diff --git a/apps/assets/backends/base.py b/apps/assets/backends/base.py
index 801bfbbb1..d46c67f70 100644
--- a/apps/assets/backends/base.py
+++ b/apps/assets/backends/base.py
@@ -38,6 +38,9 @@ class AssetUserQuerySet(list):
             if len(v) == 0:
                 return self
             if k.find("__in") >= 0:
+                _k = k.split('__')[0]
+                in_kwargs[_k] = v
+            else:
                 in_kwargs[k] = v
         for k in in_kwargs:
             kwargs.pop(k)
@@ -45,17 +48,16 @@ class AssetUserQuerySet(list):
         if len(in_kwargs) == 0:
             return self
         for i in self:
-            matched = True
+            matched = False
             for k, v in in_kwargs.items():
-                key = k.split('__')[0]
-                attr = getattr(i, key, None)
+                attr = getattr(i, k, None)
                 # 如果属性或者value中是uuid,则转换成string
                 if isinstance(v[0], uuid.UUID):
                     v = [str(i) for i in v]
                 if isinstance(attr, uuid.UUID):
                     attr = str(attr)
-                if attr not in v:
-                    matched = False
+                if v in attr:
+                    matched = True
             if matched:
                 queryset.append(i)
         return AssetUserQuerySet(queryset)
diff --git a/apps/terminal/api_v2/terminal.py b/apps/terminal/api_v2/terminal.py
index bad0aabc9..57b8ab3e3 100644
--- a/apps/terminal/api_v2/terminal.py
+++ b/apps/terminal/api_v2/terminal.py
@@ -3,6 +3,7 @@
 from rest_framework import viewsets, generics
 from rest_framework import status
 from rest_framework.response import Response
+from django.conf import settings
 
 from common.permissions import IsSuperUser, WithBootstrapToken
 
@@ -17,6 +18,9 @@ class TerminalViewSet(viewsets.ModelViewSet):
     queryset = Terminal.objects.filter(is_deleted=False)
     serializer_class = serializers.TerminalSerializer
     permission_classes = [IsSuperUser]
+    http_method_names = [
+        'get', 'put', 'patch', 'delete', 'head', 'options', 'trace'
+    ]
 
 
 class TerminalRegistrationApi(generics.CreateAPIView):
@@ -29,6 +33,9 @@ class TerminalRegistrationApi(generics.CreateAPIView):
         serializer = serializers.TerminalSerializer(
             data=data, context={'request': request}
         )
+        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
+            data = {"error": "service account registration disabled"}
+            return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
         serializer.is_valid(raise_exception=True)
         terminal = serializer.save()
         sa_serializer = serializer.sa_serializer_class(instance=terminal.user)
diff --git a/apps/terminal/serializers_v2/terminal.py b/apps/terminal/serializers_v2/terminal.py
index 021519564..f4e26b230 100644
--- a/apps/terminal/serializers_v2/terminal.py
+++ b/apps/terminal/serializers_v2/terminal.py
@@ -28,9 +28,6 @@ class TerminalSerializer(serializers.ModelSerializer):
         valid = super().is_valid(raise_exception=raise_exception)
         if not valid:
             return valid
-        if not settings.SECURITY_SERVICE_ACCOUNT_REGISTRATION:
-            error = {"error": "service account registration disabled"}
-            raise serializers.ValidationError(error)
         data = {'name': self.validated_data.get('name')}
         kwargs = {'data': data}
         if self.instance and self.instance.user: