMixin, DeleteView):
     model = Label
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('assets:label-list')
+    permission_classes = [IsOrgAdmin]
diff --git a/apps/assets/views/system_user.py b/apps/assets/views/system_user.py
index c31fd8da0..3e400cd29 100644
--- a/apps/assets/views/system_user.py
+++ b/apps/assets/views/system_user.py
@@ -10,7 +10,7 @@ from django.views.generic.detail import DetailView
 from common.const import create_success_msg, update_success_msg
 from ..forms import SystemUserForm
 from ..models import SystemUser, Node, CommandFilter
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 
 
 __all__ = [
@@ -20,8 +20,9 @@ __all__ = [
 ]
 
 
-class SystemUserListView(AdminUserRequiredMixin, TemplateView):
+class SystemUserListView(PermissionsMixin, TemplateView):
     template_name = 'assets/system_user_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -32,12 +33,13 @@ class SystemUserListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class SystemUserCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
     model = SystemUser
     form_class = SystemUserForm
     template_name = 'assets/system_user_create.html'
     success_url = reverse_lazy('assets:system-user-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -48,12 +50,13 @@ class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVi
         return super().get_context_data(**kwargs)
 
 
-class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class SystemUserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     model = SystemUser
     form_class = SystemUserForm
     template_name = 'assets/system_user_update.html'
     success_url = reverse_lazy('assets:system-user-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -64,10 +67,11 @@ class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVi
         return super().get_context_data(**kwargs)
 
 
-class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
+class SystemUserDetailView(PermissionsMixin, DetailView):
     template_name = 'assets/system_user_detail.html'
     context_object_name = 'system_user'
     model = SystemUser
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -79,16 +83,18 @@ class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class SystemUserDeleteView(AdminUserRequiredMixin, DeleteView):
+class SystemUserDeleteView(PermissionsMixin, DeleteView):
     model = SystemUser
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('assets:system-user-list')
+    permission_classes = [IsOrgAdmin]
 
 
-class SystemUserAssetView(AdminUserRequiredMixin, DetailView):
+class SystemUserAssetView(PermissionsMixin, DetailView):
     model = SystemUser
     template_name = 'assets/system_user_asset.html'
     context_object_name = 'system_user'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         nodes_remain = sorted(Node.objects.exclude(systemuser=self.object), reverse=True)
diff --git a/apps/audits/api.py b/apps/audits/api.py
index 83c75e243..daf111ed8 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -3,7 +3,7 @@
 
 from rest_framework import viewsets
 
-from common.permissions import IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdminOrAppUser, IsAuditor
 from .models import FTPLog
 from .serializers import FTPLogSerializer
 
@@ -11,4 +11,4 @@ from .serializers import FTPLogSerializer
 class FTPLogViewSet(viewsets.ModelViewSet):
     queryset = FTPLog.objects.all()
     serializer_class = FTPLogSerializer
-    permission_classes = (IsOrgAdminOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser | IsAuditor,)
diff --git a/apps/audits/views.py b/apps/audits/views.py
index 372159b74..a8632e1a8 100644
--- a/apps/audits/views.py
+++ b/apps/audits/views.py
@@ -19,7 +19,7 @@ from django.db.models import Q
 
 from audits.utils import get_excel_response, write_content_to_excel
 from common.mixins import DatetimeSearchMixin
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
 
 from orgs.utils import current_org
 from ops.views import CommandExecutionListView as UserCommandExecutionListView
@@ -42,12 +42,13 @@ def get_resource_type_list():
     return [model._meta.verbose_name for model in models]
 
 
-class FTPLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class FTPLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     model = FTPLog
     template_name = 'audits/ftp_log_list.html'
     paginate_by = settings.DISPLAY_PER_PAGE
     user = asset = system_user = filename = ''
     date_from = date_to = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_queryset(self):
         self.queryset = super().get_queryset()
@@ -89,13 +90,14 @@ class FTPLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class OperateLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     model = OperateLog
     template_name = 'audits/operate_log_list.html'
     paginate_by = settings.DISPLAY_PER_PAGE
     user = action = resource_type = ''
     date_from = date_to = None
     actions_dict = dict(OperateLog.ACTION_CHOICES)
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_queryset(self):
         self.queryset = super().get_queryset()
@@ -124,7 +126,6 @@ class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
             'date_from': self.date_from,
             'date_to': self.date_to,
             'user': self.user,
-            'action': self.action,
             'resource_type': self.resource_type,
             "app": _("Audits"),
             "action": _("Operate log"),
@@ -133,12 +134,13 @@ class OperateLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class PasswordChangeLogList(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class PasswordChangeLogList(PermissionsMixin, DatetimeSearchMixin, ListView):
     model = PasswordChangeLog
     template_name = 'audits/password_change_log_list.html'
     paginate_by = settings.DISPLAY_PER_PAGE
     user = ''
     date_from = date_to = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_queryset(self):
         users = current_org.get_org_users()
@@ -169,12 +171,13 @@ class PasswordChangeLogList(AdminUserRequiredMixin, DatetimeSearchMixin, ListVie
         return super().get_context_data(**kwargs)
 
 
-class LoginLogListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class LoginLogListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     template_name = 'audits/login_log_list.html'
     model = UserLoginLog
     paginate_by = settings.DISPLAY_PER_PAGE
     user = keyword = ""
     date_to = date_from = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     @staticmethod
     def get_org_users():
diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index 025d44ba3..ec004df0b 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -27,6 +27,12 @@ class IsAppUser(IsValidUser):
             and request.user.is_app
 
 
+class IsAuditor(IsValidUser):
+    def has_permission(self, request, view):
+        return super(IsAuditor, self).has_permission(request, view) \
+               and request.user.is_auditor
+
+
 class IsSuperUser(IsValidUser):
     def has_permission(self, request, view):
         return super(IsSuperUser, self).has_permission(request, view) \
@@ -115,3 +121,14 @@ class WithBootstrapToken(permissions.BasePermission):
             return False
         request_bootstrap_token = authorization.split()[-1]
         return settings.BOOTSTRAP_TOKEN == request_bootstrap_token
+
+
+class PermissionsMixin(UserPassesTestMixin):
+    permission_classes = []
+
+    def test_func(self):
+        permission_classes = self.permission_classes
+        for permission_class in permission_classes:
+            if not permission_class().has_permission(self.request, self):
+                return False
+        return True
diff --git a/apps/jumpserver/views.py b/apps/jumpserver/views.py
index 52fa31273..8f4954f69 100644
--- a/apps/jumpserver/views.py
+++ b/apps/jumpserver/views.py
@@ -31,6 +31,8 @@ class IndexView(LoginRequiredMixin, TemplateView):
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return self.handle_no_permission()
+        if request.user.is_auditor:
+            return super(IndexView, self).dispatch(request, *args, **kwargs)
         if not request.user.is_org_admin:
             return redirect('assets:user-asset-list')
         if not current_org or not current_org.can_admin_by(request.user):
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 57393bd42..b31355b1c 100644
Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index f08cfd10a..06d988973 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-06-14 10:41+0800\n"
+"POT-Creation-Date: 2019-06-14 17:01+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -95,7 +95,7 @@ msgstr "运行参数"
 #: terminal/templates/terminal/session_list.html:41
 #: terminal/templates/terminal/session_list.html:72
 #: xpack/plugins/change_auth_plan/forms.py:114
-#: xpack/plugins/change_auth_plan/models.py:413
+#: xpack/plugins/change_auth_plan/models.py:409
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:46
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:54
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:13
@@ -165,7 +165,7 @@ msgstr "系统用户"
 #: settings/templates/settings/terminal_setting.html:105 terminal/models.py:22
 #: terminal/models.py:258 terminal/templates/terminal/terminal_detail.html:43
 #: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14
-#: users/models/user.py:61 users/templates/users/_select_user_modal.html:13
+#: users/models/user.py:63 users/templates/users/_select_user_modal.html:13
 #: users/templates/users/user_detail.html:63
 #: users/templates/users/user_group_detail.html:55
 #: users/templates/users/user_group_list.html:35
@@ -173,7 +173,7 @@ msgstr "系统用户"
 #: users/templates/users/user_profile.html:51
 #: users/templates/users/user_pubkey_update.html:53
 #: xpack/plugins/change_auth_plan/forms.py:97
-#: xpack/plugins/change_auth_plan/models.py:61
+#: xpack/plugins/change_auth_plan/models.py:58
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:61
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:12
 #: xpack/plugins/cloud/models.py:49 xpack/plugins/cloud/models.py:119
@@ -183,7 +183,6 @@ msgstr "系统用户"
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:12
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:52
 #: xpack/plugins/orgs/templates/orgs/org_list.html:12
-#: xpack/plugins/vault/templates/vault/vault.html:90
 msgid "Name"
 msgstr "名称"
 
@@ -217,9 +216,9 @@ msgstr "参数"
 #: perms/models/asset_permission.py:62 perms/models/base.py:41
 #: perms/templates/perms/asset_permission_detail.html:98
 #: perms/templates/perms/remote_app_permission_detail.html:90
-#: users/models/user.py:102 users/serializers/v1.py:72
+#: users/models/user.py:104 users/serializers/v1.py:72
 #: users/templates/users/user_detail.html:111
-#: xpack/plugins/change_auth_plan/models.py:106
+#: xpack/plugins/change_auth_plan/models.py:103
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:113
 #: xpack/plugins/cloud/models.py:55 xpack/plugins/cloud/models.py:127
 msgid "Created by"
@@ -279,11 +278,11 @@ msgstr "创建日期"
 #: perms/templates/perms/remote_app_permission_detail.html:94
 #: settings/models.py:34 terminal/models.py:32
 #: terminal/templates/terminal/terminal_detail.html:63 users/models/group.py:15
-#: users/models/user.py:94 users/templates/users/user_detail.html:127
+#: users/models/user.py:96 users/templates/users/user_detail.html:127
 #: users/templates/users/user_group_detail.html:67
 #: users/templates/users/user_group_list.html:37
 #: users/templates/users/user_profile.html:134
-#: xpack/plugins/change_auth_plan/models.py:102
+#: xpack/plugins/change_auth_plan/models.py:99
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:117
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:19
 #: xpack/plugins/cloud/models.py:54 xpack/plugins/cloud/models.py:125
@@ -447,7 +446,6 @@ msgstr "详情"
 #: xpack/plugins/cloud/templates/cloud/account_list.html:39
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:25
 #: xpack/plugins/orgs/templates/orgs/org_list.html:87
-#: xpack/plugins/vault/templates/vault/vault.html:149
 msgid "Update"
 msgstr "更新"
 
@@ -488,7 +486,6 @@ msgstr "更新"
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:55
 #: xpack/plugins/orgs/templates/orgs/org_detail.html:29
 #: xpack/plugins/orgs/templates/orgs/org_list.html:89
-#: xpack/plugins/vault/templates/vault/vault.html:150
 msgid "Delete"
 msgstr "删除"
 
@@ -547,7 +544,6 @@ msgstr "创建远程应用"
 #: xpack/plugins/cloud/templates/cloud/account_list.html:16
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_list.html:18
 #: xpack/plugins/orgs/templates/orgs/org_list.html:23
-#: xpack/plugins/vault/templates/vault/vault.html:78
 msgid "Action"
 msgstr "动作"
 
@@ -577,7 +573,7 @@ msgstr "连接"
 #: assets/views/label.py:26 assets/views/label.py:43 assets/views/label.py:69
 #: assets/views/system_user.py:28 assets/views/system_user.py:44
 #: assets/views/system_user.py:60 assets/views/system_user.py:74
-#: templates/_nav.html:19 xpack/plugins/change_auth_plan/models.py:68
+#: templates/_nav.html:19 xpack/plugins/change_auth_plan/models.py:65
 msgid "Assets"
 msgstr "资产管理"
 
@@ -623,7 +619,7 @@ msgstr "测试节点下资产是否可连接: {}"
 #: assets/templates/assets/asset_detail.html:203
 #: assets/templates/assets/system_user_asset.html:95
 #: perms/models/asset_permission.py:38
-#: xpack/plugins/change_auth_plan/models.py:72
+#: xpack/plugins/change_auth_plan/models.py:69
 msgid "Nodes"
 msgstr "节点管理"
 
@@ -720,18 +716,17 @@ msgstr "SSH网关，支持代理SSH,RDP和VNC"
 #: perms/templates/perms/asset_permission_user.html:55
 #: perms/templates/perms/remote_app_permission_user.html:54
 #: settings/templates/settings/_ldap_list_users_modal.html:37 users/forms.py:13
-#: users/models/user.py:59 users/templates/users/_select_user_modal.html:14
+#: users/models/user.py:61 users/templates/users/_select_user_modal.html:14
 #: users/templates/users/user_detail.html:67
 #: users/templates/users/user_list.html:36
 #: users/templates/users/user_profile.html:47
 #: xpack/plugins/change_auth_plan/forms.py:99
-#: xpack/plugins/change_auth_plan/models.py:63
-#: xpack/plugins/change_auth_plan/models.py:409
+#: xpack/plugins/change_auth_plan/models.py:60
+#: xpack/plugins/change_auth_plan/models.py:405
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:65
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:53
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:12
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_list.html:13
-#: xpack/plugins/vault/templates/vault/vault.html:74
 msgid "Username"
 msgstr "用户名"
 
@@ -754,13 +749,13 @@ msgstr "密码或密钥密码"
 #: users/templates/users/user_profile_update.html:40
 #: users/templates/users/user_pubkey_update.html:40
 #: users/templates/users/user_update.html:20
-#: xpack/plugins/change_auth_plan/models.py:93
-#: xpack/plugins/change_auth_plan/models.py:264
+#: xpack/plugins/change_auth_plan/models.py:90
+#: xpack/plugins/change_auth_plan/models.py:260
 msgid "Password"
 msgstr "密码"
 
 #: assets/forms/user.py:29 assets/serializers/asset_user.py:27
-#: users/models/user.py:88
+#: users/models/user.py:90
 msgid "Private key"
 msgstr "ssh私钥"
 
@@ -827,7 +822,6 @@ msgstr "端口"
 #: users/templates/users/user_granted_asset.html:45
 #: users/templates/users/user_group_granted_asset.html:45
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:51
-#: xpack/plugins/vault/templates/vault/vault.html:73
 msgid "IP"
 msgstr "IP"
 
@@ -845,7 +839,6 @@ msgstr "IP"
 #: users/templates/users/user_granted_asset.html:44
 #: users/templates/users/user_group_granted_asset.html:44
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_asset_list.html:50
-#: xpack/plugins/vault/templates/vault/vault.html:72
 msgid "Hostname"
 msgstr "主机名"
 
@@ -974,7 +967,6 @@ msgstr "最新版本"
 #: assets/models/authbook.py:29 ops/templates/ops/adhoc_history.html:58
 #: ops/templates/ops/adhoc_history_detail.html:57
 #: ops/templates/ops/task_adhoc.html:58 ops/templates/ops/task_history.html:64
-#: xpack/plugins/vault/templates/vault/vault.html:75
 msgid "Version"
 msgstr "版本"
 
@@ -982,13 +974,13 @@ msgstr "版本"
 msgid "AuthBook"
 msgstr ""
 
-#: assets/models/base.py:29 xpack/plugins/change_auth_plan/models.py:97
-#: xpack/plugins/change_auth_plan/models.py:271
+#: assets/models/base.py:29 xpack/plugins/change_auth_plan/models.py:94
+#: xpack/plugins/change_auth_plan/models.py:267
 msgid "SSH private key"
 msgstr "ssh密钥"
 
-#: assets/models/base.py:30 xpack/plugins/change_auth_plan/models.py:100
-#: xpack/plugins/change_auth_plan/models.py:267
+#: assets/models/base.py:30 xpack/plugins/change_auth_plan/models.py:97
+#: xpack/plugins/change_auth_plan/models.py:263
 msgid "SSH public key"
 msgstr "ssh公钥"
 
@@ -1000,7 +992,7 @@ msgstr "带宽"
 msgid "Contact"
 msgstr "联系人"
 
-#: assets/models/cluster.py:22 users/models/user.py:80
+#: assets/models/cluster.py:22 users/models/user.py:82
 #: users/templates/users/user_detail.html:76
 msgid "Phone"
 msgstr "手机"
@@ -1027,7 +1019,7 @@ msgid "Default"
 msgstr "默认"
 
 #: assets/models/cluster.py:36 assets/models/label.py:14
-#: users/models/user.py:479
+#: users/models/user.py:485
 msgid "System"
 msgstr "系统"
 
@@ -1145,8 +1137,8 @@ msgstr "默认资产组"
 #: terminal/models.py:154 terminal/templates/terminal/command_list.html:32
 #: terminal/templates/terminal/command_list.html:72
 #: terminal/templates/terminal/session_list.html:33
-#: terminal/templates/terminal/session_list.html:71 users/forms.py:300
-#: users/models/user.py:36 users/models/user.py:467 users/serializers/v1.py:61
+#: terminal/templates/terminal/session_list.html:71 users/forms.py:301
+#: users/models/user.py:37 users/models/user.py:473 users/serializers/v1.py:61
 #: users/templates/users/user_group_detail.html:78
 #: users/templates/users/user_group_list.html:36 users/views/user.py:399
 #: xpack/plugins/orgs/forms.py:26
@@ -1216,7 +1208,6 @@ msgid "Hardware info"
 msgstr "硬件信息"
 
 #: assets/serializers/asset.py:53
-#: xpack/plugins/vault/templates/vault/vault.html:76
 msgid "Connectivity"
 msgstr "连接"
 
@@ -1228,8 +1219,8 @@ msgstr "组织名"
 msgid "Protocol duplicate: {}"
 msgstr "协议重复: {}"
 
-#: assets/serializers/asset_user.py:23 users/forms.py:247
-#: users/models/user.py:91 users/templates/users/first_login.html:42
+#: assets/serializers/asset_user.py:23 users/forms.py:248
+#: users/models/user.py:93 users/templates/users/first_login.html:42
 #: users/templates/users/user_password_update.html:46
 #: users/templates/users/user_profile.html:68
 #: users/templates/users/user_profile_update.html:43
@@ -1306,7 +1297,6 @@ msgid "Test system user connectivity period: {}"
 msgstr "定期测试系统用户可连接性: {}"
 
 #: assets/tasks.py:469 assets/tasks.py:555
-#: xpack/plugins/change_auth_plan/models.py:522
 msgid "The asset {} system platform {} does not support run Ansible tasks"
 msgstr "资产 {} 系统平台 {} 不支持运行 Ansible 任务"
 
@@ -1397,7 +1387,7 @@ msgstr "资产用户信息"
 
 #: assets/templates/assets/_asset_user_view_auth_modal.html:14
 #: audits/models.py:99 audits/templates/audits/login_log_list.html:56
-#: users/forms.py:159 users/models/user.py:83
+#: users/forms.py:160 users/models/user.py:85
 #: users/templates/users/first_login.html:45
 msgid "MFA"
 msgstr "MFA"
@@ -1601,7 +1591,6 @@ msgstr "Windows或其它硬件可以随意设置一个"
 #: audits/templates/audits/login_log_list.html:85
 #: users/templates/users/user_group_list.html:10
 #: users/templates/users/user_list.html:10
-#: xpack/plugins/vault/templates/vault/vault.html:55
 msgid "Export"
 msgstr "导出"
 
@@ -1612,7 +1601,6 @@ msgstr "导出"
 #: users/templates/users/user_group_list.html:15
 #: users/templates/users/user_list.html:15
 #: xpack/plugins/license/templates/license/license_detail.html:110
-#: xpack/plugins/vault/templates/vault/vault.html:60
 msgid "Import"
 msgstr "导入"
 
@@ -2250,7 +2238,7 @@ msgid "User agent"
 msgstr "Agent"
 
 #: audits/models.py:100 audits/templates/audits/login_log_list.html:57
-#: xpack/plugins/change_auth_plan/models.py:417
+#: xpack/plugins/change_auth_plan/models.py:413
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:15
 #: xpack/plugins/cloud/models.py:172
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_history.html:69
@@ -2276,8 +2264,8 @@ msgstr "登录日期"
 #: perms/templates/perms/asset_permission_detail.html:86
 #: perms/templates/perms/remote_app_permission_detail.html:78
 #: terminal/models.py:165 terminal/templates/terminal/session_list.html:78
-#: xpack/plugins/change_auth_plan/models.py:250
-#: xpack/plugins/change_auth_plan/models.py:420
+#: xpack/plugins/change_auth_plan/models.py:246
+#: xpack/plugins/change_auth_plan/models.py:416
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:59
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:17
 msgid "Date start"
@@ -2332,32 +2320,32 @@ msgstr "日期"
 #: ops/templates/ops/task_adhoc.html:63
 #: terminal/templates/terminal/command_list.html:76
 #: terminal/templates/terminal/session_detail.html:50
-#: xpack/plugins/vault/templates/vault/vault.html:77
 msgid "Datetime"
 msgstr "日期"
 
-#: audits/views.py:85 audits/views.py:129 audits/views.py:165
-#: audits/views.py:209 audits/views.py:241 templates/_nav.html:87
+#: audits/views.py:86 audits/views.py:130 audits/views.py:167
+#: audits/views.py:212 audits/views.py:244 templates/_nav.html:87
+#: templates/_nav_audits.html:22
 msgid "Audits"
 msgstr "日志审计"
 
-#: audits/views.py:86 templates/_nav.html:91
+#: audits/views.py:87 templates/_nav.html:91 templates/_nav_audits.html:26
 msgid "FTP log"
 msgstr "FTP日志"
 
-#: audits/views.py:130 templates/_nav.html:92
+#: audits/views.py:131 templates/_nav.html:92 templates/_nav_audits.html:27
 msgid "Operate log"
 msgstr "操作日志"
 
-#: audits/views.py:166 templates/_nav.html:93
+#: audits/views.py:168 templates/_nav.html:93 templates/_nav_audits.html:28
 msgid "Password change log"
 msgstr "改密日志"
 
-#: audits/views.py:210 templates/_nav.html:90
+#: audits/views.py:213 templates/_nav.html:90 templates/_nav_audits.html:25
 msgid "Login log"
 msgstr "登录日志"
 
-#: audits/views.py:242
+#: audits/views.py:245
 msgid "Command execution log"
 msgstr "命令执行"
 
@@ -2753,8 +2741,8 @@ msgstr "完成时间"
 
 #: ops/models/adhoc.py:327 ops/templates/ops/adhoc_history.html:57
 #: ops/templates/ops/task_history.html:63 ops/templates/ops/task_list.html:33
-#: xpack/plugins/change_auth_plan/models.py:253
-#: xpack/plugins/change_auth_plan/models.py:423
+#: xpack/plugins/change_auth_plan/models.py:249
+#: xpack/plugins/change_auth_plan/models.py:419
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:58
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_subtask_list.html:16
 msgid "Time"
@@ -2991,7 +2979,7 @@ msgstr "更新任务内容: {}"
 
 #: ops/views/adhoc.py:44 ops/views/adhoc.py:69 ops/views/adhoc.py:82
 #: ops/views/adhoc.py:95 ops/views/adhoc.py:108 ops/views/adhoc.py:121
-#: ops/views/adhoc.py:134 ops/views/command.py:44 ops/views/command.py:68
+#: ops/views/adhoc.py:134 ops/views/command.py:47 ops/views/command.py:71
 msgid "Ops"
 msgstr "作业中心"
 
@@ -3003,11 +2991,11 @@ msgstr "任务列表"
 msgid "Task run history"
 msgstr "执行历史"
 
-#: ops/views/command.py:45
+#: ops/views/command.py:48
 msgid "Command execution list"
 msgstr "命令执行列表"
 
-#: ops/views/command.py:69 templates/_nav_user.html:22
+#: ops/views/command.py:72 templates/_nav_user.html:22
 msgid "Command execution"
 msgstr "命令执行"
 
@@ -3033,8 +3021,8 @@ msgstr "下载文件"
 #: perms/templates/perms/asset_permission_list.html:75
 #: perms/templates/perms/asset_permission_list.html:122
 #: perms/templates/perms/remote_app_permission_list.html:16
-#: templates/_nav.html:14 users/forms.py:270 users/models/group.py:26
-#: users/models/user.py:67 users/templates/users/_select_user_modal.html:16
+#: templates/_nav.html:14 users/forms.py:271 users/models/group.py:26
+#: users/models/user.py:69 users/templates/users/_select_user_modal.html:16
 #: users/templates/users/user_detail.html:213
 #: users/templates/users/user_list.html:38
 #: xpack/plugins/orgs/templates/orgs/org_list.html:15
@@ -3063,7 +3051,7 @@ msgstr "资产授权"
 #: perms/models/asset_permission.py:61 perms/models/base.py:40
 #: perms/templates/perms/asset_permission_detail.html:90
 #: perms/templates/perms/remote_app_permission_detail.html:82
-#: users/models/user.py:99 users/templates/users/user_detail.html:107
+#: users/models/user.py:101 users/templates/users/user_detail.html:107
 #: users/templates/users/user_profile.html:116
 msgid "Date expired"
 msgstr "失效日期"
@@ -3155,7 +3143,6 @@ msgstr "选择系统用户"
 
 #: perms/templates/perms/asset_permission_list.html:46
 #: perms/templates/perms/remote_app_permission_list.html:6
-#: xpack/plugins/vault/templates/vault/vault.html:46
 msgid "Create permission"
 msgstr "创建授权规则"
 
@@ -3600,7 +3587,7 @@ msgid "Please submit the LDAP configuration before import"
 msgstr "请先提交LDAP配置再进行导入"
 
 #: settings/templates/settings/_ldap_list_users_modal.html:39
-#: users/models/user.py:63 users/templates/users/user_detail.html:71
+#: users/models/user.py:65 users/templates/users/user_detail.html:71
 #: users/templates/users/user_profile.html:59
 msgid "Email"
 msgstr "邮件"
@@ -3833,7 +3820,7 @@ msgstr "文档"
 msgid "Commercial support"
 msgstr "商业支持"
 
-#: templates/_header_bar.html:89 templates/_nav_user.html:28 users/forms.py:138
+#: templates/_header_bar.html:89 templates/_nav_user.html:28 users/forms.py:139
 #: users/templates/users/_user.html:43
 #: users/templates/users/first_login.html:39
 #: users/templates/users/user_password_update.html:40
@@ -3857,6 +3844,7 @@ msgid "Logout"
 msgstr "注销登录"
 
 #: templates/_header_bar.html:114 templates/_nav.html:4
+#: templates/_nav_audits.html:4
 msgid "Dashboard"
 msgstr "仪表盘"
 
@@ -3952,19 +3940,19 @@ msgstr "命令过滤"
 msgid "Applications"
 msgstr "应用管理"
 
-#: templates/_nav.html:55
+#: templates/_nav.html:55 templates/_nav_audits.html:11
 msgid "Sessions"
 msgstr "会话管理"
 
-#: templates/_nav.html:58
+#: templates/_nav.html:58 templates/_nav_audits.html:14
 msgid "Session online"
 msgstr "在线会话"
 
-#: templates/_nav.html:59
+#: templates/_nav.html:59 templates/_nav_audits.html:15
 msgid "Session offline"
 msgstr "历史会话"
 
-#: templates/_nav.html:60
+#: templates/_nav.html:60 templates/_nav_audits.html:16
 msgid "Commands"
 msgstr "命令记录"
 
@@ -3976,9 +3964,9 @@ msgstr "Web终端"
 msgid "File manager"
 msgstr "文件管理"
 
-#: templates/_nav.html:72 terminal/views/command.py:50
+#: templates/_nav.html:72 terminal/views/command.py:51
 #: terminal/views/session.py:74 terminal/views/session.py:92
-#: terminal/views/session.py:115 terminal/views/terminal.py:31
+#: terminal/views/session.py:116 terminal/views/terminal.py:31
 #: terminal/views/terminal.py:46 terminal/views/terminal.py:58
 msgid "Terminal"
 msgstr "终端管理"
@@ -3987,7 +3975,7 @@ msgstr "终端管理"
 msgid "Job Center"
 msgstr "作业中心"
 
-#: templates/_nav.html:82 templates/_nav.html:94
+#: templates/_nav.html:82 templates/_nav.html:94 templates/_nav_audits.html:29
 msgid "Batch command"
 msgstr "批量命令"
 
@@ -4266,12 +4254,12 @@ msgid "Export command"
 msgstr "导出命令"
 
 #: terminal/templates/terminal/session_detail.html:17
-#: terminal/views/session.py:116
+#: terminal/views/session.py:117
 msgid "Session detail"
 msgstr "会话详情"
 
 #: terminal/templates/terminal/session_detail.html:28
-#: terminal/views/command.py:51
+#: terminal/views/command.py:52
 msgid "Command list"
 msgstr "命令记录列表"
 
@@ -4394,7 +4382,7 @@ msgstr "你没有权限"
 msgid "Could not reset self otp, use profile reset instead"
 msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
-#: users/forms.py:32 users/models/user.py:71
+#: users/forms.py:32 users/models/user.py:73
 #: users/templates/users/_select_user_modal.html:15
 #: users/templates/users/user_detail.html:87
 #: users/templates/users/user_list.html:37
@@ -4402,11 +4390,11 @@ msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 msgid "Role"
 msgstr "角色"
 
-#: users/forms.py:35 users/forms.py:217
+#: users/forms.py:35 users/forms.py:218
 msgid "ssh public key"
 msgstr "ssh公钥"
 
-#: users/forms.py:36 users/forms.py:218
+#: users/forms.py:36 users/forms.py:219
 msgid "ssh-rsa AAAA..."
 msgstr ""
 
@@ -4418,23 +4406,23 @@ msgstr "复制用户公钥到这里"
 msgid "Join user groups"
 msgstr "添加到用户组"
 
-#: users/forms.py:85 users/forms.py:232
+#: users/forms.py:86 users/forms.py:233
 msgid "Public key should not be the same as your old one."
 msgstr "不能和原来的密钥相同"
 
-#: users/forms.py:89 users/forms.py:236 users/serializers/v1.py:47
+#: users/forms.py:90 users/forms.py:237 users/serializers/v1.py:47
 msgid "Not a valid ssh public key"
 msgstr "ssh密钥不合法"
 
-#: users/forms.py:109
+#: users/forms.py:110
 msgid "Reset link will be generated and sent to the user"
 msgstr "生成重置密码链接，通过邮件发送给用户"
 
-#: users/forms.py:110
+#: users/forms.py:111
 msgid "Set password"
 msgstr "设置密码"
 
-#: users/forms.py:117 xpack/plugins/change_auth_plan/models.py:86
+#: users/forms.py:118 xpack/plugins/change_auth_plan/models.py:83
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:51
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:69
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:57
@@ -4442,7 +4430,7 @@ msgstr "设置密码"
 msgid "Password strategy"
 msgstr "密码策略"
 
-#: users/forms.py:144
+#: users/forms.py:145
 msgid ""
 "Tip: when enabled, you will enter the MFA binding process the next time you "
 "log in. you can also directly bind in \"personal information -> quick "
@@ -4451,11 +4439,11 @@ msgstr ""
 "提示：启用之后您将会在下次登录时进入MFA绑定流程；您也可以在（个人信息->快速修"
 "改->更改MFA设置）中直接绑定!"
 
-#: users/forms.py:154
+#: users/forms.py:155
 msgid "* Enable MFA authentication to make the account more secure."
 msgstr "* 启用MFA认证，使账号更加安全."
 
-#: users/forms.py:164
+#: users/forms.py:165
 msgid ""
 "In order to protect you and your company, please keep your account, password "
 "and key sensitive information properly. (for example: setting complex "
@@ -4464,92 +4452,96 @@ msgstr ""
 "为了保护您和公司的安全，请妥善保管您的账户、密码和密钥等重要敏感信息；（如："
 "设置复杂密码，启用MFA认证）"
 
-#: users/forms.py:171 users/templates/users/first_login.html:48
+#: users/forms.py:172 users/templates/users/first_login.html:48
 #: users/templates/users/first_login.html:107
 #: users/templates/users/first_login.html:130
 msgid "Finish"
 msgstr "完成"
 
-#: users/forms.py:177
+#: users/forms.py:178
 msgid "Old password"
 msgstr "原来密码"
 
-#: users/forms.py:182
+#: users/forms.py:183
 msgid "New password"
 msgstr "新密码"
 
-#: users/forms.py:187
+#: users/forms.py:188
 msgid "Confirm password"
 msgstr "确认密码"
 
-#: users/forms.py:197
+#: users/forms.py:198
 msgid "Old password error"
 msgstr "原来密码错误"
 
-#: users/forms.py:205
+#: users/forms.py:206
 msgid "Password does not match"
 msgstr "密码不一致"
 
-#: users/forms.py:215
+#: users/forms.py:216
 msgid "Automatically configure and download the SSH key"
 msgstr "自动配置并下载SSH密钥"
 
-#: users/forms.py:219
+#: users/forms.py:220
 msgid "Paste your id_rsa.pub here."
 msgstr "复制你的公钥到这里"
 
-#: users/forms.py:253 users/forms.py:258 users/forms.py:304
+#: users/forms.py:254 users/forms.py:259 users/forms.py:305
 #: xpack/plugins/orgs/forms.py:30
 msgid "Select users"
 msgstr "选择用户"
 
-#: users/models/user.py:35 users/models/user.py:475
+#: users/models/user.py:36 users/models/user.py:481
 msgid "Administrator"
 msgstr "管理员"
 
-#: users/models/user.py:37
+#: users/models/user.py:38
 msgid "Application"
 msgstr "应用程序"
 
-#: users/models/user.py:40 users/templates/users/user_profile.html:92
+#: users/models/user.py:39
+msgid "Auditor"
+msgstr "审计员"
+
+#: users/models/user.py:42 users/templates/users/user_profile.html:92
 #: users/templates/users/user_profile.html:159
 #: users/templates/users/user_profile.html:162
 msgid "Disable"
 msgstr "禁用"
 
-#: users/models/user.py:41 users/templates/users/user_profile.html:90
+#: users/models/user.py:43 users/templates/users/user_profile.html:90
 #: users/templates/users/user_profile.html:166
 msgid "Enable"
 msgstr "启用"
 
-#: users/models/user.py:42 users/templates/users/user_profile.html:88
+#: users/models/user.py:44 users/templates/users/user_profile.html:88
 msgid "Force enable"
 msgstr "强制启用"
 
-#: users/models/user.py:74
+#: users/models/user.py:76
 msgid "Avatar"
 msgstr "头像"
 
-#: users/models/user.py:77 users/templates/users/user_detail.html:82
+#: users/models/user.py:79 users/templates/users/user_detail.html:82
 msgid "Wechat"
 msgstr "微信"
 
-#: users/models/user.py:106 users/templates/users/user_detail.html:103
+#: users/models/user.py:108 users/templates/users/user_detail.html:103
 #: users/templates/users/user_list.html:39
 #: users/templates/users/user_profile.html:100
 msgid "Source"
 msgstr "用户来源"
 
-#: users/models/user.py:110
+#: users/models/user.py:112
 msgid "Date password last updated"
 msgstr "最后更新密码日期"
 
-#: users/models/user.py:136 users/templates/users/user_update.html:22
+#: users/models/user.py:138 users/templates/users/user_update.html:22
 #: users/views/login.py:47 users/views/login.py:108 users/views/user.py:431
 msgid "User auth from {}, go there change password"
 msgstr "用户认证源来自 {}, 请去相应系统修改密码"
 
-#: users/models/user.py:478
+#: users/models/user.py:484
 msgid "Administrator is the super user of system"
 msgstr "Administrator是初始的超级管理员"
 
@@ -5338,17 +5330,23 @@ msgstr "定时执行"
 
 #: xpack/plugins/change_auth_plan/forms.py:120
 msgid ""
+"Tips: Currently only unix-like assets are supported, while Windows assets "
+"are not"
+msgstr ""
+
+#: xpack/plugins/change_auth_plan/forms.py:122
+msgid ""
 "Tips: The username of the user on the asset to be modified. if the user "
 "exists, change the password; If the user does not exist, create the user."
 msgstr ""
 "提示：用户名为将要修改的资产上的用户的用户名。如果用户存在，则修改密码；如果"
 "用户不存在，则创建用户。"
 
-#: xpack/plugins/change_auth_plan/forms.py:124
+#: xpack/plugins/change_auth_plan/forms.py:126
 msgid "Tips: (Units: hour)"
 msgstr "提示：（单位： 时）"
 
-#: xpack/plugins/change_auth_plan/forms.py:125
+#: xpack/plugins/change_auth_plan/forms.py:127
 msgid ""
 "eg: Every Sunday 03:05 run <5 3 * * 0> <br> Tips: Using 5 digits linux "
 "crontab expressions <min hour day month week> (<a href='https://tool.lu/"
@@ -5360,8 +5358,8 @@ msgstr ""
 "具</a>） <br>注意： 如果同时设置了定期执行和周期执行，优先使用定期执行"
 
 #: xpack/plugins/change_auth_plan/meta.py:9
-#: xpack/plugins/change_auth_plan/models.py:114
-#: xpack/plugins/change_auth_plan/models.py:257
+#: xpack/plugins/change_auth_plan/models.py:111
+#: xpack/plugins/change_auth_plan/models.py:253
 #: xpack/plugins/change_auth_plan/views.py:31
 #: xpack/plugins/change_auth_plan/views.py:47
 #: xpack/plugins/change_auth_plan/views.py:68
@@ -5372,61 +5370,61 @@ msgstr ""
 msgid "Change auth plan"
 msgstr "改密计划"
 
-#: xpack/plugins/change_auth_plan/models.py:55
+#: xpack/plugins/change_auth_plan/models.py:52
 msgid "Custom password"
 msgstr "自定义密码"
 
-#: xpack/plugins/change_auth_plan/models.py:56
+#: xpack/plugins/change_auth_plan/models.py:53
 msgid "All assets use the same random password"
 msgstr "所有资产使用相同的随机密码"
 
-#: xpack/plugins/change_auth_plan/models.py:57
+#: xpack/plugins/change_auth_plan/models.py:54
 msgid "All assets use different random password"
 msgstr "所有资产使用不同的随机密码"
 
-#: xpack/plugins/change_auth_plan/models.py:76
-#: xpack/plugins/change_auth_plan/models.py:145
+#: xpack/plugins/change_auth_plan/models.py:73
+#: xpack/plugins/change_auth_plan/models.py:142
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:100
 msgid "Cycle perform"
 msgstr "周期执行"
 
-#: xpack/plugins/change_auth_plan/models.py:81
-#: xpack/plugins/change_auth_plan/models.py:143
+#: xpack/plugins/change_auth_plan/models.py:78
+#: xpack/plugins/change_auth_plan/models.py:140
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:92
 msgid "Regularly perform"
 msgstr "定期执行"
 
-#: xpack/plugins/change_auth_plan/models.py:90
+#: xpack/plugins/change_auth_plan/models.py:87
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:74
 msgid "Password rules"
 msgstr "密码规则"
 
-#: xpack/plugins/change_auth_plan/models.py:213
-msgid "For security, do not change {} user's password"
+#: xpack/plugins/change_auth_plan/models.py:210
+msgid "For security, do not change root user's password"
 msgstr "为了安全，禁止更改 {} 用户的密码"
 
-#: xpack/plugins/change_auth_plan/models.py:217
+#: xpack/plugins/change_auth_plan/models.py:213
 msgid "Assets is empty, please add the asset"
 msgstr "资产为空，请添加资产"
 
-#: xpack/plugins/change_auth_plan/models.py:261
+#: xpack/plugins/change_auth_plan/models.py:257
 msgid "Change auth plan snapshot"
 msgstr "改密计划快照"
 
-#: xpack/plugins/change_auth_plan/models.py:276
-#: xpack/plugins/change_auth_plan/models.py:427
+#: xpack/plugins/change_auth_plan/models.py:272
+#: xpack/plugins/change_auth_plan/models.py:423
 msgid "Change auth plan execution"
 msgstr "改密计划执行"
 
-#: xpack/plugins/change_auth_plan/models.py:436
+#: xpack/plugins/change_auth_plan/models.py:432
 msgid "Change auth plan execution subtask"
 msgstr "改密计划执行子任务"
 
-#: xpack/plugins/change_auth_plan/models.py:454
+#: xpack/plugins/change_auth_plan/models.py:450
 msgid "Authentication failed"
 msgstr "认证失败"
 
-#: xpack/plugins/change_auth_plan/models.py:456
+#: xpack/plugins/change_auth_plan/models.py:452
 msgid "Connection timeout"
 msgstr "连接超时"
 
@@ -5941,13 +5939,11 @@ msgstr "创建组织"
 msgid "Update org"
 msgstr "更新组织"
 
-#: xpack/plugins/vault/meta.py:11 xpack/plugins/vault/views.py:16
-msgid "Vault"
-msgstr "密码匣子"
+#~ msgid "Vault"
+#~ msgstr "密码匣子"
 
-#: xpack/plugins/vault/views.py:17
-msgid "vault list"
-msgstr "密码匣子"
+#~ msgid "vault list"
+#~ msgstr "密码匣子"
 
 #~ msgid "User does not exist"
 #~ msgstr "用户不存在"
diff --git a/apps/ops/views/adhoc.py b/apps/ops/views/adhoc.py
index 70b9b3f45..06a9f1932 100644
--- a/apps/ops/views/adhoc.py
+++ b/apps/ops/views/adhoc.py
@@ -5,7 +5,7 @@ from django.conf import settings
 from django.views.generic import ListView, DetailView
 
 from common.mixins import DatetimeSearchMixin
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from orgs.utils import current_org
 from ..models import Task, AdHoc, AdHocRunHistory
 
@@ -17,13 +17,14 @@ __all__ = [
 ]
 
 
-class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class TaskListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     paginate_by = settings.DISPLAY_PER_PAGE
     model = Task
     ordering = ('-date_created',)
     context_object_name = 'task_list'
     template_name = 'ops/task_list.html'
     keyword = ''
+    permission_classes = [IsOrgAdmin]
 
     def get_queryset(self):
         queryset = super().get_queryset()
@@ -51,9 +52,10 @@ class TaskListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class TaskDetailView(AdminUserRequiredMixin, DetailView):
+class TaskDetailView(PermissionsMixin, DetailView):
     model = Task
     template_name = 'ops/task_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_queryset(self):
         queryset = super().get_queryset()
@@ -73,9 +75,10 @@ class TaskDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class TaskAdhocView(AdminUserRequiredMixin, DetailView):
+class TaskAdhocView(PermissionsMixin, DetailView):
     model = Task
     template_name = 'ops/task_adhoc.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -86,9 +89,10 @@ class TaskAdhocView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class TaskHistoryView(AdminUserRequiredMixin, DetailView):
+class TaskHistoryView(PermissionsMixin, DetailView):
     model = Task
     template_name = 'ops/task_history.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -99,9 +103,10 @@ class TaskHistoryView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocDetailView(AdminUserRequiredMixin, DetailView):
+class AdHocDetailView(PermissionsMixin, DetailView):
     model = AdHoc
     template_name = 'ops/adhoc_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -112,9 +117,10 @@ class AdHocDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
+class AdHocHistoryView(PermissionsMixin, DetailView):
     model = AdHoc
     template_name = 'ops/adhoc_history.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -125,9 +131,10 @@ class AdHocHistoryView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AdHocHistoryDetailView(AdminUserRequiredMixin, DetailView):
+class AdHocHistoryDetailView(PermissionsMixin, DetailView):
     model = AdHocRunHistory
     template_name = 'ops/adhoc_history_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
diff --git a/apps/ops/views/celery.py b/apps/ops/views/celery.py
index e549f62c0..f2f0124bd 100644
--- a/apps/ops/views/celery.py
+++ b/apps/ops/views/celery.py
@@ -2,14 +2,15 @@
 #
 from django.views.generic import TemplateView
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
 
 
 __all__ = ['CeleryTaskLogView']
 
 
-class CeleryTaskLogView(AdminUserRequiredMixin, TemplateView):
+class CeleryTaskLogView(PermissionsMixin, TemplateView):
     template_name = 'ops/celery_task_log.html'
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
diff --git a/apps/ops/views/command.py b/apps/ops/views/command.py
index 3846aa766..cf13266d9 100644
--- a/apps/ops/views/command.py
+++ b/apps/ops/views/command.py
@@ -5,7 +5,9 @@ from django.utils.translation import ugettext as _
 from django.conf import settings
 from django.views.generic import ListView, TemplateView
 
-from common.permissions import AdminUserRequiredMixin, LoginRequiredMixin
+from common.permissions import (
+    LoginRequiredMixin, PermissionsMixin, IsOrgAdmin, IsAuditor
+)
 from common.mixins import DatetimeSearchMixin
 from ..models import CommandExecution
 from ..forms import CommandExecutionForm
@@ -16,13 +18,14 @@ __all__ = [
 ]
 
 
-class CommandExecutionListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class CommandExecutionListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     template_name = 'ops/command_execution_list.html'
     model = CommandExecution
     paginate_by = settings.DISPLAY_PER_PAGE
     ordering = ('-date_created',)
     context_object_name = 'task_list'
     keyword = ''
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def _get_queryset(self):
         self.keyword = self.request.GET.get('keyword', '')
diff --git a/apps/orgs/models.py b/apps/orgs/models.py
index d7373339b..e00270f72 100644
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -96,7 +96,7 @@ class Organization(models.Model):
         admin_orgs = []
         if user.is_anonymous:
             return admin_orgs
-        elif user.is_superuser:
+        elif user.is_superuser or user.is_auditor:
             admin_orgs = list(cls.objects.all())
             admin_orgs.append(cls.default())
         elif user.is_org_admin:
diff --git a/apps/perms/hands.py b/apps/perms/hands.py
index 5f3aafd84..1195abf35 100644
--- a/apps/perms/hands.py
+++ b/apps/perms/hands.py
@@ -1,7 +1,6 @@
 # ~*~ coding: utf-8 ~*~
 #
 
-from common.permissions import AdminUserRequiredMixin
 from users.models import User, UserGroup
 from assets.models import Asset, SystemUser, Node
 from assets.serializers import (
diff --git a/apps/perms/views/asset_permission.py b/apps/perms/views/asset_permission.py
index e85acaf39..26ecfc9f2 100644
--- a/apps/perms/views/asset_permission.py
+++ b/apps/perms/views/asset_permission.py
@@ -8,7 +8,7 @@ from django.views.generic.edit import DeleteView, SingleObjectMixin
 from django.urls import reverse_lazy
 from django.conf import settings
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from orgs.utils import current_org
 from perms.hands import Node, Asset, SystemUser, User, UserGroup
 from perms.models import AssetPermission, Action
@@ -25,8 +25,9 @@ __all__ = [
 ]
 
 
-class AssetPermissionListView(AdminUserRequiredMixin, TemplateView):
+class AssetPermissionListView(PermissionsMixin, TemplateView):
     template_name = 'perms/asset_permission_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -37,11 +38,12 @@ class AssetPermissionListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class AssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
+class AssetPermissionCreateView(PermissionsMixin, CreateView):
     model = AssetPermission
     form_class = AssetPermissionForm
     template_name = 'perms/asset_permission_create_update.html'
     success_url = reverse_lazy('perms:asset-permission-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class=form_class)
@@ -69,11 +71,12 @@ class AssetPermissionCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
+class AssetPermissionUpdateView(PermissionsMixin, UpdateView):
     model = AssetPermission
     form_class = AssetPermissionForm
     template_name = 'perms/asset_permission_create_update.html'
     success_url = reverse_lazy("perms:asset-permission-list")
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -84,11 +87,12 @@ class AssetPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
         return super().get_context_data(**kwargs)
 
 
-class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
+class AssetPermissionDetailView(PermissionsMixin, DetailView):
     model = AssetPermission
     form_class = AssetPermissionForm
     template_name = 'perms/asset_permission_detail.html'
     success_url = reverse_lazy("perms:asset-permission-list")
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -102,19 +106,21 @@ class AssetPermissionDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class AssetPermissionDeleteView(AdminUserRequiredMixin, DeleteView):
+class AssetPermissionDeleteView(PermissionsMixin, DeleteView):
     model = AssetPermission
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('perms:asset-permission-list')
+    permission_classes = [IsOrgAdmin]
 
 
-class AssetPermissionUserView(AdminUserRequiredMixin,
+class AssetPermissionUserView(PermissionsMixin,
                               SingleObjectMixin,
                               ListView):
     template_name = 'perms/asset_permission_user.html'
     context_object_name = 'asset_permission'
     paginate_by = settings.DISPLAY_PER_PAGE
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=AssetPermission.objects.all())
@@ -140,13 +146,14 @@ class AssetPermissionUserView(AdminUserRequiredMixin,
         return super().get_context_data(**kwargs)
 
 
-class AssetPermissionAssetView(AdminUserRequiredMixin,
+class AssetPermissionAssetView(PermissionsMixin,
                                SingleObjectMixin,
                                ListView):
     template_name = 'perms/asset_permission_asset.html'
     context_object_name = 'asset_permission'
     paginate_by = settings.DISPLAY_PER_PAGE
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset = AssetPermission.objects.all())
diff --git a/apps/perms/views/remote_app_permission.py b/apps/perms/views/remote_app_permission.py
index 2ab95091f..3e8a6bff4 100644
--- a/apps/perms/views/remote_app_permission.py
+++ b/apps/perms/views/remote_app_permission.py
@@ -9,7 +9,7 @@ from django.views.generic import (
 from django.views.generic.edit import SingleObjectMixin
 from django.conf import settings
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from orgs.utils import current_org
 
 from ..hands import RemoteApp, UserGroup
@@ -24,8 +24,9 @@ __all__ = [
 ]
 
 
-class RemoteAppPermissionListView(AdminUserRequiredMixin, TemplateView):
+class RemoteAppPermissionListView(PermissionsMixin, TemplateView):
     template_name = 'perms/remote_app_permission_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -36,11 +37,12 @@ class RemoteAppPermissionListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppPermissionCreateView(AdminUserRequiredMixin, CreateView):
+class RemoteAppPermissionCreateView(PermissionsMixin, CreateView):
     template_name = 'perms/remote_app_permission_create_update.html'
     model = RemoteAppPermission
     form_class = RemoteAppPermissionCreateUpdateForm
     success_url = reverse_lazy('perms:remote-app-permission-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -51,11 +53,12 @@ class RemoteAppPermissionCreateView(AdminUserRequiredMixin, CreateView):
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
+class RemoteAppPermissionUpdateView(PermissionsMixin, UpdateView):
     template_name = 'perms/remote_app_permission_create_update.html'
     model = RemoteAppPermission
     form_class = RemoteAppPermissionCreateUpdateForm
     success_url = reverse_lazy('perms:remote-app-permission-list')
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -66,9 +69,10 @@ class RemoteAppPermissionUpdateView(AdminUserRequiredMixin, UpdateView):
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppPermissionDetailView(AdminUserRequiredMixin, DetailView):
+class RemoteAppPermissionDetailView(PermissionsMixin, DetailView):
     template_name = 'perms/remote_app_permission_detail.html'
     model = RemoteAppPermission
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -79,13 +83,14 @@ class RemoteAppPermissionDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppPermissionUserView(AdminUserRequiredMixin,
+class RemoteAppPermissionUserView(PermissionsMixin,
                                   SingleObjectMixin,
                                   ListView):
     template_name = 'perms/remote_app_permission_user.html'
     context_object_name = 'remote_app_permission'
     paginate_by = settings.DISPLAY_PER_PAGE
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(
@@ -111,13 +116,14 @@ class RemoteAppPermissionUserView(AdminUserRequiredMixin,
         return super().get_context_data(**kwargs)
 
 
-class RemoteAppPermissionRemoteAppView(AdminUserRequiredMixin,
+class RemoteAppPermissionRemoteAppView(PermissionsMixin,
                                        SingleObjectMixin,
                                        ListView):
     template_name = 'perms/remote_app_permission_remote_app.html'
     context_object_name = 'remote_app_permission'
     paginate_by = settings.DISPLAY_PER_PAGE
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(
diff --git a/apps/settings/views.py b/apps/settings/views.py
index f6d70e192..a9df717d7 100644
--- a/apps/settings/views.py
+++ b/apps/settings/views.py
@@ -3,15 +3,16 @@ from django.shortcuts import render, redirect
 from django.contrib import messages
 from django.utils.translation import ugettext as _
 
-from common.permissions import SuperUserRequiredMixin
+from common.permissions import PermissionsMixin, IsSuperUser
 from common import utils
 from .forms import EmailSettingForm, LDAPSettingForm, BasicSettingForm, \
     TerminalSettingForm, SecuritySettingForm, EmailContentSettingForm
 
 
-class BasicSettingView(SuperUserRequiredMixin, TemplateView):
+class BasicSettingView(PermissionsMixin, TemplateView):
     form_class = BasicSettingForm
     template_name = "settings/basic_setting.html"
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -35,9 +36,10 @@ class BasicSettingView(SuperUserRequiredMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class EmailSettingView(SuperUserRequiredMixin, TemplateView):
+class EmailSettingView(PermissionsMixin, TemplateView):
     form_class = EmailSettingForm
     template_name = "settings/email_setting.html"
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -61,9 +63,10 @@ class EmailSettingView(SuperUserRequiredMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class LDAPSettingView(SuperUserRequiredMixin, TemplateView):
+class LDAPSettingView(PermissionsMixin, TemplateView):
     form_class = LDAPSettingForm
     template_name = "settings/ldap_setting.html"
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -87,9 +90,10 @@ class LDAPSettingView(SuperUserRequiredMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
+class TerminalSettingView(PermissionsMixin, TemplateView):
     form_class = TerminalSettingForm
     template_name = "settings/terminal_setting.html"
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         command_storage = utils.get_command_storage_setting()
@@ -118,8 +122,9 @@ class TerminalSettingView(SuperUserRequiredMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
+class ReplayStorageCreateView(PermissionsMixin, TemplateView):
     template_name = 'settings/replay_storage_create.html'
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -130,8 +135,9 @@ class ReplayStorageCreateView(SuperUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
+class CommandStorageCreateView(PermissionsMixin, TemplateView):
     template_name = 'settings/command_storage_create.html'
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -142,9 +148,10 @@ class CommandStorageCreateView(SuperUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
+class SecuritySettingView(PermissionsMixin, TemplateView):
     form_class = SecuritySettingForm
     template_name = "settings/security_setting.html"
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -168,9 +175,10 @@ class SecuritySettingView(SuperUserRequiredMixin, TemplateView):
             return render(request, self.template_name, context)
 
 
-class EmailContentSettingView(SuperUserRequiredMixin, TemplateView):
+class EmailContentSettingView(PermissionsMixin, TemplateView):
     template_name = "settings/email_content_setting.html"
     form_class = EmailContentSettingForm
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = {
diff --git a/apps/templates/_left_side_bar.html b/apps/templates/_left_side_bar.html
index 2704069af..3c38d6d12 100644
--- a/apps/templates/_left_side_bar.html
+++ b/apps/templates/_left_side_bar.html
@@ -4,6 +4,8 @@
             {% include '_user_profile.html' %}
             {% if request.user.is_org_admin and request.COOKIES.IN_ADMIN_PAGE != "No" %}
                 {% include '_nav.html' %}
+            {% elif request.user.is_auditor %}
+                {% include '_nav_audits.html' %}
             {% else %}
                 {% include '_nav_user.html' %}
             {% endif %}
diff --git a/apps/templates/_nav_audits.html b/apps/templates/_nav_audits.html
new file mode 100644
index 000000000..853bb24b8
--- /dev/null
+++ b/apps/templates/_nav_audits.html
@@ -0,0 +1,31 @@
+{% load i18n %}
+<li id="index">
+    <a href="{% url 'index' %}">
+        <i class="fa fa-dashboard" style="width: 14px"></i> <span class="nav-label">{% trans 'Dashboard' %}</span>
+        <span class="label label-info pull-right"></span>
+    </a>
+</li>
+
+<li id="terminal">
+    <a>
+        <i class="fa fa-rocket" style="width: 14px"></i> <span class="nav-label">{% trans 'Sessions' %}</span><span class="fa arrow"></span>
+    </a>
+    <ul class="nav nav-second-level">
+        <li id="session-online"><a href="{% url 'terminal:session-online-list' %}">{% trans 'Session online' %}</a></li>
+        <li id="session-offline"><a href="{% url 'terminal:session-offline-list' %}">{% trans 'Session offline' %}</a></li>
+        <li id="command"><a href="{% url 'terminal:command-list' %}">{% trans 'Commands' %}</a></li>
+    </ul>
+</li>
+
+<li id="audits">
+    <a>
+        <i class="fa fa-history" style="width: 14px"></i> <span class="nav-label">{% trans 'Audits' %}</span><span class="fa arrow"></span>
+    </a>
+    <ul class="nav nav-second-level">
+        <li id="login-log"><a href="{% url 'audits:login-log-list' %}">{% trans 'Login log' %}</a></li>
+        <li id="ftp-log"><a href="{% url 'audits:ftp-log-list' %}">{% trans 'FTP log' %}</a></li>
+        <li id="operate-log"><a href="{% url 'audits:operate-log-list' %}">{% trans 'Operate log' %}</a></li>
+        <li id="password-change-log"><a href="{% url 'audits:password-change-log-list' %}">{% trans 'Password change log' %}</a></li>
+        <li id="command-execution-log"><a href="{% url 'audits:command-execution-log-list' %}">{% trans 'Batch command' %}</a></li>
+    </ul>
+</li>
\ No newline at end of file
diff --git a/apps/terminal/api/session.py b/apps/terminal/api/session.py
index f52d7b2b7..2943641a1 100644
--- a/apps/terminal/api/session.py
+++ b/apps/terminal/api/session.py
@@ -15,7 +15,7 @@ import jms_storage
 
 
 from common.utils import is_uuid
-from common.permissions import IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdminOrAppUser, IsAuditor
 from ..hands import SystemUser
 from ..models import Terminal, Session
 from .. import serializers
@@ -30,7 +30,7 @@ class SessionViewSet(BulkModelViewSet):
     queryset = Session.objects.all()
     serializer_class = serializers.SessionSerializer
     pagination_class = LimitOffsetPagination
-    permission_classes = (IsOrgAdminOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser | IsAuditor, )
 
     def get_queryset(self):
         queryset = super().get_queryset()
@@ -68,7 +68,7 @@ class CommandViewSet(viewsets.ViewSet):
     """
     command_store = get_command_storage()
     serializer_class = SessionCommandSerializer
-    permission_classes = (IsOrgAdminOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser | IsAuditor,)
 
     def get_queryset(self):
         self.command_store.filter(**dict(self.request.query_params))
diff --git a/apps/terminal/templates/terminal/session_list.html b/apps/terminal/templates/terminal/session_list.html
index 355c8226d..44bbaa32b 100644
--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@@ -103,7 +103,7 @@
                 {% if session.is_finished %}
                 <a {% if not session.can_replay %} disabled="" {% endif %} onclick="window.open('/luna/replay/{{ session.id }}','luna', 'height=600, width=800, top=400, left=400, toolbar=no, menubar=no, scrollbars=no, location=no, status=no')" class="btn btn-xs btn-warning btn-replay" >{% trans "Replay" %}</a>
                 {% else %}
-                    {% if session.protocol == 'ssh' %}
+                    {% if session.protocol == 'ssh' and request.user.is_org_admin%}
                         <a class="btn btn-xs btn-danger btn-term" value="{{ session.id }}" terminal="{{ session.terminal.id }}" >{% trans "Terminate" %}</a>
                     {% else %}
                         <a class="btn btn-xs btn-danger btn-term" disabled value="{{ session.id }}" terminal="{{ session.terminal.id }}" >{% trans "Terminate" %}</a>
@@ -115,6 +115,7 @@
 {% endblock %}
 
 {% block content_bottom_left %}
+    {% if  request.user.is_org_admin %}
     <div id="actions" {% if type != "online" %} style="display: none" {% endif %}>
         <div class="input-group">
             <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
@@ -128,6 +129,7 @@
             </div>
         </div>
     </div>
+    {% endif %}
 {% endblock %}
 
 {% block custom_foot_js %}
diff --git a/apps/terminal/views/command.py b/apps/terminal/views/command.py
index 808dc9706..222701db1 100644
--- a/apps/terminal/views/command.py
+++ b/apps/terminal/views/command.py
@@ -9,7 +9,7 @@ from django.template import loader
 import time
 
 from common.mixins import DatetimeSearchMixin
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
 from ..models import Command
 from .. import utils
 from ..backends import get_multi_command_storage
@@ -18,13 +18,14 @@ __all__ = ['CommandListView', 'CommandExportView']
 common_storage = get_multi_command_storage()
 
 
-class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView):
+class CommandListView(DatetimeSearchMixin, PermissionsMixin, ListView):
     model = Command
     template_name = "terminal/command_list.html"
     context_object_name = 'command_list'
     paginate_by = settings.DISPLAY_PER_PAGE
     command = user = asset = system_user = ""
     date_from = date_to = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_queryset(self):
         self.command = self.request.GET.get('command', '')
@@ -63,10 +64,11 @@ class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView):
         return super().get_context_data(**kwargs)
 
 
-class CommandExportView(DatetimeSearchMixin, AdminUserRequiredMixin, View):
+class CommandExportView(DatetimeSearchMixin, PermissionsMixin, View):
     model = Command
     command = user = asset = system_user = action = ''
     date_from = date_to = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get(self, request, *args, **kwargs):
         queryset = self.get_queryset()
diff --git a/apps/terminal/views/session.py b/apps/terminal/views/session.py
index 706d6ee8a..369053a61 100644
--- a/apps/terminal/views/session.py
+++ b/apps/terminal/views/session.py
@@ -7,7 +7,7 @@ from django.utils.translation import ugettext as _
 from django.utils import timezone
 from django.conf import settings
 
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin, IsAuditor
 from common.mixins import DatetimeSearchMixin
 from ..models import Session, Command, Terminal
 from ..backends import get_multi_command_storage
@@ -20,14 +20,14 @@ __all__ = [
 ]
 
 
-
-class SessionListView(AdminUserRequiredMixin, DatetimeSearchMixin, ListView):
+class SessionListView(PermissionsMixin, DatetimeSearchMixin, ListView):
     model = Session
     template_name = 'terminal/session_list.html'
     context_object_name = 'session_list'
     paginate_by = settings.DISPLAY_PER_PAGE
     user = asset = system_user = ''
     date_from = date_to = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get_queryset(self):
         self.queryset = super().get_queryset()
@@ -97,10 +97,11 @@ class SessionOfflineListView(SessionListView):
         return super().get_context_data(**kwargs)
 
 
-class SessionDetailView(SingleObjectMixin, AdminUserRequiredMixin, ListView):
+class SessionDetailView(SingleObjectMixin, PermissionsMixin, ListView):
     template_name = 'terminal/session_detail.html'
     model = Session
     object = None
+    permission_classes = [IsOrgAdmin | IsAuditor]
 
     def get(self, request, *args, **kwargs):
         self.object = self.get_object(queryset=self.model.objects.all())
diff --git a/apps/terminal/views/terminal.py b/apps/terminal/views/terminal.py
index 210bec136..1b6e4c9b8 100644
--- a/apps/terminal/views/terminal.py
+++ b/apps/terminal/views/terminal.py
@@ -10,7 +10,7 @@ from django.urls import reverse_lazy, reverse
 from common.mixins import JSONResponseMixin
 from ..models import Terminal
 from ..forms import TerminalForm
-from common.permissions import SuperUserRequiredMixin
+from common.permissions import PermissionsMixin, IsSuperUser
 
 
 __all__ = [
@@ -20,10 +20,11 @@ __all__ = [
 ]
 
 
-class TerminalListView(SuperUserRequiredMixin, ListView):
+class TerminalListView(PermissionsMixin, ListView):
     model = Terminal
     template_name = 'terminal/terminal_list.html'
     form_class = TerminalForm
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = super(TerminalListView, self).get_context_data(**kwargs)
@@ -35,11 +36,12 @@ class TerminalListView(SuperUserRequiredMixin, ListView):
         return context
 
 
-class TerminalUpdateView(SuperUserRequiredMixin, UpdateView):
+class TerminalUpdateView(PermissionsMixin, UpdateView):
     model = Terminal
     form_class = TerminalForm
     template_name = 'terminal/terminal_update.html'
     success_url = reverse_lazy('terminal:terminal-list')
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = super(TerminalUpdateView, self).get_context_data(**kwargs)
@@ -47,10 +49,11 @@ class TerminalUpdateView(SuperUserRequiredMixin, UpdateView):
         return context
 
 
-class TerminalDetailView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView):
+class TerminalDetailView(LoginRequiredMixin, PermissionsMixin, DetailView):
     model = Terminal
     template_name = 'terminal/terminal_detail.html'
     context_object_name = 'terminal'
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         context = super(TerminalDetailView, self).get_context_data(**kwargs)
@@ -61,16 +64,18 @@ class TerminalDetailView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView)
         return context
 
 
-class TerminalDeleteView(SuperUserRequiredMixin, DeleteView):
+class TerminalDeleteView(PermissionsMixin, DeleteView):
     model = Terminal
     template_name = 'delete_confirm.html'
     success_url = reverse_lazy('terminal:terminal-list')
+    permission_classes = [IsSuperUser]
 
 
-class TerminalAcceptView(SuperUserRequiredMixin, JSONResponseMixin, UpdateView):
+class TerminalAcceptView(PermissionsMixin, JSONResponseMixin, UpdateView):
     model = Terminal
     form_class = TerminalForm
     template_name = 'terminal/terminal_modal_accept.html'
+    permission_classes = [IsSuperUser]
 
     def form_valid(self, form):
         terminal = form.save()
@@ -92,12 +97,13 @@ class TerminalAcceptView(SuperUserRequiredMixin, JSONResponseMixin, UpdateView):
         return self.render_json_response(data)
 
 
-class TerminalConnectView(LoginRequiredMixin, SuperUserRequiredMixin, DetailView):
+class TerminalConnectView(LoginRequiredMixin, PermissionsMixin, DetailView):
     """
     Abandon
     """
     template_name = 'flash_message_standalone.html'
     model = Terminal
+    permission_classes = [IsSuperUser]
 
     def get_context_data(self, **kwargs):
         if self.object.type == 'Web':
diff --git a/apps/users/forms.py b/apps/users/forms.py
index 43ef0b594..423aa81e1 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -62,6 +62,7 @@ class UserCreateUpdateFormMixin(OrgModelForm):
         if self.request.user.is_superuser:
             roles.append((User.ROLE_ADMIN, dict(User.ROLE_CHOICES).get(User.ROLE_ADMIN)))
             roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
+            roles.append((User.ROLE_AUDITOR, dict(User.ROLE_CHOICES).get(User.ROLE_AUDITOR)))
 
         # Org admin user
         else:
diff --git a/apps/users/migrations/0020_auto_20190612_1825.py b/apps/users/migrations/0020_auto_20190612_1825.py
new file mode 100644
index 000000000..7c3a4ae18
--- /dev/null
+++ b/apps/users/migrations/0020_auto_20190612_1825.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.7 on 2019-06-12 10:25
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0019_auto_20190304_1459'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='role',
+            field=models.CharField(blank=True, choices=[('Admin', 'Administrator'), ('User', 'User'), ('App', 'Application'), ('Auditor', 'Auditor')], default='User', max_length=10, verbose_name='Role'),
+        ),
+    ]
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 70b774486..a0ceb6c51 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -30,11 +30,13 @@ class User(AbstractUser):
     ROLE_ADMIN = 'Admin'
     ROLE_USER = 'User'
     ROLE_APP = 'App'
+    ROLE_AUDITOR = 'Auditor'
 
     ROLE_CHOICES = (
         (ROLE_ADMIN, _('Administrator')),
         (ROLE_USER, _('User')),
-        (ROLE_APP, _('Application'))
+        (ROLE_APP, _('Application')),
+        (ROLE_AUDITOR, _("Auditor"))
     )
     OTP_LEVEL_CHOICES = (
         (0, _('Disable')),
@@ -243,6 +245,10 @@ class User(AbstractUser):
         else:
             return False
 
+    @property
+    def is_auditor(self):
+        return self.role == 'Auditor'
+
     @property
     def is_app(self):
         return self.role == 'App'
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 3428674d3..60f6dfbee 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -24,16 +24,6 @@ from .models import User
 logger = logging.getLogger('jumpserver')
 
 
-class AdminUserRequiredMixin(UserPassesTestMixin):
-    def test_func(self):
-        if not self.request.user.is_authenticated:
-            return False
-        elif not self.request.user.is_superuser:
-            self.raise_exception = True
-            return False
-        return True
-
-
 def construct_user_created_email_body(user):
     default_body = _("""
         <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
diff --git a/apps/users/views/group.py b/apps/users/views/group.py
index a8ec3f9ab..f0e267de3 100644
--- a/apps/users/views/group.py
+++ b/apps/users/views/group.py
@@ -9,7 +9,7 @@ from django.contrib.messages.views import SuccessMessageMixin
 
 from common.utils import get_logger
 from common.const import create_success_msg, update_success_msg
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from orgs.utils import current_org
 from ..models import User, UserGroup
 from .. import forms
@@ -19,8 +19,9 @@ __all__ = ['UserGroupListView', 'UserGroupCreateView', 'UserGroupDetailView',
 logger = get_logger(__name__)
 
 
-class UserGroupListView(AdminUserRequiredMixin, TemplateView):
+class UserGroupListView(PermissionsMixin, TemplateView):
     template_name = 'users/user_group_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -31,12 +32,13 @@ class UserGroupListView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class UserGroupCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
     model = UserGroup
     form_class = forms.UserGroupForm
     template_name = 'users/user_group_create_update.html'
     success_url = reverse_lazy('users:user-group-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -47,12 +49,13 @@ class UserGroupCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateVie
         return super().get_context_data(**kwargs)
 
 
-class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class UserGroupUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     model = UserGroup
     form_class = forms.UserGroupForm
     template_name = 'users/user_group_create_update.html'
     success_url = reverse_lazy('users:user-group-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
@@ -64,10 +67,11 @@ class UserGroupUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateVie
         return super().get_context_data(**kwargs)
 
 
-class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
+class UserGroupDetailView(PermissionsMixin, DetailView):
     model = UserGroup
     context_object_name = 'user_group'
     template_name = 'users/user_group_detail.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         users = current_org.get_org_users().exclude(id__in=self.object.users.all())
@@ -80,11 +84,12 @@ class UserGroupDetailView(AdminUserRequiredMixin, DetailView):
         return super().get_context_data(**kwargs)
 
 
-class UserGroupGrantedAssetView(AdminUserRequiredMixin, DetailView):
+class UserGroupGrantedAssetView(PermissionsMixin, DetailView):
     model = UserGroup
     template_name = 'users/user_group_granted_asset.html'
     context_object_name = 'user_group'
     object = None
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {
diff --git a/apps/users/views/user.py b/apps/users/views/user.py
index 963be613f..376d9684c 100644
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -36,7 +36,7 @@ from common.const import (
 )
 from common.mixins import JSONResponseMixin
 from common.utils import get_logger, get_object_or_none, is_uuid, ssh_key_gen
-from common.permissions import AdminUserRequiredMixin
+from common.permissions import PermissionsMixin, IsOrgAdmin
 from orgs.utils import current_org
 from .. import forms
 from ..models import User, UserGroup
@@ -61,8 +61,9 @@ __all__ = [
 logger = get_logger(__name__)
 
 
-class UserListView(AdminUserRequiredMixin, TemplateView):
+class UserListView(PermissionsMixin, TemplateView):
     template_name = 'users/user_list.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
@@ -73,12 +74,13 @@ class UserListView(AdminUserRequiredMixin, TemplateView):
         return context
 
 
-class UserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+class UserCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
     model = User
     form_class = forms.UserCreateForm
     template_name = 'users/user_create.html'
     success_url = reverse_lazy('users:user-list')
     success_message = create_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         check_rules = get_password_check_rules()
@@ -106,13 +108,14 @@ class UserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
         return kwargs
 
 
-class UserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+class UserUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
     model = User
     form_class = forms.UserUpdateForm
     template_name = 'users/user_update.html'
     context_object_name = 'user_object'
     success_url = reverse_lazy('users:user-list')
     success_message = update_success_msg
+    permission_classes = [IsOrgAdmin]
 
     def _deny_permission(self):
         obj = self.get_object()
@@ -153,7 +156,7 @@ class UserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
         return kwargs
 
 
-class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
+class UserBulkUpdateView(PermissionsMixin, TemplateView):
     model = User
     form_class = forms.UserBulkUpdateForm
     template_name = 'users/user_bulk_update.html'
@@ -161,6 +164,7 @@ class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
     success_message = _("Bulk update user success")
     form = None
     id_list = None
+    permission_classes = [IsOrgAdmin]
 
     def get(self, request, *args, **kwargs):
         spm = request.GET.get('spm', '')
@@ -193,11 +197,12 @@ class UserBulkUpdateView(AdminUserRequiredMixin, TemplateView):
         return super().get_context_data(**kwargs)
 
 
-class UserDetailView(AdminUserRequiredMixin, DetailView):
+class UserDetailView(PermissionsMixin, DetailView):
     model = User
     template_name = 'users/user_detail.html'
     context_object_name = "user_object"
     key_prefix_block = "_LOGIN_BLOCK_{}"
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         user = self.get_object()
@@ -263,8 +268,9 @@ class UserExportView(View):
         return JsonResponse({'redirect': url})
 
 
-class UserBulkImportView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
+class UserBulkImportView(PermissionsMixin, JSONResponseMixin, FormView):
     form_class = forms.FileForm
+    permission_classes = [IsOrgAdmin]
 
     def form_invalid(self, form):
         try:
@@ -359,9 +365,10 @@ class UserBulkImportView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
         return self.render_json_response(data)
 
 
-class UserGrantedAssetView(AdminUserRequiredMixin, DetailView):
+class UserGrantedAssetView(PermissionsMixin, DetailView):
     model = User
     template_name = 'users/user_granted_asset.html'
+    permission_classes = [IsOrgAdmin]
 
     def get_context_data(self, **kwargs):
         context = {