diff --git a/apps/tickets/api/comment.py b/apps/tickets/api/comment.py
index dc7740d1a..382ad2c99 100644
--- a/apps/tickets/api/comment.py
+++ b/apps/tickets/api/comment.py
@@ -4,6 +4,7 @@
 from rest_framework import viewsets, mixins
 from common.exceptions import JMSException
 from common.utils import lazyproperty
+from rbac.permissions import RBACPermission
 from tickets import serializers
 from tickets.models import Ticket
 from tickets.permissions.comment import IsAssignee, IsApplicant, IsSwagger
@@ -14,7 +15,7 @@ __all__ = ['CommentViewSet']
 
 class CommentViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = serializers.CommentSerializer
-    permission_classes = (IsSwagger | IsAssignee | IsApplicant,)
+    permission_classes = (RBACPermission| IsSwagger | IsAssignee | IsApplicant)
 
     @lazyproperty
     def ticket(self):
diff --git a/apps/tickets/api/ticket.py b/apps/tickets/api/ticket.py
index e61dda569..f112dae0c 100644
--- a/apps/tickets/api/ticket.py
+++ b/apps/tickets/api/ticket.py
@@ -19,7 +19,6 @@ __all__ = ['TicketViewSet', 'TicketFlowViewSet']
 
 
 class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
-    permission_classes = (IsValidUser,)
     serializer_class = serializers.TicketDisplaySerializer
     serializer_classes = {
         'open': serializers.TicketApplySerializer,