diff --git a/apps/common/utils.py b/apps/common/utils.py
index 4451f2532..f6cb9ea9a 100644
--- a/apps/common/utils.py
+++ b/apps/common/utils.py
@@ -6,6 +6,7 @@ from __future__ import unicode_literals
 from django.shortcuts import reverse as dj_reverse
 from django.conf import settings
 from django.core import signing
+from django.utils import timezone
 
 
 def reverse(viewname, urlconf=None, args=None, kwargs=None, current_app=None, external=False):
@@ -31,3 +32,11 @@ def encrypt(*args, **kwargs):
 def decrypt(*args, **kwargs):
     return signing.loads(*args, **kwargs)
 
+
+def date_expired_default():
+    try:
+        years = int(settings.CONFIG.DEFAULT_EXPIRED_YEARS)
+    except TypeError:
+        years = 70
+
+    return timezone.now() + timezone.timedelta(days=365 * years)
\ No newline at end of file
diff --git a/apps/perms/forms.py b/apps/perms/forms.py
new file mode 100644
index 000000000..83f9fe65b
--- /dev/null
+++ b/apps/perms/forms.py
@@ -0,0 +1,17 @@
+# ~*~ coding: utf-8 ~*~
+
+from __future__ import absolute_import, unicode_literals
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from users.models import User, UserGroup
+from assets.models import Asset, AssetGroup, SystemUser
+from .models import UserAssetPerm
+
+
+class UserAssetPermForm(forms.ModelForm):
+    class Meta:
+        model = UserAssetPerm
+        fields = [
+            'assets', 'asset_groups', 'system_users', 'date_expired', 'comment'
+        ]
diff --git a/apps/perms/hands.py b/apps/perms/hands.py
new file mode 100644
index 000000000..e4d282927
--- /dev/null
+++ b/apps/perms/hands.py
@@ -0,0 +1,11 @@
+# ~*~ coding: utf-8 ~*~
+#
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+
+
+
+
diff --git a/apps/perms/models.py b/apps/perms/models.py
index bd4b2abe9..85c8b4672 100644
--- a/apps/perms/models.py
+++ b/apps/perms/models.py
@@ -1,5 +1,23 @@
-from __future__ import unicode_literals
+from __future__ import unicode_literals, absolute_import
 
 from django.db import models
+from django.utils.translation import ugettext_lazy as _
 
-# Create your models here.
+from users.models import User, UserGroup
+from assets.models import Asset, AssetGroup, SystemUser
+from common.utils import date_expired_default
+
+
+class UserAssetPerm(models.Model):
+    user = models.ForeignKey(User, related_name='asset_perm', on_delete=models.CASCADE)
+    assets = models.ManyToManyField(Asset, related_name='user_perms', blank=True)
+    asset_groups = models.ManyToManyField(AssetGroup, related_name='user_perm', blank=True)
+    system_users = models.ManyToManyField(SystemUser, related_name='user_perm', blank=True)
+    date_expired = models.DateTimeField(default=date_expired_default, verbose_name=_('Date expired'))
+    created_by = models.CharField(max_length=128)
+    date_created = models.DateTimeField(auto_now=True)
+    comment = models.TextField(verbose_name=_('Comment'))
+
+
+class UserGroupAssetPerm(models.Model):
+    pass
diff --git a/apps/perms/views.py b/apps/perms/views.py
index 91ea44a21..166d9e6f3 100644
--- a/apps/perms/views.py
+++ b/apps/perms/views.py
@@ -1,3 +1,100 @@
-from django.shortcuts import render
+# ~*~ coding: utf-8 ~*~
 
-# Create your views here.
+from __future__ import unicode_literals, absolute_import
+
+from django.views.generic.list import ListView
+from django.conf import settings
+
+from .hands import AdminUserRequiredMixin
+from .models import UserAssetPerm, UserGroupAssetPerm
+
+
+class SystemUserListView(AdminUserRequiredMixin, ListView):
+    model = UserAssetPerm
+    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+    context_object_name = 'system_user_list'
+    template_name = 'assets/system_user_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('System user list'),
+            'keyword': self.request.GET.get('keyword', '')
+        }
+        kwargs.update(context)
+        return super(SystemUserListView, self).get_context_data(**kwargs)
+
+    def get_queryset(self):
+        # Todo: Default order by lose asset connection num
+        self.queryset = super(SystemUserListView, self).get_queryset()
+        self.keyword = keyword = self.request.GET.get('keyword', '')
+        self.sort = sort = self.request.GET.get('sort', '-date_created')
+
+        if keyword:
+            self.queryset = self.queryset.filter(Q(name__icontains=keyword) |
+                                                 Q(comment__icontains=keyword))
+
+        if sort:
+            self.queryset = self.queryset.order_by(sort)
+        return self.queryset
+
+
+class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+    model = SystemUser
+    form_class = SystemUserForm
+    template_name = 'assets/system_user_create_update.html'
+    success_url = reverse_lazy('assets:system-user-list')
+    success_message = _('Create system user <a href="%s">%s</a> successfully.')
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Create system user'),
+        }
+        kwargs.update(context)
+        return super(SystemUserCreateView, self).get_context_data(**kwargs)
+
+    def get_success_message(self, cleaned_data):
+        return self.success_message % (
+            reverse_lazy('assets:system-user-detail', kwargs={'pk': self.object.pk}),
+            self.object.name,
+        )
+
+
+class SystemUserUpdateView(AdminUserRequiredMixin, UpdateView):
+    model = SystemUser
+    form_class = SystemUserForm
+    template_name = 'assets/system_user_create_update.html'
+    success_message = _('Update system user <a href="%s">%s</a> successfully.')
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Update system user')
+        }
+        kwargs.update(context)
+        return super(SystemUserUpdateView, self).get_context_data(**kwargs)
+
+    def get_success_url(self):
+        success_url = reverse_lazy('assets:system-user-detail', pk=self.object.pk)
+        return success_url
+
+
+class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
+    template_name = 'assets/system_user_detail.html'
+    context_object_name = 'system_user'
+    model = SystemUser
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('System user detail')
+        }
+        kwargs.update(context)
+        return super(SystemUserDetailView, self).get_context_data(**kwargs)
+
+
+class SystemUserDeleteView(AdminUserRequiredMixin, DeleteView):
+    model = SystemUser
+    template_name = 'assets/delete_confirm.html'
+    success_url = 'assets:system-user-list'
diff --git a/apps/users/hands.py b/apps/users/hands.py
index e87060ecd..c24f183d7 100644
--- a/apps/users/hands.py
+++ b/apps/users/hands.py
@@ -10,5 +10,5 @@
     :license: GPL v2, see LICENSE for more details.
 """
 
-
+from users.utils import AdminUserRequiredMixin
 
diff --git a/apps/users/models.py b/apps/users/models.py
index fba66a8d8..80a5b51da 100644
--- a/apps/users/models.py
+++ b/apps/users/models.py
@@ -14,7 +14,7 @@ from django.utils.translation import ugettext_lazy as _
 
 from rest_framework.authtoken.models import Token
 
-from common.utils import encrypt, decrypt
+from common.utils import encrypt, decrypt, date_expired_default
 
 
 class UserGroup(models.Model):
@@ -58,10 +58,6 @@ class UserGroup(models.Model):
                 continue
 
 
-def date_expired_default():
-    return timezone.now() + timezone.timedelta(days=365 * 70)
-
-
 class User(AbstractUser):
     ROLE_CHOICES = (
         ('Admin', _('Administrator')),