diff --git a/apps/accounts/api/account/account.py b/apps/accounts/api/account/account.py
index 73540126b..64dc745f8 100644
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@@ -7,18 +7,16 @@ from accounts import serializers
 from accounts.filters import AccountFilterSet
 from accounts.models import Account
 from assets.models import Asset
-from authentication.const import ConfirmType
-from common.permissions import UserConfirmation
+from common.permissions import UserConfirmation, ConfirmType
 from common.views.mixins import RecordViewLogMixin
 from orgs.mixins.api import OrgBulkModelViewSet
+from rbac.permissions import RBACPermission
 
 __all__ = [
     'AccountViewSet', 'AccountSecretsViewSet',
     'AccountHistoriesSecretAPI'
 ]
 
-from rbac.permissions import RBACPermission
-
 
 class AccountViewSet(OrgBulkModelViewSet):
     model = Account
@@ -71,7 +69,7 @@ class AccountHistoriesSecretAPI(RecordViewLogMixin, ListAPIView):
     http_method_names = ['get', 'options']
     permission_classes = [RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
     rbac_perms = {
-        'list': 'accounts.view_accountsecret',
+        'GET': 'accounts.view_accountsecret',
     }
 
     def get_object(self):
diff --git a/apps/rbac/const.py b/apps/rbac/const.py
index 2092cd9ff..eeb09b46e 100644
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -61,6 +61,8 @@ exclude_permissions = (
     ('accounts', 'accountbackupexecution', 'delete,change', 'accountbackupexecution'),
     ('accounts', 'changesecretrecord', 'add,delete,change', 'changesecretrecord'),
     ('accounts', 'account', 'change', 'accountsecret'),
+    ('accounts', 'account', 'view', 'historyaccount'),
+    ('accounts', 'account', 'view', 'historyaccountsecret'),
 
     ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
     ('perms', 'permedaccount', '*', '*'),