diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py
index 34733dc59..f5b030d2b 100644
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@@ -6,7 +6,6 @@ _view_root_perms = (
     ('orgs', 'organization', 'view', 'rootorg'),
 )
 
-# 工作台也区分组织后再考虑
 user_perms = (
     ('rbac', 'menupermission', 'view', 'workbench'),
     ('rbac', 'menupermission', 'view', 'webterminal'),
@@ -25,7 +24,7 @@ system_user_perms = (
     ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
     ('authentication', 'accesskey', '*', '*'),
     ('tickets', 'ticket', 'view', 'ticket'),
-) + user_perms
+) + user_perms + _view_root_perms
 
 _auditor_perms = (
     ('rbac', 'menupermission', 'view', 'audit'),
diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py
index ded35a278..3caa83622 100644
--- a/apps/rbac/models/rolebinding.py
+++ b/apps/rbac/models/rolebinding.py
@@ -127,7 +127,7 @@ class RoleBinding(JMSModel):
             orgs = all_orgs.filter(id__in=org_ids)
 
         # 全局组织
-        if orgs and perm != 'rbac.view_workbench' and user.has_perm('orgs.view_rootorg'):
+        if orgs and user.has_perm('orgs.view_rootorg'):
             orgs = [Organization.root(), *list(orgs)]
         return orgs
 
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index a5d726fe0..70939f51f 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -33,7 +33,7 @@ __all__ = [
 
 class UserViewSet(CommonApiMixin, UserQuerysetMixin, SuggestionMixin, BulkModelViewSet):
     filterset_class = UserFilter
-    search_fields = ('username', 'email', 'name', 'id', 'source', 'role', 'is_active')
+    search_fields = ('username', 'email', 'name')
     serializer_classes = {
         'default': UserSerializer,
         'suggestion': MiniUserSerializer,