diff --git a/apps/ops/api/exc.py b/apps/ops/api/exc.py
new file mode 100644
index 000000000..81deb805c
--- /dev/null
+++ b/apps/ops/api/exc.py
@@ -0,0 +1,16 @@
+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals, print_function
+
+from rest_framework.exceptions import APIException
+from django.utils.translation import ugettext as _
+
+
+class ServiceUnavailable(APIException):
+    status_code = default_code = 503
+    default_detail = _('Service temporarily unavailable, try again later.')
+
+
+class ServiceNotImplemented(APIException):
+    status_code = default_code = 501
+    default_detail = _('This service maybe implemented in the future, but now not implemented!')
+
diff --git a/apps/ops/api/permissions.py b/apps/ops/api/permissions.py
new file mode 100644
index 000000000..0fc0d0861
--- /dev/null
+++ b/apps/ops/api/permissions.py
@@ -0,0 +1,19 @@
+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from rest_framework import permissions
+
+
+class AdminUserRequired(permissions.BasePermission):
+    """
+    Custom permission to only allow admin user to access the resource.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        # Write permissions are only allowed to the admin role.
+        return request.user.is_staff