diff --git a/pkg/entity/privilege_entity.go b/pkg/entity/privilege_entity.go
index 640a5952..53a3293a 100644
--- a/pkg/entity/privilege_entity.go
+++ b/pkg/entity/privilege_entity.go
@@ -15,5 +15,5 @@ type PrivilegeEntity struct {
 	CreatedAt     time.Time           `orm:"time=true"`
 	FakeDelete    bool                `orm:"unique=RoleID_ResourceID_FakeDelete:3"`
 
-	CachedQueryRoleIDResourceID *beeorm.CachedQuery `query:":RoleID = ? AND :ResourceID = ?"`
+	CachedQueryRoleIDResourceID *beeorm.CachedQuery `queryOne:":RoleID = ? AND :ResourceID = ?"`
 }
diff --git a/pkg/view/acl/acl.go b/pkg/view/acl/acl.go
index 65383d82..2ea43ee1 100644
--- a/pkg/view/acl/acl.go
+++ b/pkg/view/acl/acl.go
@@ -39,23 +39,20 @@ func ACL(ormService *beeorm.Engine, roleEntity *entity.RoleEntity, resource stri
 		permissionIDs[i] = permissionEntity.ID
 	}
 
-	privilegeEntities := make([]*entity.PrivilegeEntity, 0)
-	ormService.CachedSearch(
-		&privilegeEntities,
+	privilegeEntity := &entity.PrivilegeEntity{}
+	ormService.CachedSearchOne(
+		privilegeEntity,
 		"CachedQueryRoleIDResourceID",
-		beeorm.NewPager(1, 1000),
 		roleEntity.ID,
 		resourceEntity.ID,
 	)
 
 	hasPrivilege := false
-	for _, privilegeEntity := range privilegeEntities {
-		for _, permissionEntity := range privilegeEntity.PermissionIDs {
-			for _, permissionID := range permissionIDs {
-				if permissionEntity.ID == permissionID {
-					hasPrivilege = true
-					break
-				}
+	for _, permissionEntity := range privilegeEntity.PermissionIDs {
+		for _, permissionID := range permissionIDs {
+			if permissionEntity.ID == permissionID {
+				hasPrivilege = true
+				break
 			}
 		}
 	}