diff --git a/src/controllers/AuthRoleController.ts b/src/controllers/AuthRoleController.ts
index b6b747b1..8f31b3af 100644
--- a/src/controllers/AuthRoleController.ts
+++ b/src/controllers/AuthRoleController.ts
@@ -21,6 +21,7 @@ import { AuthRole, CreateAuthRole, UpdateAuthRole, CreateAddAuthRole } from "../
 import { AuthRoleAttr } from "../entities/AuthRoleAttr";
 import { PosMaster } from "../entities/PosMaster";
 import { EmployeePosMaster } from "../entities/EmployeePosMaster";
+import { promisify } from "util";
 
 const REDIS_HOST = process.env.REDIS_HOST;
 const REDIS_PORT = process.env.REDIS_PORT;
@@ -108,9 +109,13 @@ export class AuthRoleController extends Controller {
         host: REDIS_HOST,
         port: REDIS_PORT,
       });
+
       redisClient.del("role_" + posMaster.current_holderId, (err: Error, response: Response) => {
         if (err) throw err;
-        console.log(response);
+      });
+
+      redisClient.del("menu_" + posMaster.current_holderId, (err: Error, response: Response) => {
+        if (err) throw err;
       });
     }
 
diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts
index 8016639d..73d23f25 100644
--- a/src/controllers/PermissionController.ts
+++ b/src/controllers/PermissionController.ts
@@ -34,18 +34,18 @@ export class PermissionController extends Controller {
     });
     const getAsync = promisify(redisClient.get).bind(redisClient);
 
-    let reply = await getAsync("role_" + request.user.sub);
+    const profile = await this.profileRepo.findOne({
+      select: ["id"],
+      where: { keycloak: request.user.sub },
+    });
+    if (!profile) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ");
+    }
+
+    let reply = await getAsync("role_" + profile.id);
     if (reply != null) {
       reply = JSON.parse(reply);
     } else {
-      const profile = await this.profileRepo.findOne({
-        select: ["id"],
-        where: { keycloak: request.user.sub },
-      });
-      if (!profile) {
-        throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ");
-      }
-
       const posMaster = await this.posMasterRepository.findOne({
         //   select: ["authRoleId"],
         where: {
@@ -87,7 +87,7 @@ export class PermissionController extends Controller {
         ...getDetail,
         roles: roleAttrData,
       };
-      redisClient.setex("role_" + request.user.sub, 86400, JSON.stringify(reply));
+      redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply));
     }
     return new HttpSuccess(reply);
   }
@@ -100,17 +100,18 @@ export class PermissionController extends Controller {
     });
     const getAsync = promisify(redisClient.get).bind(redisClient);
 
-    let reply = await getAsync("menu_" + request.user.sub);
+    const profile = await this.profileRepo.findOne({
+      select: ["id"],
+      where: { keycloak: request.user.sub },
+    });
+    if (!profile) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ");
+    }
+
+    let reply = await getAsync("menu_" + profile.id);
     if (reply != null) {
       reply = JSON.parse(reply);
     } else {
-      const profile = await this.profileRepo.findOne({
-        select: ["id"],
-        where: { keycloak: request.user.sub },
-      });
-      if (!profile) {
-        throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ");
-      }
       const posMaster = await this.posMasterRepository.findOne({
         // select: ["authRoleId"],
         where: {
@@ -125,10 +126,15 @@ export class PermissionController extends Controller {
         throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งในโครงสร้าง");
       }
 
+      if (!posMaster.authRoleId) {
+        throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์");
+      }
+
       const authRole = await this.authRoleRepo.findOne({
         select: ["id"],
         where: { id: posMaster.authRoleId },
       });
+
       if (!authRole) {
         throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์");
       }
@@ -142,14 +148,18 @@ export class PermissionController extends Controller {
 
       const getList = await this.authSysRepo.find({
         select: ["id", "parentId", "sysName", "sysDescription", "icon", "path", "order"],
-        where: [
-          {
-            id: In(sysId),
-          },
-          {
-            parentId: In(sysId),
-          },
-        ],
+        where: {
+          id: In(sysId),
+        },
+        order: { order: "ASC" },
+      });
+
+      const getListChild = await this.authSysRepo.find({
+        select: ["id", "parentId", "sysName", "sysDescription", "icon", "path", "order"],
+        where: {
+          parentId: In(sysId),
+        },
+        order: { order: "ASC" },
       });
 
       reply = await getList
@@ -164,7 +174,7 @@ export class PermissionController extends Controller {
               .map((item2) => {
                 return {
                   ...item2,
-                  children: getList
+                  children: getListChild
                     .filter((x) => x.parentId == item2.id)
                     .sort((a, b) => a.order - b.order),
                 };
@@ -172,7 +182,7 @@ export class PermissionController extends Controller {
           };
         });
 
-      redisClient.setex("menu_" + request.user.sub, 86400, JSON.stringify(reply));
+      redisClient.setex("menu_" + profile.id, 86400, JSON.stringify(reply));
     }
 
     return new HttpSuccess(reply);