diff --git a/apps/settings/api/settings.py b/apps/settings/api/settings.py
index 3f81832e0..3e1d9336d 100644
--- a/apps/settings/api/settings.py
+++ b/apps/settings/api/settings.py
@@ -42,28 +42,27 @@ class SettingsApi(generics.RetrieveUpdateAPIView):
     }
 
     rbac_category_permissions = {
-        # 'all': 'view_setting',
-        'basic': 'view_setting',
-        'terminal': 'change_terminal',
-        'security': 'change_security',
-        'ldap': 'change_auth',
-        'email': 'change_email',
-        'email_content': 'change_email',
-        'wecom': 'change_auth',
-        'dingtalk': 'change_auth',
-        'feishu': 'change_auth',
-        'auth': 'change_auth',
-        'oidc': 'change_auth',
-        'keycloak': 'change_auth',
-        'radius': 'change_auth',
-        'cas': 'change_auth',
-        'sso': 'change_auth',
-        'saml2': 'change_auth',
-        'clean': 'change_clean',
-        'other': 'change_other',
-        'sms': 'change_sms',
-        'alibaba': 'change_sms',
-        'tencent': 'change_sms',
+        'basic': 'settings.view_setting',
+        'terminal': 'settings.change_terminal',
+        'security': 'settings.change_security',
+        'ldap': 'settings.change_auth',
+        'email': 'settings.change_email',
+        'email_content': 'settings.change_email',
+        'wecom': 'settings.change_auth',
+        'dingtalk': 'settings.change_auth',
+        'feishu': 'settings.change_auth',
+        'auth': 'settings.change_auth',
+        'oidc': 'settings.change_auth',
+        'keycloak': 'settings.change_auth',
+        'radius': 'settings.change_auth',
+        'cas': 'settings.change_auth',
+        'sso': 'settings.change_auth',
+        'saml2': 'settings.change_auth',
+        'clean': 'settings.change_clean',
+        'other': 'settings.change_other',
+        'sms': 'settings.change_sms',
+        'alibaba': 'settings.change_sms',
+        'tencent': 'settings.change_sms',
     }
 
     def get_queryset(self):
@@ -71,10 +70,11 @@ class SettingsApi(generics.RetrieveUpdateAPIView):
 
     def check_permissions(self, request):
         category = request.query_params.get('category', 'basic')
-        require_perm = self.rbac_category_permissions.get(category)
-        if not request.user.has_perm(require_perm):
+        perm_required = self.rbac_category_permissions.get(category)
+        has = self.request.user.has_perm(perm_required)
+
+        if not has:
             self.permission_denied(request)
-        return super().check_permissions(request)
 
     def get_serializer_class(self):
         category = self.request.query_params.get('category', 'basic')