diff --git a/apps/assets/templates/assets/admin_user_list.html b/apps/assets/templates/assets/admin_user_list.html
index 61389ad08..2212fd82f 100644
--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -115,7 +115,7 @@ function initTable() {
              }}],
         ajax_url: '{% url "api-assets:admin-user-list" %}',
         columns: [
-            {data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount" },
+            {data: function(){return ""}}, {data: "name"}, {data: "username" }, {data: "assets_amount", orderable: false},
             {#{data: "connectivity_amount"}, {data: "connectivity_amount"}, {data: "connectivity_amount"},#}
             {data: "comment"}, {data: "id"}
         ]
diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py
index 0e67e2747..0746252cb 100644
--- a/apps/perms/api/user_permission.py
+++ b/apps/perms/api/user_permission.py
@@ -344,6 +344,12 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView
         user_id = self.request.query_params.get('user_id', '')
         asset_id = self.request.query_params.get('asset_id', '')
         system_id = self.request.query_params.get('system_user_id', '')
+        try:
+            user_id = uuid.UUID(user_id)
+            asset_id = uuid.UUID(asset_id)
+            system_id = uuid.UUID(system_id)
+        except ValueError:
+            return Response({'msg': False}, status=403)
 
         user = get_object_or_404(User, id=user_id)