diff --git a/cmdb-api/api/lib/perm/acl/role.py b/cmdb-api/api/lib/perm/acl/role.py
index 470e748a..0704efa8 100644
--- a/cmdb-api/api/lib/perm/acl/role.py
+++ b/cmdb-api/api/lib/perm/acl/role.py
@@ -6,6 +6,7 @@
 import six
 from flask import abort
 from flask import current_app
+from sqlalchemy import or_, and_
 
 from api.extensions import db
 from api.lib.perm.acl.app import AppCRUD
@@ -212,18 +213,21 @@ class RoleCRUD(object):
 
     @staticmethod
     def search(q, app_id, page=1, page_size=None, user_role=True, is_all=False, user_only=False):
-        query = db.session.query(Role).filter(Role.deleted.is_(False))
-        query1 = query.filter(Role.app_id == app_id).filter(Role.uid.is_(None))
-        query2 = query.filter(Role.app_id.is_(None)).filter(Role.uid.is_(None))
-        query = query1.union(query2)
-
+        query = None
         if user_role:
-            query1 = db.session.query(Role).filter(Role.deleted.is_(False)).filter(Role.uid.isnot(None))
-            query = query.union(query1)
+            query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(
+                or_(Role.uid.isnot(None), and_(Role.app_id.in_([app_id, None]), Role.uid.is_(None)))
+            )
 
         if user_only:
             query = db.session.query(Role).filter(Role.deleted.is_(False)).filter(Role.uid.isnot(None))
 
+        if query is None:
+            query = db.session.query(Role).filter(
+                Role.deleted.is_(False), Role.uid.is_(None),
+                Role.app_id.in_([app_id, None])
+            )
+        
         if not is_all:
             role_ids = list(HasResourceRoleCache.get(app_id).keys())
             query = query.filter(Role.id.in_(role_ids))
diff --git a/cmdb-api/api/views/acl/role.py b/cmdb-api/api/views/acl/role.py
index 1afad374..eddbad02 100644
--- a/cmdb-api/api/views/acl/role.py
+++ b/cmdb-api/api/views/acl/role.py
@@ -31,13 +31,10 @@ def get(self):
         page_size = get_page_size(request.values.get("page_size"))
         q = request.values.get('q')
         app_id = request.values.get('app_id')
-        is_all = request.values.get('is_all', True)
-        is_all = True if is_all in current_app.config.get("BOOL_TRUE") else False
-        user_role = request.values.get('user_role', True)
-        user_only = request.values.get('user_only', False)
-        user_role = True if user_role in current_app.config.get("BOOL_TRUE") else False
-        user_only = True if user_only in current_app.config.get("BOOL_TRUE") else False
-
+        is_all = request.values.get('is_all', True) in current_app.config.get("BOOL_TRUE")
+        user_role = request.values.get('user_role', True) in current_app.config.get("BOOL_TRUE")
+        user_only = request.values.get('user_only', False) in current_app.config.get("BOOL_TRUE")
+        
         numfound, roles = RoleCRUD.search(q, app_id, page, page_size, user_role, is_all, user_only)
 
         id2parents = RoleRelationCRUD.get_parents([i.id for i in roles], app_id=app_id)