diff --git a/config/mml/system/amf_sys_mml_config.yaml b/config/mml/system/amf_sys_mml_config.yaml
index 25f466a4..fa4f4430 100644
--- a/config/mml/system/amf_sys_mml_config.yaml
+++ b/config/mml/system/amf_sys_mml_config.yaml
@@ -127,4 +127,17 @@ amf:
             optional: "false"
             filter: ""
             display: "CMD"
-            comment: ""      
\ No newline at end of file
+            comment: ""  
+  subsManagement:
+    display: "Subscriber Management"
+    mml:
+      - operation: "list"
+        object: "imsi"
+        display: "List Online IMSI"
+        params:
+          - name: "imsi"
+            type: "string"
+            optional: "false"
+            filter: "32"
+            display: "IMSI"
+            comment: ""                                  
\ No newline at end of file
diff --git a/features/dbrest/dbrest.go b/features/dbrest/dbrest.go
index f30d587d..cca748a8 100644
--- a/features/dbrest/dbrest.go
+++ b/features/dbrest/dbrest.go
@@ -260,14 +260,15 @@ func ExtDatabaseGetData(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	pack := "dbrest"
 	vars := mux.Vars(r)
 	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]
 
-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname, pack)
 
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -353,9 +354,10 @@ func ExtDatabaseInsertData(w http.ResponseWriter, r *http.Request) {
 	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]
+	pack := "dbrest"
 
-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -408,9 +410,10 @@ func ExtDatabaseUpdateData(w http.ResponseWriter, r *http.Request) {
 	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]
+	pack := "dbrest"
 
-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -470,9 +473,10 @@ func ExtDatabaseDeleteData(w http.ResponseWriter, r *http.Request) {
 	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]
+	pack := "dbreset"
 
-	log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
+	log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
diff --git a/features/lm/logbak.go b/features/lm/logbak.go
index 81ed1ec3..fe7bb711 100644
--- a/features/lm/logbak.go
+++ b/features/lm/logbak.go
@@ -3,6 +3,7 @@ package lm
 import (
 	"fmt"
 	"net/http"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -93,9 +94,9 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
 	module := vars["managementModule"]
 	dbname := vars["dataStorage"]
 	tbname := vars["dataObject"]
-
-	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
+	pack := "lm"
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		services.ResponseForbidden403NotPermission(w)
@@ -108,15 +109,16 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
 	}
 
 	var sql string
+	var filePath string
 	switch tbname {
 	case "operation_log":
-		filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
+		filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
 		sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'op_id','account_name','op_ip','subsys_tag','op_type','op_content','op_result','begin_time','end_time','vnf_flag','log_time' union select op_id,account_name,op_ip,subsys_tag,op_type,op_content,op_result,begin_time,end_time,vnf_flag,log_time from operation_log) b", filePath)
 	case "security_log":
-		filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
+		filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
 		sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'id','account_name','account_type','op_ip','op_type','op_content','op_result','op_time' union select id,account_name,account_type,op_ip,op_type,op_content,op_result,op_time from security_log) b", filePath)
 	case "alarm_log":
-		filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
+		filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
 		sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'id','ne_type','ne_id','alarm_seq','alarm_id','alarm_code','alarm_status','event_time','log_time' union select id,ne_type,ne_id,alarm_seq,alarm_id,alarm_code,alarm_status,event_time,log_time from alarm_log) b", filePath)
 	default:
 		log.Error("error target table")
@@ -132,6 +134,14 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
 	}
 	affected, _ := res.RowsAffected()
 
+	cmd := exec.Command("cp", "-rf", filePath, config.GetYamlConfig().Database.Backup)
+	out, err := cmd.CombinedOutput()
+	log.Tracef("Exec output: %v", string(out))
+	if err != nil {
+		log.Errorf("Faile to exec:", err)
+		services.ResponseInternalServerError500ProcessError(w, err)
+		return
+	}
 	mapRow := make(map[string]interface{})
 	row := map[string]interface{}{"affectedRows": affected}
 	mapRow[tbname] = row
diff --git a/features/mml/mml.go b/features/mml/mml.go
index 84516863..e415135e 100644
--- a/features/mml/mml.go
+++ b/features/mml/mml.go
@@ -55,7 +55,7 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 		log.Error("Request error:", err)
 		return
 	}
-
+	pack := "mml"
 	vars := mux.Vars(r)
 	module := vars["managementModule"]
 	neType := vars["elementTypeValue"]
@@ -68,13 +68,14 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Debug("neType:", neType, "neId", neId)
 
-	log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s", token, r.Method, module, neType, neId[0])
+	log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s pack:%s",
+		token, r.Method, module, neType, neId[0], pack)
 
 	var buf [8192]byte
 	var n int
 	var mmlResult []string
 
-	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0])
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0], pack)
 	if err != nil {
 		log.Error("Failed to get permission:", err)
 		errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")
diff --git a/lib/dborm/dborm.go b/lib/dborm/dborm.go
index 7baba166..02818348 100644
--- a/lib/dborm/dborm.go
+++ b/lib/dborm/dborm.go
@@ -1484,14 +1484,14 @@ type permission struct {
 	Object         string `json:"object"`
 }
 
-func IsPermissionAllowed(token, method, module, dbname, tbname string) (bool, error) {
+func IsPermissionAllowed(token, method, module, dbname, tbname, pack string) (bool, error) {
 	log.Info("IsPermissionAllowed processing... ")
 
 	exist, err := xEngine.Table("permission").
 		Join("INNER", "role_permission", "permission.permission_name = role_permission.p_name").
 		Join("INNER", "user_role", "role_permission.r_name = user_role.r_name").
 		Join("INNER", "session", "user_role.u_name = session.account_id and session.access_token=?", token).
-		Where("method in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, module, dbname, tbname).
+		Where("method in ('*',?) and module in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, pack, module, dbname, tbname).
 		Exist()
 	if err != nil {
 		return false, err
diff --git a/lib/services/services.go b/lib/services/services.go
index 6acad592..7a3c940c 100644
--- a/lib/services/services.go
+++ b/lib/services/services.go
@@ -417,7 +417,7 @@ func CheckCommonValidRequest(w http.ResponseWriter, r *http.Request) (string, er
 	return token, nil
 }
 
-func CheckUserPermission(token, method, module, dbname, tbname string) (bool, error) {
+func CheckUserPermission(token, method, module, dbname, tbname, pack string) (bool, error) {
 	if config.GetYamlConfig().OMC.RBACMode == true {
 		if module == "" {
 			module = "*"
@@ -428,7 +428,7 @@ func CheckUserPermission(token, method, module, dbname, tbname string) (bool, er
 		if tbname == "" {
 			tbname = "*"
 		}
-		exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname)
+		exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname, pack)
 		if err != nil {
 			return false, err
 		}
diff --git a/tools/loadmconf/loadmconf.yaml b/tools/loadmconf/loadmconf.yaml
index 8c92aa99..cd338956 100644
--- a/tools/loadmconf/loadmconf.yaml
+++ b/tools/loadmconf/loadmconf.yaml
@@ -15,5 +15,5 @@ database:
   name: omc_db
 
 mml:
-  filedir: ../../config/mml/omc
-  table: mml_command
+  filedir: ../../config/mml/system
+  table: mml_system
diff --git a/tools/misc/tables_s.lst b/tools/misc/tables_s.lst
index 3a8a7b7c..15d6612b 100644
--- a/tools/misc/tables_s.lst
+++ b/tools/misc/tables_s.lst
@@ -45,4 +45,5 @@ sys_extended
 sys_backup
 pm_template
 monitor_warn
-ne_check
\ No newline at end of file
+ne_check
+ne_pool
\ No newline at end of file