diff --git a/apps/jumpserver/api_router.py b/apps/jumpserver/api_router.py
index c1fe2e087..524c397ac 100644
--- a/apps/jumpserver/api_router.py
+++ b/apps/jumpserver/api_router.py
@@ -1,12 +1,12 @@
 from rest_framework.routers import DefaultRouter
 from ops.api import views as ops_api_view
 
-router = DefaultRouter()
-router.register(r'host_alia',  ops_api_view.HostAliaViewSet)
-router.register(r'user_alia',  ops_api_view.UserAliaViewSet)
-router.register(r'cmd_alia',   ops_api_view.CmdAliaViewSet)
-router.register(r'runas_alia', ops_api_view.RunasAliaViewSet)
-router.register(r'extra_conf', ops_api_view.ExtraconfViewSet)
-router.register(r'privilege',  ops_api_view.PrivilegeViewSet)
-router.register(r'sudo',       ops_api_view.SudoViewSet)
-router.register(r'cron',       ops_api_view.CronTableViewSet)
\ No newline at end of file
+api_router = DefaultRouter()
+api_router.register(r'host_alia', ops_api_view.HostAliaViewSet)
+api_router.register(r'user_alia', ops_api_view.UserAliaViewSet)
+api_router.register(r'cmd_alia', ops_api_view.CmdAliaViewSet)
+api_router.register(r'runas_alia', ops_api_view.RunasAliaViewSet)
+api_router.register(r'extra_conf', ops_api_view.ExtraconfViewSet)
+api_router.register(r'privilege', ops_api_view.PrivilegeViewSet)
+api_router.register(r'sudo', ops_api_view.SudoViewSet)
+api_router.register(r'cron', ops_api_view.CronTableViewSet)
\ No newline at end of file
diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py
index 046cbb3df..a0fd4d357 100644
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@@ -20,7 +20,7 @@ from django.conf.urls import url, include
 from django.conf import settings
 from django.conf.urls.static import static
 from django.views.generic.base import TemplateView
-from jumpserver.api_router import router
+from jumpserver.api_router import api_router
 
 
 urlpatterns = [
@@ -41,7 +41,7 @@ urlpatterns = [
 
 
 urlpatterns += [
-    url(r'^api/v1/ops', include(router.urls)),
+    url(r'^api/v1/ops', include(api_router.urls)),
     url(r'^ops/', include('ops.urls', namespace='ops')),
 ]
 
diff --git a/apps/ops/models/sudo.py b/apps/ops/models/sudo.py
index 707d03857..d712e16a8 100644
--- a/apps/ops/models/sudo.py
+++ b/apps/ops/models/sudo.py
@@ -3,7 +3,7 @@ from __future__ import unicode_literals, absolute_import
 
 from jinja2 import Template
 from django.db import models
-from assets.models import Asset
+from assets.models import Asset, AssetGroup
 from django.utils.translation import ugettext_lazy as _
 
 
@@ -40,11 +40,13 @@ class RunasAlia(models.Model):
 
 
 class Privilege(models.Model):
+    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
     user = models.ForeignKey(UserAlia, blank=True, null=True, related_name='privileges')
     host = models.ForeignKey(HostAlia, blank=True, null=True, related_name='privileges')
     runas = models.ForeignKey(RunasAlia, blank=True, null=True, related_name='privileges')
     command = models.ForeignKey(CmdAlia, blank=True, null=True, related_name='privileges')
     nopassword = models.BooleanField(default=True, verbose_name=_('Is_NoPassword'))
+    comment = models.TextField(blank=True, null=True, verbose_name=_('Comment'))
 
     def __unicode__(self):
         return "[%s %s %s %s %s]" % (self.user.name,
@@ -58,7 +60,8 @@ class Privilege(models.Model):
 
 
 class Extra_conf(models.Model):
-    line = models.TextField(blank=True, null=True, verbose_name=_('Extra_Item'))
+    line = models.TextField(blank=True, null=True, verbose_name=_('Extra_Item'),
+                            help_text=_('The extra sudo config line.'))
 
     def __unicode__(self):
         return self.line
@@ -72,10 +75,20 @@ class Sudo(models.Model):
     :param privileges: <list> [(user, host, runas, command, nopassword),]
     """
 
-    asset = models.ForeignKey(Asset, null=True, blank=True, related_name='sudos')
+    assets = models.ManyToManyField(Asset, blank=True, related_name='sudos')
+    asset_groups = models.ManyToManyField(AssetGroup, blank=True, related_name='sudos')
     extra_lines = models.ManyToManyField(Extra_conf, related_name='sudos', blank=True)
     privilege_items = models.ManyToManyField(Privilege, related_name='sudos', blank=True)
 
+    @property
+    def all_assets(self):
+        assets = list(self.assets.all())
+        for group in self.asset_groups.all():
+            for asset in group.assets.all():
+                if asset not in assets:
+                    assets.append(asset)
+        return assets
+
     @property
     def users(self):
         return {privilege.user.name: privilege.user.user_items.split(',') for privilege in self.privilege_items.all()}
diff --git a/apps/ops/views.py b/apps/ops/views.py
index 9730098f5..fed47ba39 100644
--- a/apps/ops/views.py
+++ b/apps/ops/views.py
@@ -53,6 +53,6 @@ class CronUpdateView(AdminUserRequiredMixin, UpdateView):
 
 class CronDetailView(DetailView):
     model = CronTable
-    context_object_name = 'sudo'
+    context_object_name = 'cron'
     template_name = 'cron/detail.html'
 
diff --git a/apps/templates/_nav.html b/apps/templates/_nav.html
index 917a988ce..01e5427db 100644
--- a/apps/templates/_nav.html
+++ b/apps/templates/_nav.html
@@ -43,7 +43,7 @@
 
 <li id="ops">
     <a>
-        <i class="fa fa-inbox"></i> <span class="nav-label">{% trans 'Job Center' %}</span><span class="fa arrow"></span>
+        <i class="fa fa-coffee"></i> <span class="nav-label">{% trans 'Job Center' %}</span><span class="fa arrow"></span>
     </a>
     <ul class="nav nav-second-level">
         <li id="sudo"><a href="{% url 'ops:page-sudo-list' %}">{% trans 'Sudo' %}</a></li>