diff --git a/apps/chat/serializers/chat_authentication.py b/apps/chat/serializers/chat_authentication.py
index 2542dad98..2243844e0 100644
--- a/apps/chat/serializers/chat_authentication.py
+++ b/apps/chat/serializers/chat_authentication.py
@@ -86,7 +86,7 @@ class ApplicationProfileSerializer(serializers.Serializer):
             'user_id': 'user_id', 'model_id': 'model_id', 'knowledge_setting': 'knowledge_setting',
             'model_setting': 'model_setting', 'model_params_setting': 'model_params_setting',
             'tts_model_params_setting': 'tts_model_params_setting',
-            'problem_optimization': 'problem_optimization', 'icon': 'icon', 'work_flow': 'work_flow',
+            'problem_optimization': 'problem_optimization', 'work_flow': 'work_flow',
             'problem_optimization_prompt': 'problem_optimization_prompt', 'tts_model_id': 'tts_model_id',
             'stt_model_id': 'stt_model_id', 'tts_model_enable': 'tts_model_enable',
             'stt_model_enable': 'stt_model_enable', 'tts_type': 'tts_type',
diff --git a/apps/users/views/user.py b/apps/users/views/user.py
index 81744b403..2a50cc7fa 100644
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -290,6 +290,7 @@ class RePasswordView(APIView):
     @log(menu='User management', operate='Change password',
          get_operation_object=lambda r, k: {'name': r.user.username},
          get_details=get_re_password_details)
+    @has_permissions(PermissionConstants.USER_EDIT, RoleConstants.ADMIN)
     def post(self, request: Request):
         serializer_obj = RePasswordSerializer(data=request.data)
         return result.success(serializer_obj.reset_password(request.user.id))