diff --git a/apps/assets/api/asset_user.py b/apps/assets/api/asset_user.py
index e2844a5e5..da0fe8c7e 100644
--- a/apps/assets/api/asset_user.py
+++ b/apps/assets/api/asset_user.py
@@ -10,10 +10,10 @@ from common.permissions import IsOrgAdminOrAppUser, NeedMFAVerify
 from common.utils import get_object_or_none, get_logger
 from common.mixins import CommonApiMixin
 from ..backends import AssetUserManager
-from ..models import Asset, Node, SystemUser
+from ..models import Node
 from .. import serializers
 from ..tasks import (
-    test_asset_users_connectivity_manual, push_system_user_a_asset_manual
+    test_asset_users_connectivity_manual
 )
 
 
@@ -100,12 +100,6 @@ class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
         obj = queryset.get(id=pk)
         return obj
 
-    def get_exception_handler(self):
-        def handler(e, context):
-            logger.error(e, exc_info=True)
-            return Response({"error": str(e)}, status=400)
-        return handler
-
     def perform_destroy(self, instance):
         manager = AssetUserManager()
         manager.delete(instance)
diff --git a/apps/common/exceptions.py b/apps/common/exceptions.py
index 3422f0e0c..9d3008c50 100644
--- a/apps/common/exceptions.py
+++ b/apps/common/exceptions.py
@@ -39,3 +39,9 @@ class ReferencedByOthers(JMSException):
     status_code = status.HTTP_400_BAD_REQUEST
     default_code = 'referenced_by_others'
     default_detail = _('Is referenced by other objects and cannot be deleted')
+
+
+class MFAVerifyRequired(JMSException):
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_code = 'mfa_verify_required'
+    default_detail = _('This action require verify your MFA')
diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index 7df83046d..1fced6478 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -3,6 +3,7 @@
 import time
 from rest_framework import permissions
 from django.conf import settings
+from common.exceptions import MFAVerifyRequired
 
 from orgs.utils import current_org
 
@@ -114,7 +115,7 @@ class NeedMFAVerify(permissions.BasePermission):
         mfa_verify_time = request.session.get('MFA_VERIFY_TIME', 0)
         if time.time() - mfa_verify_time < settings.SECURITY_MFA_VERIFY_TTL:
             return True
-        return False
+        raise MFAVerifyRequired()
 
 
 class CanUpdateDeleteUser(permissions.BasePermission):