diff --git a/src/controllers/03-customer-branch-controller.ts b/src/controllers/03-customer-branch-controller.ts
index 8b8fcf7..0f4830d 100644
--- a/src/controllers/03-customer-branch-controller.ts
+++ b/src/controllers/03-customer-branch-controller.ts
@@ -145,6 +145,7 @@ export class CustomerBranchController extends Controller {
   @Get()
   @Security("keycloak")
   async list(
+    @Request() req: RequestWithUser,
     @Query() zipCode?: string,
     @Query() customerId?: string,
     @Query() status?: Status,
@@ -186,7 +187,25 @@ export class CustomerBranchController extends Controller {
           },
         },
       ],
-      AND: { customerId, subDistrict: zipCode ? { zipCode } : undefined, ...filterStatus(status) },
+      AND: {
+        customer: isSystem(req.user)
+          ? undefined
+          : {
+              registeredBranch: {
+                OR: [
+                  { user: { some: { userId: req.user.sub } } },
+                  {
+                    headOffice: !globalAllow(req.user)
+                      ? { user: { some: { userId: req.user.sub } } }
+                      : undefined,
+                  },
+                ],
+              },
+            },
+        customerId,
+        subDistrict: zipCode ? { zipCode } : undefined,
+        ...filterStatus(status),
+      },
     } satisfies Prisma.CustomerBranchWhereInput;
 
     const [result, total] = await prisma.$transaction([
diff --git a/src/controllers/03-customer-controller.ts b/src/controllers/03-customer-controller.ts
index 13187fd..a30de2c 100644
--- a/src/controllers/03-customer-controller.ts
+++ b/src/controllers/03-customer-controller.ts
@@ -108,6 +108,7 @@ export class CustomerController extends Controller {
   @Get()
   @Security("keycloak")
   async list(
+    @Request() req: RequestWithUser,
     @Query() customerType?: CustomerType,
     @Query() query: string = "",
     @Query() status?: Status,
@@ -127,7 +128,22 @@ export class CustomerController extends Controller {
         { firstName: { contains: query } },
         { firstNameEN: { contains: query } },
       ],
-      AND: { customerType, ...filterStatus(status) },
+      AND: {
+        customerType,
+        ...filterStatus(status),
+        registeredBranch: isSystem(req.user)
+          ? undefined
+          : {
+              OR: [
+                { user: { some: { userId: req.user.sub } } },
+                {
+                  headOffice: !globalAllow(req.user)
+                    ? { user: { some: { userId: req.user.sub } } }
+                    : undefined,
+                },
+              ],
+            },
+      },
     } satisfies Prisma.CustomerWhereInput;
 
     const [result, total] = await prisma.$transaction([