diff --git a/apps/assets/api.py b/apps/assets/api.py
index 820f418ef..f6d6926bb 100644
--- a/apps/assets/api.py
+++ b/apps/assets/api.py
@@ -13,14 +13,6 @@ from .models import AssetGroup, Asset, IDC, SystemUser, AdminUser
 from . import serializers
 
 
-class AssetGroupViewSet(viewsets.ModelViewSet):
-    """ API endpoint that allows AssetGroup to be viewed or edited.
-        some other comment
-    """
-    queryset = AssetGroup.objects.all()
-    serializer_class = serializers.AssetGroupSerializer
-
-
 class AssetViewSet(viewsets.ModelViewSet):
     """API endpoint that allows Asset to be viewed or edited."""
     queryset = Asset.objects.all()
@@ -34,6 +26,14 @@ class AssetViewSet(viewsets.ModelViewSet):
         return queryset
 
 
+class AssetGroupViewSet(viewsets.ModelViewSet):
+    """ API endpoint that allows AssetGroup to be viewed or edited.
+        some other comment
+    """
+    queryset = AssetGroup.objects.all()
+    serializer_class = serializers.AssetGroupSerializer
+
+
 class IDCViewSet(viewsets.ModelViewSet):
     """API endpoint that allows IDC to be viewed or edited."""
     queryset = IDC.objects.all()
@@ -68,7 +68,7 @@ class SystemUserViewSet(viewsets.ModelViewSet):
 
 class AssetListUpdateApi(BulkDeleteApiMixin, ListBulkCreateUpdateDestroyAPIView):
     queryset = Asset.objects.all()
-    serializer_class = serializers.AssetBulkUpdateSerializer
+    serializer_class = serializers.AssetSerializer
     permission_classes = (IsSuperUser,)
 
 
diff --git a/apps/assets/serializers.py b/apps/assets/serializers.py
index 9044c3cc6..256b3e87e 100644
--- a/apps/assets/serializers.py
+++ b/apps/assets/serializers.py
@@ -6,22 +6,11 @@ from common.mixins import BulkDeleteApiMixin
 from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
 
 
-class AssetBulkUpdateSerializer(BulkSerializerMixin, serializers.ModelSerializer):
-    # group_display = serializers.SerializerMethodField()
-    # active_display = serializers.SerializerMethodField()
-    #groups = serializers.PrimaryKeyRelatedField(many=True, queryset=AssetGroup.objects.all())
+class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
 
     class Meta(object):
         model = Asset
         list_serializer_class = BulkListSerializer
-        fields = ('id', 'port', 'idc')
-
-    # def get_group_display(self, obj):
-    #     return " ".join([group.name for group in obj.groups.all()])
-    #
-    # def get_active_display(self, obj):
-    #     # TODO: user ative state
-    #     return not (obj.is_expired and obj.is_active)
 
 
 class AssetGroupSerializer(serializers.ModelSerializer):
@@ -29,11 +18,6 @@ class AssetGroupSerializer(serializers.ModelSerializer):
         model = AssetGroup
 
 
-class AssetSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = Asset
-
-
 class AdminUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = AdminUser
diff --git a/apps/perms/api.py b/apps/perms/api.py
index c40b9343e..fd9294500 100644
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -3,17 +3,26 @@
 
 from rest_framework.views import APIView, Response
 from rest_framework.generics import ListCreateAPIView
+from rest_framework import viewsets
 from users.backends import IsValidUser, IsSuperUser
 from .utils import get_user_granted_assets, get_user_granted_asset_groups
 from .models import AssetPermission
 from . import serializers
 
 
-class AssetPermissionListCreateApi(ListCreateAPIView):
+class AssetPermissionViewSet(viewsets.ModelViewSet):
     queryset = AssetPermission.objects.all()
     serializer_class = serializers.AssetPermissionSerializer
     permission_classes = (IsSuperUser,)
 
+    def get_queryset(self):
+        queryset = super(AssetPermissionViewSet, self).get_queryset()
+        user_id = self.request.query_params.get('user', '')
+        if user_id:
+            queryset = queryset.filter(users__id=user_id)
+
+        return queryset
+
 
 class UserAssetsApi(APIView):
     permission_classes = (IsValidUser,)
diff --git a/apps/perms/urls.py b/apps/perms/urls.py
index 186199b56..ae1c9d60a 100644
--- a/apps/perms/urls.py
+++ b/apps/perms/urls.py
@@ -1,6 +1,7 @@
 # coding:utf-8
 
 from django.conf.urls import url
+from rest_framework import routers
 import views
 import api
 
@@ -21,9 +22,10 @@ urlpatterns = [
         name='asset-permission-asset-list'),
 ]
 
+router = routers.DefaultRouter()
+router.register('v1/asset-permissions', api.AssetPermissionViewSet, 'api-asset-permission')
+
 urlpatterns += [
-    url(r'^v1/asset-permission/$', api.AssetPermissionListCreateApi.as_view(),
-        name='asset-permission-list-create-api'),
     url(r'^v1/user/assets/$', api.UserAssetsApi.as_view(),
         name='user-assets'),
     url(r'^v1/user/asset-groups/$', api.UserAssetsGroupsApi.as_view(),
@@ -32,3 +34,4 @@ urlpatterns += [
         name='user-asset-groups-assets'),
 ]
 
+urlpatterns += router.urls