diff --git a/apps/assets/forms/domain.py b/apps/assets/forms/domain.py
index 635796c97..25295782a 100644
--- a/apps/assets/forms/domain.py
+++ b/apps/assets/forms/domain.py
@@ -28,6 +28,15 @@ class DomainForm(forms.ModelForm):
             initial['assets'] = kwargs['instance'].assets.all()
         super().__init__(*args, **kwargs)
 
+        # 前端渲染优化, 防止过多资产
+        assets_field = self.fields.get('assets')
+        if not self.data:
+            instance = kwargs.get('instance')
+            if instance:
+                assets_field.queryset = instance.assets.all()
+            else:
+                assets_field.queryset = Asset.objects.none()
+
     def save(self, commit=True):
         instance = super().save(commit=commit)
         assets = self.cleaned_data['assets']
diff --git a/apps/assets/forms/label.py b/apps/assets/forms/label.py
index ebdc9384e..8a5a54e4a 100644
--- a/apps/assets/forms/label.py
+++ b/apps/assets/forms/label.py
@@ -26,6 +26,15 @@ class LabelForm(forms.ModelForm):
             initial['assets'] = kwargs['instance'].assets.all()
         super().__init__(*args, **kwargs)
 
+        # 前端渲染优化, 防止过多资产
+        assets_field = self.fields.get('assets')
+        if not self.data:
+            instance = kwargs.get('instance')
+            if instance:
+                assets_field.queryset = instance.assets.all()
+            else:
+                assets_field.queryset = Asset.objects.none()
+
     def save(self, commit=True):
         label = super().save(commit=commit)
         assets = self.cleaned_data['assets']
diff --git a/apps/assets/tasks.py b/apps/assets/tasks.py
index 9dd58b78e..ce5be0b6f 100644
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@@ -1,16 +1,16 @@
 # ~*~ coding: utf-8 ~*~
 import json
 import re
+import time
 import os
 
 from celery import shared_task
 from django.utils.translation import ugettext as _
+from django.core.cache import cache
 
 from common.utils import capacity_convert, \
     sum_capacity, encrypt_password, get_logger
-from ops.celery.utils import register_as_period_task, after_app_shutdown_clean, \
-    after_app_ready_start
-from orgs.utils import set_to_root_org
+from ops.celery.utils import register_as_period_task, after_app_shutdown_clean
 
 from .models import SystemUser, AdminUser, Asset
 from . import const
@@ -211,6 +211,12 @@ def test_admin_user_connectivity_period():
     """
     A period task that update the ansible task period
     """
+    key = '_JMS_TEST_ADMIN_USER_CONNECTIVITY_PERIOD'
+    prev_execute_time = cache.get(key)
+    if prev_execute_time:
+        logger.debug("Test admin user connectivity, less than 40 minutes, skip")
+        return
+    cache.set(key, 1, 60*40)
     admin_users = AdminUser.objects.all()
     for admin_user in admin_users:
         task_name = _("Test admin user connectivity period: {}").format(admin_user.name)
diff --git a/apps/assets/templates/assets/domain_create_update.html b/apps/assets/templates/assets/domain_create_update.html
index 0d6935226..7a31e3e88 100644
--- a/apps/assets/templates/assets/domain_create_update.html
+++ b/apps/assets/templates/assets/domain_create_update.html
@@ -24,7 +24,6 @@
 {% block custom_foot_js %}
 <script type="text/javascript">
 $(document).ready(function () {
-    console.log($.fn.select2.defaults);
     $('.select2').select2().off("select2:open");
 }).on('click', '.select2-selection__rendered', function (e) {
     e.preventDefault();
@@ -33,6 +32,18 @@ $(document).ready(function () {
 })
 .on('click', '#btn_asset_modal_confirm', function () {
     var assets = asset_table2.selected;
+    var options = [];
+    $('#id_assets option').each(function (i, v) {
+        options.push(v.value)
+    });
+    asset_table2.selected_rows.forEach(function (i) {
+        var name = i.hostname + '(' + i.ip + ')';
+        var option = new Option(name, i.id, false, true);
+
+        if (options.indexOf(i.id) === -1) {
+            $('#id_assets').append(option).trigger('change');
+        }
+    });
     $('.select2').val(assets).trigger('change');
     $("#asset_list_modal").modal('hide');
 
diff --git a/apps/assets/templates/assets/label_create_update.html b/apps/assets/templates/assets/label_create_update.html
index 0becb452e..d55bb8827 100644
--- a/apps/assets/templates/assets/label_create_update.html
+++ b/apps/assets/templates/assets/label_create_update.html
@@ -36,6 +36,18 @@ $(document).ready(function () {
 })
 .on('click', '#btn_asset_modal_confirm', function () {
     var assets = asset_table2.selected;
+    var options = [];
+    $('#id_assets option').each(function (i, v) {
+        options.push(v.value)
+    });
+    asset_table2.selected_rows.forEach(function (i) {
+        var name = i.hostname + '(' + i.ip + ')';
+        var option = new Option(name, i.id, false, true);
+
+        if (options.indexOf(i.id) === -1) {
+            $('#id_assets').append(option).trigger('change');
+        }
+    });
     $('#id_assets').val(assets).trigger('change');
     $("#asset_list_modal").modal('hide');
 })
diff --git a/apps/common/forms.py b/apps/common/forms.py
index f29d19ec3..33ee48f03 100644
--- a/apps/common/forms.py
+++ b/apps/common/forms.py
@@ -139,22 +139,23 @@ class TerminalSettingForm(BaseForm):
         (50, 50),
     )
     TERMINAL_PASSWORD_AUTH = forms.BooleanField(
-        initial=True, required=False, label=_("Password auth")
+        required=False, label=_("Password auth")
     )
     TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
-        initial=True, required=False, label=_("Public key auth")
+        required=False, label=_("Public key auth")
     )
     TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
-        initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
+        min_value=5, label=_("Heartbeat interval"),
+        help_text=_("Units: seconds")
     )
     TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
-        choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
+        choices=SORT_BY_CHOICES, label=_("List sort by")
     )
     TERMINAL_ASSET_LIST_PAGE_SIZE = forms.ChoiceField(
-        choices=PAGE_SIZE_CHOICES, initial='auto', label=_("List page size"),
+        choices=PAGE_SIZE_CHOICES, label=_("List page size"),
     )
     TERMINAL_SESSION_KEEP_DURATION = forms.IntegerField(
-        label=_("Session keep duration"),
+        min_value=1, label=_("Session keep duration"),
         help_text=_("Units: days, Session, record, command will be delete "
                     "if more than duration, only in database")
     )
@@ -167,8 +168,7 @@ class TerminalCommandStorage(BaseForm):
 class SecuritySettingForm(BaseForm):
     # MFA global setting
     SECURITY_MFA_AUTH = forms.BooleanField(
-        initial=False, required=False,
-        label=_("MFA Secondary certification"),
+        required=False, label=_("MFA Secondary certification"),
         help_text=_(
             'After opening, the user login must use MFA secondary '
             'authentication (valid for all users, including administrators)'
@@ -176,13 +176,11 @@ class SecuritySettingForm(BaseForm):
     )
     # limit login count
     SECURITY_LOGIN_LIMIT_COUNT = forms.IntegerField(
-        initial=7, min_value=3,
-        label=_("Limit the number of login failures")
+        min_value=3, label=_("Limit the number of login failures")
     )
     # limit login time
     SECURITY_LOGIN_LIMIT_TIME = forms.IntegerField(
-        initial=30, min_value=5,
-        label=_("No logon interval"),
+        min_value=5, label=_("No logon interval"),
         help_text=_(
             "Tip: (unit/minute) if the user has failed to log in for a limited "
             "number of times, no login is allowed during this time interval."
@@ -190,8 +188,7 @@ class SecuritySettingForm(BaseForm):
     )
     # ssh max idle time
     SECURITY_MAX_IDLE_TIME = forms.IntegerField(
-        initial=30, required=False,
-        label=_("Connection max idle time"),
+        required=False, label=_("Connection max idle time"),
         help_text=_(
             'If idle time more than it, disconnect connection(only ssh now) '
             'Unit: minute'
@@ -199,8 +196,8 @@ class SecuritySettingForm(BaseForm):
     )
     # password expiration time
     SECURITY_PASSWORD_EXPIRATION_TIME = forms.IntegerField(
-        initial=9999, label=_("Password expiration time"),
-        min_value=1,
+        label=_("Password expiration time"),
+        min_value=1, max_value=99999,
         help_text=_(
             "Tip: (unit: day) "
             "If the user does not update the password during the time, "
@@ -211,35 +208,30 @@ class SecuritySettingForm(BaseForm):
     )
     # min length
     SECURITY_PASSWORD_MIN_LENGTH = forms.IntegerField(
-        initial=6, label=_("Password minimum length"),
-        min_value=6
+        min_value=6, label=_("Password minimum length"),
     )
     # upper case
     SECURITY_PASSWORD_UPPER_CASE = forms.BooleanField(
-        initial=False, required=False,
-        label=_("Must contain capital letters"),
+        required=False, label=_("Must contain capital letters"),
         help_text=_(
             'After opening, the user password changes '
             'and resets must contain uppercase letters')
     )
     # lower case
     SECURITY_PASSWORD_LOWER_CASE = forms.BooleanField(
-        initial=False, required=False,
-        label=_("Must contain lowercase letters"),
+        required=False, label=_("Must contain lowercase letters"),
         help_text=_('After opening, the user password changes '
                     'and resets must contain lowercase letters')
     )
     # number
     SECURITY_PASSWORD_NUMBER = forms.BooleanField(
-        initial=False, required=False,
-        label=_("Must contain numeric characters"),
+        required=False, label=_("Must contain numeric characters"),
         help_text=_('After opening, the user password changes '
                     'and resets must contain numeric characters')
     )
     # special char
     SECURITY_PASSWORD_SPECIAL_CHAR = forms.BooleanField(
-        initial=False, required=False,
-        label=_("Must contain special characters"),
+        required=False, label=_("Must contain special characters"),
         help_text=_('After opening, the user password changes '
                     'and resets must contain special characters')
     )
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 61fd84249..ed19f3567 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -320,6 +320,16 @@ defaults = {
     'TERMINAL_ASSET_LIST_SORT_BY': 'hostname',
     'TERMINAL_ASSET_LIST_PAGE_SIZE': 'auto',
     'TERMINAL_SESSION_KEEP_DURATION': 9999,
+    'SECURITY_MFA_AUTH': False,
+    'SECURITY_LOGIN_LIMIT_COUNT': 7,
+    'SECURITY_LOGIN_LIMIT_TIME': 30,
+    'SECURITY_MAX_IDLE_TIME': 30,
+    'SECURITY_PASSWORD_EXPIRATION_TIME': 9999,
+    'SECURITY_PASSWORD_MIN_LENGTH': 6,
+    'SECURITY_PASSWORD_UPPER_CASE': False,
+    'SECURITY_PASSWORD_LOWER_CASE': False,
+    'SECURITY_PASSWORD_NUMBER': False,
+    'SECURITY_PASSWORD_SPECIAL_CHAR': False,
 }
 
 
diff --git a/apps/perms/forms.py b/apps/perms/forms.py
index 54250a28f..a07cdb2ef 100644
--- a/apps/perms/forms.py
+++ b/apps/perms/forms.py
@@ -7,6 +7,7 @@ from django.utils.translation import ugettext_lazy as _
 from orgs.mixins import OrgModelForm
 from orgs.utils import current_org
 from .models import AssetPermission
+from assets.models import Asset
 
 
 class AssetPermissionForm(OrgModelForm):
@@ -15,6 +16,15 @@ class AssetPermissionForm(OrgModelForm):
         users_field = self.fields.get('users')
         if hasattr(users_field, 'queryset'):
             users_field.queryset = current_org.get_org_users()
+        assets_field = self.fields.get('assets')
+
+        # 前端渲染优化, 防止过多资产
+        if not self.data:
+            instance = kwargs.get('instance')
+            if instance:
+                assets_field.queryset = instance.assets.all()
+            else:
+                assets_field.queryset = Asset.objects.none()
 
     class Meta:
         model = AssetPermission
diff --git a/apps/perms/templates/perms/asset_permission_create_update.html b/apps/perms/templates/perms/asset_permission_create_update.html
index fe2250239..337b24de2 100644
--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@@ -120,8 +120,20 @@ $(document).ready(function () {
 .on('click', '#btn_asset_modal_confirm', function () {
     var assets = asset_table2.selected;
 
-    $('#id_assets').val(assets).trigger('change');
+    var options = [];
+    $('#id_assets option').each(function (i, v) {
+        options.push(v.value)
+    });
+    asset_table2.selected_rows.forEach(function (i) {
+        var name = i.hostname + '(' + i.ip + ')';
+        var option = new Option(name, i.id, false, true);
 
+        if (options.indexOf(i.id) === -1) {
+            $('#id_assets').append(option).trigger('change');
+        }
+    });
+
+    $('#id_assets').val(assets).trigger('change');
     $("#asset_list_modal").modal('hide');
 });
 </script>
diff --git a/apps/static/js/jumpserver.js b/apps/static/js/jumpserver.js
index 82990ac5b..e46b32d13 100644
--- a/apps/static/js/jumpserver.js
+++ b/apps/static/js/jumpserver.js
@@ -528,6 +528,7 @@ jumpserver.initServerSideDataTable = function (options) {
         lengthMenu: [[10, 15, 25, 50], [10, 15, 25, 50]]
     });
     table.selected = [];
+    table.selected_rows = [];
     table.on('select', function(e, dt, type, indexes) {
         var $node = table[ type ]( indexes ).nodes().to$();
         $node.find('input.ipt_check').prop('checked', true);
@@ -535,6 +536,7 @@ jumpserver.initServerSideDataTable = function (options) {
         if (type === 'row') {
             var rows = table.rows(indexes).data();
             $.each(rows, function (id, row) {
+                table.selected_rows.push(row);
                 if (row.id && $.inArray(row.id, table.selected) === -1){
                     table.selected.push(row.id)
                 }
diff --git a/apps/terminal/api/v1/terminal.py b/apps/terminal/api/v1/terminal.py
index 7ab15d381..ac56b3ea9 100644
--- a/apps/terminal/api/v1/terminal.py
+++ b/apps/terminal/api/v1/terminal.py
@@ -86,7 +86,7 @@ class TerminalTokenApi(APIView):
         if not terminal.user or not terminal.user.access_key:
             return Response("No access key generate", status=401)
 
-        access_key = terminal.user.access_key.first()
+        access_key = terminal.user.access_key()
         data = OrderedDict()
         data['access_key'] = {'id': access_key.id, 'secret': access_key.secret}
         return Response(data, status=200)
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index f838554e1..a1119e3a7 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -47,7 +47,7 @@ class UserViewSet(IDInFilterMixin, BulkModelViewSet):
         return super().get_permissions()
 
     def allow_bulk_destroy(self, qs, filtered):
-        return qs.count() == filtered.count()
+        return qs.count() != filtered.count()
 
 
 class UserChangePasswordApi(generics.RetrieveUpdateAPIView):