diff --git a/charts/tke-auth-api/templates/configmap.yaml b/charts/tke-auth-api/templates/configmap.yaml
index 924415a70..198071834 100644
--- a/charts/tke-auth-api/templates/configmap.yaml
+++ b/charts/tke-auth-api/templates/configmap.yaml
@@ -6,8 +6,7 @@ metadata:
     {{- include "tke-auth-api.labels" . | nindent 4 }}
 data:
   abac-policy.json: |
-    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
-    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
+    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
   tke-auth-api.toml: |
     [secure_serving]
     tls_cert_file = "/app/certs/tke-auth-api/tls.crt"
diff --git a/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml b/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
index d4344bbfd..0502e5939 100644
--- a/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
+++ b/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
@@ -86,8 +86,7 @@ metadata:
   namespace: tke
 data:
   abac-policy.json: |
-    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
-    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
+    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
   tke-auth-api.toml: |
     [secure_serving]
     tls_cert_file = "/app/certs/server.crt"
@@ -159,4 +158,4 @@ data:
           cluster: tke
         name: tke
 
-{{- end }}
\ No newline at end of file
+{{- end }}