diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py
index ec66feecc..803755769 100644
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@@ -2,8 +2,6 @@ from django.utils.translation import ugettext_noop
 
 from .const import Scope, system_exclude_permissions, org_exclude_permissions
 
-# Todo: 获取应该区分 系统用户，和组织用户的权限
-# 工作台也区分组织后再考虑
 user_perms = (
     ('rbac', 'menupermission', 'view', 'workspace'),
     ('rbac', 'menupermission', 'view', 'webterminal'),
@@ -13,7 +11,6 @@ user_perms = (
     ('assets', 'asset', 'match', 'asset'),
     ('assets', 'systemuser', 'match', 'systemuser'),
     ('assets', 'node', 'match', 'node'),
-    ('applications', 'application', 'match', 'application'),
     ('ops', 'commandexecution', 'add', 'commandexecution'),
     ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
     ('tickets', 'ticket', 'view', 'ticket'),
@@ -21,6 +18,7 @@ user_perms = (
 
 auditor_perms = user_perms + (
     ('rbac', 'menupermission', 'view', 'audit'),
+    ('rbac', 'menupermission', 'view', 'dashboard'),
     ('audits', '*', '*', '*'),
     ('terminal', 'commandstorage', 'view', 'commandstorage'),
     ('terminal', 'sessionreplay', 'view,download', 'sessionreplay'),
@@ -89,7 +87,7 @@ class PredefineRole:
 
 class BuiltinRole:
     system_admin = PredefineRole(
-        '1', ugettext_noop('SystemAdmin'), Scope.system, user_perms
+        '1', ugettext_noop('SystemAdmin'), Scope.system, []
     )
     system_auditor = PredefineRole(
         '2', ugettext_noop('SystemAuditor'), Scope.system, auditor_perms
@@ -98,7 +96,7 @@ class BuiltinRole:
         '4', ugettext_noop('SystemComponent'), Scope.system, app_exclude_perms, 'exclude'
     )
     system_user = PredefineRole(
-        '3', ugettext_noop('User'), Scope.system, []
+        '3', ugettext_noop('User'), Scope.system, user_perms
     )
     org_admin = PredefineRole(
         '5', ugettext_noop('OrgAdmin'), Scope.org, []