diff --git a/src/controllers/branch-controller.ts b/src/controllers/branch-controller.ts
index 9f62b98..a0bbb0e 100644
--- a/src/controllers/branch-controller.ts
+++ b/src/controllers/branch-controller.ts
@@ -19,6 +19,7 @@ import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 import { RequestWithUser } from "../interfaces/user";
 import minio, { presignedGetObjectIfExist } from "../services/minio";
+import { isSystem } from "../utils/keycloak";
 
 if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
@@ -27,10 +28,6 @@ if (!process.env.MINIO_BUCKET) {
 const MINIO_BUCKET = process.env.MINIO_BUCKET;
 const MANAGE_ROLES = ["system", "head_of_admin"];
 
-function isSystem(user: RequestWithUser["user"]) {
-  return user.roles.includes("system");
-}
-
 function globalAllow(user: RequestWithUser["user"]) {
   return MANAGE_ROLES.some((v) => user.roles?.includes(v));
 }
diff --git a/src/controllers/user-controller.ts b/src/controllers/user-controller.ts
index 9292113..45e8808 100644
--- a/src/controllers/user-controller.ts
+++ b/src/controllers/user-controller.ts
@@ -28,6 +28,7 @@ import {
   getUserRoles,
   removeUserRoles,
 } from "../services/keycloak";
+import { isSystem } from "../utils/keycloak";
 
 if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
@@ -36,9 +37,6 @@ if (!process.env.MINIO_BUCKET) {
 const MINIO_BUCKET = process.env.MINIO_BUCKET;
 const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"];
 
-function isSystem(user: RequestWithUser["user"]) {
-  return user.roles.includes("system");
-}
 function globalAllow(user: RequestWithUser["user"]) {
   const listAllowed = ["system", "head_of_admin"];
   return user.roles?.some((v) => listAllowed.includes(v)) || false;
diff --git a/src/utils/keycloak.ts b/src/utils/keycloak.ts
new file mode 100644
index 0000000..9992a25
--- /dev/null
+++ b/src/utils/keycloak.ts
@@ -0,0 +1,5 @@
+import { RequestWithUser } from "../interfaces/user";
+
+export function isSystem(user: RequestWithUser["user"]) {
+  return user.roles.includes("system");
+}