diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py
index 7be40c72b..3f4b7a209 100644
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -181,7 +181,7 @@ class AssetsTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
     def check_permissions(self, request):
         action = request.data.get('action')
         action_perm_require = {
-            'refresh': 'assets.refresh_assethardwareinfo1',
+            'refresh': 'assets.refresh_assethardwareinfo',
         }
         perm_required = action_perm_require.get(action)
         has = self.request.user.has_perm(perm_required)
diff --git a/apps/rbac/backends.py b/apps/rbac/backends.py
index bc9dbb56a..76ebd1d70 100644
--- a/apps/rbac/backends.py
+++ b/apps/rbac/backends.py
@@ -16,7 +16,7 @@ class RBACBackend(JMSBaseAuthBackend):
         return False
 
     def has_perm(self, user_obj, perm, obj=None):
-        if not user_obj.is_active:
+        if not user_obj.is_active or not perm:
             raise PermissionDenied()
         if perm == '*':
             return True