diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py
index 1b639bec6..0e811cbaa 100644
--- a/apps/authentication/serializers/connection_token.py
+++ b/apps/authentication/serializers/connection_token.py
@@ -61,7 +61,7 @@ class ConnectionTokenSerializer(OrgResourceModelSerializerMixin):
         system_user = attrs.get('system_user') or ''
         asset = attrs.get('asset') or ''
         application = attrs.get('application') or ''
-        secret = attrs.get('secret') or random_string(64)
+        secret = attrs.get('secret') or random_string(16)
         date_expired = attrs.get('date_expired') or ConnectionToken.get_default_date_expired()
 
         if isinstance(asset, Asset):
diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index 20038de19..f8789a110 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -40,6 +40,10 @@ exclude_permissions = (
     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
     ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
     ('assets', 'authbook', 'change', 'authbook'),
+    # TODO 暂时去掉历史账号的权限
+    ('assets', 'authbook', '*', 'assethistoryaccount'),
+    ('assets', 'authbook', '*', 'assethistoryaccountsecret'),
+
     ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
     ('perms', 'usergrantedmappingnode', '*', '*'),
     ('perms', 'permnode', '*', '*'),