diff --git a/apps/assets/models/node.py b/apps/assets/models/node.py
index 170a5135f..ea3fd70f5 100644
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -40,8 +40,10 @@ class Node(OrgModelMixin):
         return self.key == other.key
 
     def __gt__(self, other):
-        if self.is_root():
+        if self.is_root() and not other.is_root():
             return True
+        elif not self.is_root() and other.is_root():
+            return False
         self_key = [int(k) for k in self.key.split(':')]
         other_key = [int(k) for k in other.key.split(':')]
         self_parent_key = self_key[:-1]
@@ -49,6 +51,10 @@ class Node(OrgModelMixin):
 
         if self_parent_key == other_parent_key:
             return self.name > other.name
+        if len(self_parent_key) < len(other_parent_key):
+            return True
+        elif len(self_parent_key) > len(other_parent_key):
+            return False
         return self_key > other_key
 
     def __lt__(self, other):
diff --git a/apps/assets/templates/assets/user_asset_list.html b/apps/assets/templates/assets/user_asset_list.html
index 329f24c72..23d0b34ed 100644
--- a/apps/assets/templates/assets/user_asset_list.html
+++ b/apps/assets/templates/assets/user_asset_list.html
@@ -153,7 +153,11 @@ function initTree() {
 $(document).ready(function () {
     initTree();
     initTable();
-})
+}).on('click', '.labels li', function () {
+    var val = $(this).text();
+    $("#user_assets_table_filter input").val(val);
+    asset_table.search(val).draw();
+ })
 .on('click', '.asset_detail', function() {
     var data = asset_table.ajax.json();
     var asset_id = this.getAttribute("asset-id");
diff --git a/apps/assets/views/asset.py b/apps/assets/views/asset.py
index 653fa12c3..4a3ce2273 100644
--- a/apps/assets/views/asset.py
+++ b/apps/assets/views/asset.py
@@ -79,6 +79,7 @@ class UserAssetListView(LoginRequiredMixin, TemplateView):
     def get_context_data(self, **kwargs):
         context = {
             'action': _('My assets'),
+            'labels': Label.objects.all().order_by('name'),
             'system_users': SystemUser.objects.all(),
         }
         kwargs.update(context)
diff --git a/apps/jumpserver/context_processor.py b/apps/jumpserver/context_processor.py
index c6312aaf0..148611359 100644
--- a/apps/jumpserver/context_processor.py
+++ b/apps/jumpserver/context_processor.py
@@ -15,7 +15,8 @@ def jumpserver_processor(request):
         'FAVICON_URL': static('img/facio.ico'),
         'JMS_TITLE': 'Jumpserver',
         'VERSION': settings.VERSION,
-        'COPYRIGHT': 'FIT2CLOUD 飞致云' + ' © 2014-2019'
+        'COPYRIGHT': 'FIT2CLOUD 飞致云' + ' © 2014-2019',
+        'SECURITY_COMMAND_EXECUTION': settings.SECURITY_COMMAND_EXECUTION,
     }
     return context
 
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index d9be8c346..d43006c85 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -546,6 +546,7 @@ TERMINAL_REPLAY_STORAGE = {
 
 
 SECURITY_MFA_AUTH = False
+SECURITY_COMMAND_EXECUTION = True
 SECURITY_LOGIN_LIMIT_COUNT = 7
 SECURITY_LOGIN_LIMIT_TIME = 30  # Unit: minute
 SECURITY_MAX_IDLE_TIME = 30  # Unit: minute
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index fb8aab644..d1d1a34cb 100644
Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index c1acf7792..86481fbc4 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Jumpserver 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-05-27 15:38+0800\n"
+"POT-Creation-Date: 2019-06-11 11:39+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: Jumpserver team<ibuler@qq.com>\n"
@@ -163,7 +163,7 @@ msgstr "系统用户"
 #: settings/templates/settings/replay_storage_create.html:44
 #: settings/templates/settings/terminal_setting.html:83
 #: settings/templates/settings/terminal_setting.html:105 terminal/models.py:22
-#: terminal/models.py:241 terminal/templates/terminal/terminal_detail.html:43
+#: terminal/models.py:258 terminal/templates/terminal/terminal_detail.html:43
 #: terminal/templates/terminal/terminal_list.html:29 users/models/group.py:14
 #: users/models/user.py:61 users/templates/users/_select_user_modal.html:13
 #: users/templates/users/user_detail.html:63
@@ -302,7 +302,7 @@ msgstr "备注"
 #: perms/templates/perms/remote_app_permission_list.html:17
 #: perms/templates/perms/remote_app_permission_remote_app.html:26
 #: perms/templates/perms/remote_app_permission_user.html:26
-#: templates/_nav.html:35 templates/_nav.html:45 templates/_nav_user.html:14
+#: templates/_nav.html:36 templates/_nav.html:48 templates/_nav_user.html:14
 msgid "RemoteApp"
 msgstr "远程应用"
 
@@ -411,7 +411,7 @@ msgstr "详情"
 #: applications/templates/applications/remote_app_list.html:56
 #: assets/templates/assets/admin_user_detail.html:24
 #: assets/templates/assets/admin_user_list.html:29
-#: assets/templates/assets/admin_user_list.html:111
+#: assets/templates/assets/admin_user_list.html:112
 #: assets/templates/assets/asset_detail.html:27
 #: assets/templates/assets/asset_list.html:86
 #: assets/templates/assets/asset_list.html:190
@@ -425,7 +425,7 @@ msgstr "详情"
 #: assets/templates/assets/label_list.html:39
 #: assets/templates/assets/system_user_detail.html:26
 #: assets/templates/assets/system_user_list.html:33
-#: assets/templates/assets/system_user_list.html:117 audits/models.py:33
+#: assets/templates/assets/system_user_list.html:118 audits/models.py:33
 #: perms/templates/perms/asset_permission_detail.html:30
 #: perms/templates/perms/asset_permission_list.html:181
 #: perms/templates/perms/remote_app_permission_detail.html:30
@@ -435,7 +435,7 @@ msgstr "详情"
 #: users/templates/users/user_detail.html:25
 #: users/templates/users/user_group_detail.html:28
 #: users/templates/users/user_group_list.html:20
-#: users/templates/users/user_group_list.html:69
+#: users/templates/users/user_group_list.html:70
 #: users/templates/users/user_list.html:20
 #: users/templates/users/user_list.html:96
 #: users/templates/users/user_list.html:99
@@ -454,7 +454,7 @@ msgstr "更新"
 #: applications/templates/applications/remote_app_detail.html:25
 #: applications/templates/applications/remote_app_list.html:57
 #: assets/templates/assets/admin_user_detail.html:28
-#: assets/templates/assets/admin_user_list.html:112
+#: assets/templates/assets/admin_user_list.html:113
 #: assets/templates/assets/asset_detail.html:31
 #: assets/templates/assets/asset_list.html:191
 #: assets/templates/assets/cmd_filter_detail.html:33
@@ -466,7 +466,7 @@ msgstr "更新"
 #: assets/templates/assets/domain_list.html:55
 #: assets/templates/assets/label_list.html:40
 #: assets/templates/assets/system_user_detail.html:30
-#: assets/templates/assets/system_user_list.html:118 audits/models.py:34
+#: assets/templates/assets/system_user_list.html:119 audits/models.py:34
 #: ops/templates/ops/task_list.html:64
 #: perms/templates/perms/asset_permission_detail.html:34
 #: perms/templates/perms/asset_permission_list.html:182
@@ -477,7 +477,7 @@ msgstr "更新"
 #: terminal/templates/terminal/terminal_list.html:74
 #: users/templates/users/user_detail.html:30
 #: users/templates/users/user_group_detail.html:32
-#: users/templates/users/user_group_list.html:71
+#: users/templates/users/user_group_list.html:72
 #: users/templates/users/user_list.html:104
 #: users/templates/users/user_list.html:108
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:33
@@ -742,7 +742,7 @@ msgstr "密码或密钥密码"
 #: authentication/forms.py:13
 #: authentication/templates/authentication/login.html:67
 #: authentication/templates/authentication/new_login.html:93
-#: settings/forms.py:103 users/forms.py:15 users/forms.py:33
+#: settings/forms.py:103 users/forms.py:15 users/forms.py:27
 #: users/templates/users/reset_password.html:53
 #: users/templates/users/user_password_authentication.html:18
 #: users/templates/users/user_password_update.html:43
@@ -1137,7 +1137,7 @@ msgstr "默认资产组"
 #: terminal/models.py:154 terminal/templates/terminal/command_list.html:32
 #: terminal/templates/terminal/command_list.html:72
 #: terminal/templates/terminal/session_list.html:33
-#: terminal/templates/terminal/session_list.html:71 users/forms.py:293
+#: terminal/templates/terminal/session_list.html:71 users/forms.py:300
 #: users/models/user.py:36 users/models/user.py:467 users/serializers/v1.py:61
 #: users/templates/users/user_group_detail.html:78
 #: users/templates/users/user_group_list.html:36 users/views/user.py:399
@@ -1215,7 +1215,7 @@ msgstr "连接"
 msgid "Org name"
 msgstr "组织名"
 
-#: assets/serializers/asset_user.py:23 users/forms.py:240
+#: assets/serializers/asset_user.py:23 users/forms.py:247
 #: users/models/user.py:91 users/templates/users/first_login.html:42
 #: users/templates/users/user_password_update.html:46
 #: users/templates/users/user_profile.html:68
@@ -1370,7 +1370,7 @@ msgstr "资产用户信息"
 
 #: assets/templates/assets/_asset_user_view_auth_modal.html:14
 #: audits/models.py:99 audits/templates/audits/login_log_list.html:56
-#: users/forms.py:152 users/models/user.py:83
+#: users/forms.py:159 users/models/user.py:83
 #: users/templates/users/first_login.html:45
 msgid "MFA"
 msgstr "MFA"
@@ -1382,11 +1382,11 @@ msgstr "需要二次认证来查看账号信息"
 #: assets/templates/assets/_asset_user_view_auth_modal.html:20
 #: assets/templates/assets/admin_user_detail.html:100
 #: assets/templates/assets/asset_detail.html:211
-#: assets/templates/assets/asset_list.html:700
+#: assets/templates/assets/asset_list.html:682
 #: assets/templates/assets/cmd_filter_detail.html:106
 #: assets/templates/assets/system_user_asset.html:112
 #: assets/templates/assets/system_user_detail.html:182
-#: assets/templates/assets/system_user_list.html:168
+#: assets/templates/assets/system_user_list.html:170
 #: settings/templates/settings/terminal_setting.html:168
 #: templates/_modal.html:23 terminal/templates/terminal/session_detail.html:108
 #: users/templates/users/user_detail.html:388
@@ -1394,8 +1394,8 @@ msgstr "需要二次认证来查看账号信息"
 #: users/templates/users/user_detail.html:437
 #: users/templates/users/user_detail.html:482
 #: users/templates/users/user_group_create_update.html:32
-#: users/templates/users/user_group_list.html:114
-#: users/templates/users/user_list.html:269
+#: users/templates/users/user_group_list.html:119
+#: users/templates/users/user_list.html:257
 #: users/templates/users/user_profile.html:238
 #: xpack/plugins/cloud/templates/cloud/account_create_update.html:34
 #: xpack/plugins/cloud/templates/cloud/sync_instance_task_create.html:36
@@ -1602,16 +1602,16 @@ msgstr "创建管理用户"
 msgid "Ratio"
 msgstr "比例"
 
-#: assets/templates/assets/admin_user_list.html:159
-#: assets/templates/assets/admin_user_list.html:197
-#: assets/templates/assets/asset_list.html:499
-#: assets/templates/assets/asset_list.html:543
-#: assets/templates/assets/system_user_list.html:226
-#: assets/templates/assets/system_user_list.html:262
+#: assets/templates/assets/admin_user_list.html:160
+#: assets/templates/assets/admin_user_list.html:191
+#: assets/templates/assets/asset_list.html:492
+#: assets/templates/assets/asset_list.html:529
+#: assets/templates/assets/system_user_list.html:223
+#: assets/templates/assets/system_user_list.html:254
 #: users/templates/users/user_group_list.html:163
-#: users/templates/users/user_group_list.html:199
-#: users/templates/users/user_list.html:162
-#: users/templates/users/user_list.html:198
+#: users/templates/users/user_group_list.html:194
+#: users/templates/users/user_list.html:158
+#: users/templates/users/user_list.html:190
 msgid "Please select file"
 msgstr "选择文件"
 
@@ -1787,45 +1787,45 @@ msgstr "重命名成功"
 msgid "Rename failed, do not change the root node name"
 msgstr "重命名失败,不能更改root节点的名称"
 
-#: assets/templates/assets/asset_list.html:694
-#: assets/templates/assets/system_user_list.html:162
+#: assets/templates/assets/asset_list.html:676
+#: assets/templates/assets/system_user_list.html:164
 #: users/templates/users/user_detail.html:382
 #: users/templates/users/user_detail.html:408
 #: users/templates/users/user_detail.html:476
-#: users/templates/users/user_group_list.html:108
-#: users/templates/users/user_list.html:263
+#: users/templates/users/user_group_list.html:113
+#: users/templates/users/user_list.html:251
 #: xpack/plugins/interface/templates/interface/interface.html:97
 msgid "Are you sure?"
 msgstr "你确认吗?"
 
-#: assets/templates/assets/asset_list.html:695
+#: assets/templates/assets/asset_list.html:677
 msgid "This will delete the selected assets !!!"
 msgstr "删除选择资产"
 
-#: assets/templates/assets/asset_list.html:698
-#: assets/templates/assets/system_user_list.html:166
+#: assets/templates/assets/asset_list.html:680
+#: assets/templates/assets/system_user_list.html:168
 #: settings/templates/settings/terminal_setting.html:166
 #: users/templates/users/user_detail.html:386
 #: users/templates/users/user_detail.html:412
 #: users/templates/users/user_detail.html:480
 #: users/templates/users/user_group_create_update.html:31
-#: users/templates/users/user_group_list.html:112
-#: users/templates/users/user_list.html:267
+#: users/templates/users/user_group_list.html:117
+#: users/templates/users/user_list.html:255
 #: xpack/plugins/interface/templates/interface/interface.html:101
 #: xpack/plugins/orgs/templates/orgs/org_create_update.html:32
 msgid "Cancel"
 msgstr "取消"
 
-#: assets/templates/assets/asset_list.html:711
+#: assets/templates/assets/asset_list.html:693
 msgid "Asset Deleted."
 msgstr "已被删除"
 
-#: assets/templates/assets/asset_list.html:712
-#: assets/templates/assets/asset_list.html:716
+#: assets/templates/assets/asset_list.html:694
+#: assets/templates/assets/asset_list.html:698
 msgid "Asset Delete"
 msgstr "删除"
 
-#: assets/templates/assets/asset_list.html:715
+#: assets/templates/assets/asset_list.html:697
 msgid "Asset Deleting failed."
 msgstr "删除失败"
 
@@ -2013,20 +2013,20 @@ msgstr ""
 msgid "Create system user"
 msgstr "创建系统用户"
 
-#: assets/templates/assets/system_user_list.html:163
+#: assets/templates/assets/system_user_list.html:165
 msgid "This will delete the selected System Users !!!"
 msgstr "删除选择系统用户"
 
-#: assets/templates/assets/system_user_list.html:172
+#: assets/templates/assets/system_user_list.html:174
 msgid "System Users Deleted."
 msgstr "已被删除"
 
-#: assets/templates/assets/system_user_list.html:173
-#: assets/templates/assets/system_user_list.html:178
+#: assets/templates/assets/system_user_list.html:175
+#: assets/templates/assets/system_user_list.html:180
 msgid "System Users Delete"
 msgstr "删除系统用户"
 
-#: assets/templates/assets/system_user_list.html:177
+#: assets/templates/assets/system_user_list.html:179
 msgid "System Users Deleting failed."
 msgstr "系统用户删除失败"
 
@@ -2308,23 +2308,23 @@ msgid "Datetime"
 msgstr "日期"
 
 #: audits/views.py:85 audits/views.py:129 audits/views.py:165
-#: audits/views.py:209 audits/views.py:241 templates/_nav.html:83
+#: audits/views.py:209 audits/views.py:241 templates/_nav.html:87
 msgid "Audits"
 msgstr "日志审计"
 
-#: audits/views.py:86 templates/_nav.html:87
+#: audits/views.py:86 templates/_nav.html:91
 msgid "FTP log"
 msgstr "FTP日志"
 
-#: audits/views.py:130 templates/_nav.html:88
+#: audits/views.py:130 templates/_nav.html:92
 msgid "Operate log"
 msgstr "操作日志"
 
-#: audits/views.py:166 templates/_nav.html:89
+#: audits/views.py:166 templates/_nav.html:93
 msgid "Password change log"
 msgstr "改密日志"
 
-#: audits/views.py:210 templates/_nav.html:86
+#: audits/views.py:210 templates/_nav.html:90
 msgid "Login log"
 msgstr "登录日志"
 
@@ -2949,7 +2949,7 @@ msgstr "更新任务内容: {}"
 msgid "Ops"
 msgstr "作业中心"
 
-#: ops/views/adhoc.py:45 templates/_nav.html:77
+#: ops/views/adhoc.py:45 templates/_nav.html:81
 msgid "Task list"
 msgstr "任务列表"
 
@@ -2987,7 +2987,7 @@ msgstr "下载文件"
 #: perms/templates/perms/asset_permission_list.html:75
 #: perms/templates/perms/asset_permission_list.html:122
 #: perms/templates/perms/remote_app_permission_list.html:16
-#: templates/_nav.html:14 users/forms.py:263 users/models/group.py:26
+#: templates/_nav.html:14 users/forms.py:270 users/models/group.py:26
 #: users/models/user.py:67 users/templates/users/_select_user_modal.html:16
 #: users/templates/users/user_detail.html:213
 #: users/templates/users/user_list.html:38
@@ -3010,7 +3010,7 @@ msgid "Asset or group at least one required"
 msgstr "资产和节点至少选一个"
 
 #: perms/models/asset_permission.py:44 perms/models/asset_permission.py:70
-#: templates/_nav.html:42
+#: templates/_nav.html:44
 msgid "Asset permission"
 msgstr "资产授权"
 
@@ -3171,7 +3171,7 @@ msgstr "添加用户组"
 #: perms/views/remote_app_permission.py:63
 #: perms/views/remote_app_permission.py:76
 #: perms/views/remote_app_permission.py:102
-#: perms/views/remote_app_permission.py:138 templates/_nav.html:39
+#: perms/views/remote_app_permission.py:138 templates/_nav.html:41
 #: xpack/plugins/orgs/templates/orgs/org_list.html:21
 msgid "Perms"
 msgstr "权限管理"
@@ -3224,33 +3224,33 @@ msgstr "远程应用授权用户列表"
 msgid "RemoteApp permission RemoteApp list"
 msgstr "远程应用授权远程应用列表"
 
-#: settings/api.py:26
+#: settings/api.py:28
 msgid "Test mail sent to {}, please check"
 msgstr "邮件已经发送{}, 请检查"
 
-#: settings/api.py:50
+#: settings/api.py:52
 msgid "Test ldap success"
 msgstr "连接LDAP成功"
 
-#: settings/api.py:87
+#: settings/api.py:89
 msgid "Match {} s users"
 msgstr "匹配 {} 个用户"
 
-#: settings/api.py:120
+#: settings/api.py:158
 msgid "succeed: {} failed: {} total: {}"
 msgstr "成功:{} 失败:{} 总数:{}"
 
-#: settings/api.py:142 settings/api.py:178
+#: settings/api.py:180 settings/api.py:216
 msgid ""
 "Error: Account invalid (Please make sure the information such as Access key "
 "or Secret key is correct)"
 msgstr "错误:账户无效 (请确保 Access key 或 Secret key 等信息正确)"
 
-#: settings/api.py:148 settings/api.py:184
+#: settings/api.py:186 settings/api.py:222
 msgid "Create succeed"
 msgstr "创建成功"
 
-#: settings/api.py:166 settings/api.py:204
+#: settings/api.py:204 settings/api.py:242
 #: settings/templates/settings/terminal_setting.html:154
 msgid "Delete succeed"
 msgstr "删除成功"
@@ -3295,7 +3295,7 @@ msgstr "SMTP密码"
 msgid "Some provider use token except password"
 msgstr "一些邮件提供商需要输入的是Token"
 
-#: settings/forms.py:86 settings/forms.py:125
+#: settings/forms.py:86
 msgid "Use SSL"
 msgstr "使用SSL"
 
@@ -3407,35 +3407,43 @@ msgid ""
 "for all users, including administrators)"
 msgstr "开启后,用户登录必须使用MFA二次认证(对所有用户有效,包括管理员)"
 
+#: settings/forms.py:185
+msgid "Batch execute commands"
+msgstr "批量命令"
+
 #: settings/forms.py:186
+msgid "Allow user batch execute commands"
+msgstr "允许用户批量执行命令"
+
+#: settings/forms.py:191
 msgid "Limit the number of login failures"
 msgstr "限制登录失败次数"
 
-#: settings/forms.py:190
+#: settings/forms.py:195
 msgid "No logon interval"
 msgstr "禁止登录时间间隔"
 
-#: settings/forms.py:192
+#: settings/forms.py:197
 msgid ""
 "Tip: (unit/minute) if the user has failed to log in for a limited number of "
 "times, no login is allowed during this time interval."
 msgstr ""
 "提示:(单位:分)当用户登录失败次数达到限制后,那么在此时间间隔内禁止登录"
 
-#: settings/forms.py:199
+#: settings/forms.py:204
 msgid "Connection max idle time"
 msgstr "SSH最大空闲时间"
 
-#: settings/forms.py:201
+#: settings/forms.py:206
 msgid ""
 "If idle time more than it, disconnect connection(only ssh now) Unit: minute"
 msgstr "提示:(单位:分)如果超过该配置没有操作,连接会被断开(仅ssh)"
 
-#: settings/forms.py:207
+#: settings/forms.py:212
 msgid "Password expiration time"
 msgstr "密码过期时间"
 
-#: settings/forms.py:209
+#: settings/forms.py:214
 msgid ""
 "Tip: (unit: day) If the user does not update the password during the time, "
 "the user password will expire failure;The password expiration reminder mail "
@@ -3445,81 +3453,81 @@ msgstr ""
 "提示:(单位:天)如果用户在此期间没有更新密码,用户密码将过期失效; 密码过期"
 "提醒邮件将在密码过期前5天内由系统(每天)自动发送给用户"
 
-#: settings/forms.py:218
+#: settings/forms.py:223
 msgid "Password minimum length"
 msgstr "密码最小长度 "
 
-#: settings/forms.py:222
+#: settings/forms.py:227
 msgid "Must contain capital letters"
 msgstr "必须包含大写字母"
 
-#: settings/forms.py:224
+#: settings/forms.py:229
 msgid ""
 "After opening, the user password changes and resets must contain uppercase "
 "letters"
 msgstr "开启后,用户密码修改、重置必须包含大写字母"
 
-#: settings/forms.py:229
+#: settings/forms.py:234
 msgid "Must contain lowercase letters"
 msgstr "必须包含小写字母"
 
-#: settings/forms.py:230
+#: settings/forms.py:235
 msgid ""
 "After opening, the user password changes and resets must contain lowercase "
 "letters"
 msgstr "开启后,用户密码修改、重置必须包含小写字母"
 
-#: settings/forms.py:235
+#: settings/forms.py:240
 msgid "Must contain numeric characters"
 msgstr "必须包含数字字符"
 
-#: settings/forms.py:236
+#: settings/forms.py:241
 msgid ""
 "After opening, the user password changes and resets must contain numeric "
 "characters"
 msgstr "开启后,用户密码修改、重置必须包含数字字符"
 
-#: settings/forms.py:241
+#: settings/forms.py:246
 msgid "Must contain special characters"
 msgstr "必须包含特殊字符"
 
-#: settings/forms.py:242
+#: settings/forms.py:247
 msgid ""
 "After opening, the user password changes and resets must contain special "
 "characters"
 msgstr "开启后,用户密码修改、重置必须包含特殊字符"
 
-#: settings/forms.py:249
+#: settings/forms.py:254
 msgid "Create user email subject"
 msgstr "创建用户邮件的主题"
 
-#: settings/forms.py:250
+#: settings/forms.py:255
 msgid ""
 "Tips: When creating a user, send the subject of the email (eg:Create account "
 "successfully)"
 msgstr "提示: 创建用户时,发送设置密码邮件的主题 (例如: 创建用户成功)"
 
-#: settings/forms.py:254
+#: settings/forms.py:259
 msgid "Create user honorific"
 msgstr "创建用户邮件的敬语"
 
-#: settings/forms.py:255
+#: settings/forms.py:260
 msgid "Tips: When creating a user, send the honorific of the email (eg:Hello)"
 msgstr "提示: 创建用户时,发送设置密码邮件的敬语 (例如: 您好)"
 
-#: settings/forms.py:260
+#: settings/forms.py:265
 msgid "Create user email content"
 msgstr "创建用户邮件的内容"
 
-#: settings/forms.py:261
+#: settings/forms.py:266
 msgid "Tips:When creating a user, send the content of the email"
 msgstr "提示: 创建用户时,发送设置密码邮件的内容"
 
-#: settings/forms.py:264
+#: settings/forms.py:269
 msgid "Signature"
 msgstr "署名"
 
-#: settings/forms.py:265
+#: settings/forms.py:270
 msgid "Tips: Email signature (eg:jumpserver)"
 msgstr "提示: 邮件的署名 (例如: jumpserver)"
 
@@ -3622,7 +3630,7 @@ msgstr "创建用户设置"
 msgid "Bulk import"
 msgstr "一键导入"
 
-#: settings/templates/settings/ldap_setting.html:119
+#: settings/templates/settings/ldap_setting.html:116
 msgid ""
 "User is not currently selected, please check the user you want to import"
 msgstr "当前无勾选用户,请勾选你想要导入的用户"
@@ -3731,17 +3739,17 @@ msgstr "删除失败"
 msgid "Are you sure about deleting it?"
 msgstr "您确定删除吗?"
 
-#: settings/utils.py:85
+#: settings/utils.py:84
 msgid "Search no entry matched in ou {}"
 msgstr "在ou:{}中没有匹配条目"
 
-#: settings/utils.py:113
+#: settings/utils.py:112
 msgid "The user source is not LDAP"
 msgstr "用户来源不是LDAP"
 
 #: settings/views.py:18 settings/views.py:44 settings/views.py:70
 #: settings/views.py:99 settings/views.py:126 settings/views.py:138
-#: settings/views.py:151 settings/views.py:177 templates/_nav.html:118
+#: settings/views.py:151 settings/views.py:177 templates/_nav.html:122
 msgid "Settings"
 msgstr "系统设置"
 
@@ -3770,7 +3778,7 @@ msgstr "文档"
 msgid "Commercial support"
 msgstr "商业支持"
 
-#: templates/_header_bar.html:89 templates/_nav_user.html:26 users/forms.py:131
+#: templates/_header_bar.html:89 templates/_nav_user.html:26 users/forms.py:138
 #: users/templates/users/_user.html:43
 #: users/templates/users/first_login.html:39
 #: users/templates/users/user_password_update.html:40
@@ -3885,58 +3893,58 @@ msgstr "用户列表"
 msgid "Command filters"
 msgstr "命令过滤"
 
-#: templates/_nav.html:32
+#: templates/_nav.html:33
 msgid "Applications"
 msgstr "应用管理"
 
-#: templates/_nav.html:51
+#: templates/_nav.html:55
 msgid "Sessions"
 msgstr "会话管理"
 
-#: templates/_nav.html:54
+#: templates/_nav.html:58
 msgid "Session online"
 msgstr "在线会话"
 
-#: templates/_nav.html:55
+#: templates/_nav.html:59
 msgid "Session offline"
 msgstr "历史会话"
 
-#: templates/_nav.html:56
+#: templates/_nav.html:60
 msgid "Commands"
 msgstr "命令记录"
 
-#: templates/_nav.html:59 templates/_nav_user.html:31
+#: templates/_nav.html:63 templates/_nav_user.html:31
 msgid "Web terminal"
 msgstr "Web终端"
 
-#: templates/_nav.html:64 templates/_nav_user.html:36
+#: templates/_nav.html:68 templates/_nav_user.html:36
 msgid "File manager"
 msgstr "文件管理"
 
-#: templates/_nav.html:68 terminal/views/command.py:50
+#: templates/_nav.html:72 terminal/views/command.py:50
 #: terminal/views/session.py:74 terminal/views/session.py:92
 #: terminal/views/session.py:115 terminal/views/terminal.py:31
 #: terminal/views/terminal.py:46 terminal/views/terminal.py:58
 msgid "Terminal"
 msgstr "终端管理"
 
-#: templates/_nav.html:74
+#: templates/_nav.html:78
 msgid "Job Center"
 msgstr "作业中心"
 
-#: templates/_nav.html:78 templates/_nav.html:90
+#: templates/_nav.html:82 templates/_nav.html:94
 msgid "Batch command"
 msgstr "批量命令"
 
-#: templates/_nav.html:96
+#: templates/_nav.html:100
 msgid "XPack"
 msgstr ""
 
-#: templates/_nav.html:104 xpack/plugins/cloud/views.py:26
+#: templates/_nav.html:108 xpack/plugins/cloud/views.py:26
 msgid "Account list"
 msgstr "账户列表"
 
-#: templates/_nav.html:105
+#: templates/_nav.html:109
 msgid "Sync instance"
 msgstr "同步实例"
 
@@ -4190,7 +4198,7 @@ msgstr "最后活跃日期"
 msgid "Date end"
 msgstr "结束日期"
 
-#: terminal/models.py:242
+#: terminal/models.py:259
 msgid "Args"
 msgstr "参数"
 
@@ -4331,15 +4339,7 @@ msgstr "你没有权限"
 msgid "Could not reset self otp, use profile reset instead"
 msgstr "不能再该页面重置MFA, 请去个人信息页面重置"
 
-#: users/forms.py:25
-msgid "Reset link will be generated and sent to the user"
-msgstr "生成重置密码链接,通过邮件发送给用户"
-
-#: users/forms.py:26
-msgid "Set password"
-msgstr "设置密码"
-
-#: users/forms.py:38 users/models/user.py:71
+#: users/forms.py:32 users/models/user.py:71
 #: users/templates/users/_select_user_modal.html:15
 #: users/templates/users/user_detail.html:87
 #: users/templates/users/user_list.html:37
@@ -4347,19 +4347,39 @@ msgstr "设置密码"
 msgid "Role"
 msgstr "角色"
 
-#: users/forms.py:41 users/forms.py:210
+#: users/forms.py:35 users/forms.py:217
 msgid "ssh public key"
 msgstr "ssh公钥"
 
-#: users/forms.py:42 users/forms.py:211
+#: users/forms.py:36 users/forms.py:218
 msgid "ssh-rsa AAAA..."
 msgstr ""
 
-#: users/forms.py:43
+#: users/forms.py:37
 msgid "Paste user id_rsa.pub here."
 msgstr "复制用户公钥到这里"
 
-#: users/forms.py:47 xpack/plugins/change_auth_plan/models.py:83
+#: users/forms.py:51 users/templates/users/user_detail.html:221
+msgid "Join user groups"
+msgstr "添加到用户组"
+
+#: users/forms.py:85 users/forms.py:232
+msgid "Public key should not be the same as your old one."
+msgstr "不能和原来的密钥相同"
+
+#: users/forms.py:89 users/forms.py:236 users/serializers/v1.py:47
+msgid "Not a valid ssh public key"
+msgstr "ssh密钥不合法"
+
+#: users/forms.py:109
+msgid "Reset link will be generated and sent to the user"
+msgstr "生成重置密码链接,通过邮件发送给用户"
+
+#: users/forms.py:110
+msgid "Set password"
+msgstr "设置密码"
+
+#: users/forms.py:117 xpack/plugins/change_auth_plan/models.py:83
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_create_update.html:51
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_detail.html:69
 #: xpack/plugins/change_auth_plan/templates/change_auth_plan/plan_execution_list.html:57
@@ -4367,19 +4387,7 @@ msgstr "复制用户公钥到这里"
 msgid "Password strategy"
 msgstr "密码策略"
 
-#: users/forms.py:61 users/templates/users/user_detail.html:221
-msgid "Join user groups"
-msgstr "添加到用户组"
-
-#: users/forms.py:95 users/forms.py:225
-msgid "Public key should not be the same as your old one."
-msgstr "不能和原来的密钥相同"
-
-#: users/forms.py:99 users/forms.py:229 users/serializers/v1.py:47
-msgid "Not a valid ssh public key"
-msgstr "ssh密钥不合法"
-
-#: users/forms.py:137
+#: users/forms.py:144
 msgid ""
 "Tip: when enabled, you will enter the MFA binding process the next time you "
 "log in. you can also directly bind in \"personal information -> quick "
@@ -4388,11 +4396,11 @@ msgstr ""
 "提示:启用之后您将会在下次登录时进入MFA绑定流程;您也可以在(个人信息->快速修"
 "改->更改MFA设置)中直接绑定!"
 
-#: users/forms.py:147
+#: users/forms.py:154
 msgid "* Enable MFA authentication to make the account more secure."
 msgstr "* 启用MFA认证,使账号更加安全."
 
-#: users/forms.py:157
+#: users/forms.py:164
 msgid ""
 "In order to protect you and your company, please keep your account, password "
 "and key sensitive information properly. (for example: setting complex "
@@ -4401,41 +4409,41 @@ msgstr ""
 "为了保护您和公司的安全,请妥善保管您的账户、密码和密钥等重要敏感信息;(如:"
 "设置复杂密码,启用MFA认证)"
 
-#: users/forms.py:164 users/templates/users/first_login.html:48
+#: users/forms.py:171 users/templates/users/first_login.html:48
 #: users/templates/users/first_login.html:107
 #: users/templates/users/first_login.html:130
 msgid "Finish"
 msgstr "完成"
 
-#: users/forms.py:170
+#: users/forms.py:177
 msgid "Old password"
 msgstr "原来密码"
 
-#: users/forms.py:175
+#: users/forms.py:182
 msgid "New password"
 msgstr "新密码"
 
-#: users/forms.py:180
+#: users/forms.py:187
 msgid "Confirm password"
 msgstr "确认密码"
 
-#: users/forms.py:190
+#: users/forms.py:197
 msgid "Old password error"
 msgstr "原来密码错误"
 
-#: users/forms.py:198
+#: users/forms.py:205
 msgid "Password does not match"
 msgstr "密码不一致"
 
-#: users/forms.py:208
+#: users/forms.py:215
 msgid "Automatically configure and download the SSH key"
 msgstr "自动配置并下载SSH密钥"
 
-#: users/forms.py:212
+#: users/forms.py:219
 msgid "Paste your id_rsa.pub here."
 msgstr "复制你的公钥到这里"
 
-#: users/forms.py:246 users/forms.py:251 users/forms.py:297
+#: users/forms.py:253 users/forms.py:258 users/forms.py:304
 #: xpack/plugins/orgs/forms.py:30
 msgid "Select users"
 msgstr "选择用户"
@@ -4827,45 +4835,45 @@ msgstr "添加用户"
 msgid "Create user group"
 msgstr "创建用户组"
 
-#: users/templates/users/user_group_list.html:109
+#: users/templates/users/user_group_list.html:114
 msgid "This will delete the selected groups !!!"
 msgstr "删除选择组"
 
-#: users/templates/users/user_group_list.html:118
+#: users/templates/users/user_group_list.html:123
 msgid "UserGroups Deleted."
 msgstr "用户组删除"
 
-#: users/templates/users/user_group_list.html:119
 #: users/templates/users/user_group_list.html:124
+#: users/templates/users/user_group_list.html:129
 msgid "UserGroups Delete"
 msgstr "用户组删除"
 
-#: users/templates/users/user_group_list.html:123
+#: users/templates/users/user_group_list.html:128
 msgid "UserGroup Deleting failed."
 msgstr "用户组删除失败"
 
-#: users/templates/users/user_list.html:264
+#: users/templates/users/user_list.html:252
 msgid "This will delete the selected users !!!"
 msgstr "删除选中用户 !!!"
 
-#: users/templates/users/user_list.html:280
+#: users/templates/users/user_list.html:268
 msgid "User Deleted."
 msgstr "已被删除"
 
-#: users/templates/users/user_list.html:281
-#: users/templates/users/user_list.html:285
+#: users/templates/users/user_list.html:269
+#: users/templates/users/user_list.html:273
 msgid "User Delete"
 msgstr "删除"
 
-#: users/templates/users/user_list.html:284
+#: users/templates/users/user_list.html:272
 msgid "User Deleting failed."
 msgstr "用户删除失败"
 
-#: users/templates/users/user_list.html:337
+#: users/templates/users/user_list.html:325
 msgid "User is expired"
 msgstr "用户已失效"
 
-#: users/templates/users/user_list.html:340
+#: users/templates/users/user_list.html:328
 msgid "User is inactive"
 msgstr "用户已禁用"
 
diff --git a/apps/ops/api/command.py b/apps/ops/api/command.py
index 29f1b742c..dbc3aa218 100644
--- a/apps/ops/api/command.py
+++ b/apps/ops/api/command.py
@@ -2,6 +2,7 @@
 #
 from rest_framework import viewsets
 from django.db import transaction
+from django.conf import settings
 
 from common.permissions import IsValidUser
 from ..models import CommandExecution
@@ -18,6 +19,11 @@ class CommandExecutionViewSet(viewsets.ModelViewSet):
             user_id=str(self.request.user.id)
         )
 
+    def check_permissions(self, request):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return self.permission_denied(request, "Command execution disabled")
+        return super().check_permissions(request)
+
     def perform_create(self, serializer):
         instance = serializer.save()
         instance.user = self.request.user
diff --git a/apps/perms/mixins.py b/apps/perms/mixins.py
index 3adaa6e5b..f302285a6 100644
--- a/apps/perms/mixins.py
+++ b/apps/perms/mixins.py
@@ -14,6 +14,7 @@ class AssetsFilterMixin(object):
 
     def filter_queryset(self, queryset):
         queryset = self.search_assets(queryset)
+        queryset = self.filter_labels(queryset)
         queryset = self.sort_assets(queryset)
         return queryset
 
@@ -40,6 +41,31 @@ class AssetsFilterMixin(object):
         queryset = sort_assets(queryset, order_by=order_by, reverse=reverse)
         return queryset
 
+    def filter_labels(self, queryset):
+        from assets.models import Label
+        query_keys = self.request.query_params.keys()
+        all_label_keys = Label.objects.values_list('name', flat=True)
+        valid_keys = set(all_label_keys) & set(query_keys)
+        labels_query = {}
+        for key in valid_keys:
+            labels_query[key] = self.request.query_params.get(key)
+        if not labels_query:
+            return queryset
+
+        labels = set()
+        for k, v in labels_query.items():
+            label = Label.objects.filter(name=k, value=v).first()
+            if not label:
+                continue
+            labels.add(label)
+
+        _queryset = []
+        for asset in queryset:
+            _labels = set(asset.labels.all()) & set(labels)
+            if _labels and len(_labels) == len(set(labels)):
+                _queryset.append(asset)
+        return _queryset
+
 
 class RemoteAppFilterMixin(object):
     """
diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py
index fb0676a5e..90fd68569 100644
--- a/apps/perms/utils/asset_permission.py
+++ b/apps/perms/utils/asset_permission.py
@@ -37,9 +37,21 @@ class GenerateTree:
 
     def add_asset(self, asset, system_users):
         nodes = asset.nodes.all()
-        self.add_nodes(nodes)
+        in_nodes = False
         for node in nodes:
+            if node not in self.nodes:
+                continue
             self.nodes[node][asset].update(system_users)
+            in_nodes = True
+        if not in_nodes:
+            all_nodes = self.nodes.keys()
+            # 如果没有授权节点,就放到默认的根节点下
+            if not all_nodes:
+                root_node = Node.root()
+                self.add_node(root_node)
+            else:
+                root_node = max(all_nodes)
+            self.nodes[root_node][asset].update(system_users)
 
     def get_nodes(self):
         for node in self.nodes:
@@ -50,6 +62,7 @@ class GenerateTree:
             node.assets_amount = len(assets)
         return self.nodes
 
+    # 添加节点时,追溯到根节点
     def add_node(self, node):
         if node in self.nodes:
             return
@@ -62,9 +75,11 @@ class GenerateTree:
                 self.add_node(n)
                 break
 
+    # 添加树节点
     def add_nodes(self, nodes):
         for node in nodes:
             self.add_node(node)
+            self.add_nodes(node.get_all_children(with_self=False))
 
 
 def get_user_permissions(user, include_group=True):
@@ -123,6 +138,7 @@ class AssetPermissionUtil:
         self._assets = None
         self._filter_id = 'None'  # 当通过filter更改 permission是标记
         self.cache_policy = cache_policy
+        self.tree = GenerateTree()
 
     @classmethod
     def is_not_using_cache(cls, cache_policy):
@@ -181,6 +197,7 @@ class AssetPermissionUtil:
         permissions = self.permissions.prefetch_related('nodes', 'system_users')
         for perm in permissions:
             actions = perm.actions.all()
+            self.tree.add_nodes(perm.nodes.all())
             for node in perm.nodes.all():
                 system_users = perm.system_users.all()
                 system_users = self._structured_system_user(system_users, actions)
@@ -275,10 +292,9 @@ class AssetPermissionUtil:
         :return:
         """
         assets = self.get_assets_without_cache()
-        tree = GenerateTree()
         for asset, system_users in assets.items():
-            tree.add_asset(asset, system_users)
-        return tree.get_nodes()
+            self.tree.add_asset(asset, system_users)
+        return self.tree.get_nodes()
 
     def get_nodes_with_assets_from_cache(self):
         cached = cache.get(self.node_key)
diff --git a/apps/settings/forms.py b/apps/settings/forms.py
index 3f6a690a8..228abb7ec 100644
--- a/apps/settings/forms.py
+++ b/apps/settings/forms.py
@@ -180,6 +180,11 @@ class SecuritySettingForm(BaseForm):
             'authentication (valid for all users, including administrators)'
         )
     )
+    # Execute commands for user
+    SECURITY_COMMAND_EXECUTION = forms.BooleanField(
+        required=False, label=_("Batch execute commands"),
+        help_text=_("Allow user batch execute commands")
+    )
     # limit login count
     SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
         min_value=3, max_value=99999,
diff --git a/apps/static/css/style.css b/apps/static/css/style.css
index 1bfc8ed34..2457db6a0 100644
--- a/apps/static/css/style.css
+++ b/apps/static/css/style.css
@@ -8118,7 +8118,7 @@ body.md-skin {
   #page-wrapper {
     position: inherit;
     margin: 0 0 0 220px;
-    min-height: 1200px;
+    /*min-height: 1200px;*/
   }
   .navbar-static-side {
     z-index: 2001;
diff --git a/apps/templates/_nav_user.html b/apps/templates/_nav_user.html
index 5412dc37d..5f77fb99e 100644
--- a/apps/templates/_nav_user.html
+++ b/apps/templates/_nav_user.html
@@ -16,11 +16,13 @@
         </li>
     </ul>
 </li>
+{% if SECURITY_COMMAND_EXECUTION %}
 <li id="ops">
     <a href="{% url 'ops:command-execution-start' %}">
         <i class="fa fa-terminal" style="width: 14px"></i> <span class="nav-label">{% trans 'Command execution' %}</span><span class="label label-info pull-right"></span>
     </a>
 </li>
+{% endif %}
 <li id="users">
     <a href="{% url 'users:user-profile' %}">
         <i class="fa fa-user" style="width: 14px"></i> <span class="nav-label">{% trans 'Profile' %}</span><span class="label label-info pull-right"></span>
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index c7668cb86..116819770 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -48,6 +48,9 @@ class UserViewSet(IDInCacheFilterMixin, BulkModelViewSet):
 
     def perform_create(self, serializer):
         users = serializer.save()
+        for user in users:
+            if current_org and current_org.is_real():
+                user.orgs.add(current_org.id)
         self.send_created_signal(users)
 
     def get_queryset(self):