diff --git a/app/controllers/admin/app_auths_controller.rb b/app/controllers/admin/app_auths_controller.rb
index 1bbb5a2e..cb3340fd 100644
--- a/app/controllers/admin/app_auths_controller.rb
+++ b/app/controllers/admin/app_auths_controller.rb
@@ -19,6 +19,49 @@ class Admin::AppAuthsController < ApplicationController
     end
   end
 
+  def create
+    app_auth = AppAuth.find_or_create_by(module_app_id: params[:module_app_id])
+    params[:new].each do |item|
+      field = item[0]
+      field_value = item[1]
+      if field_value!=''
+        case field
+        when 'role'
+          app_auth.send("add_#{field}",(Role.find field_value)) rescue nil
+        when 'sub_role'
+          app_auth.send("add_#{field}",(SubRole.find field_value)) rescue nil
+        when 'privilege_user'
+          app_auth.add_user_to_privilege_list (User.find field_value) rescue nil
+        when 'blocked_user'  
+          app_auth.add_user_to_black_list (User.find field_value) rescue nil
+        end
+      end
+    end
+    app = ModuleApp.find params[:module_app_id] rescue nil
+    redirect_to edit_admin_module_app_path(app)
+  end
+  
+  def remove
+    app_auth = AppAuth.find( params[:id] )
+      type = params[:type]
+      field_value = params[:target_id]
+      if field_value!=''
+        case type
+        when 'role'
+          app_auth.remove_role(Role.find field_value) rescue nil
+        when 'sub_role'
+          app_auth.remove_sub_role(SubRole.find field_value) rescue nil
+        when 'privilege_user'
+          app_auth.remove_user_from_privilege_list (User.find field_value) rescue nil
+        when 'blocked_user'  
+          app_auth.remove_user_from_black_list (User.find field_value) rescue nil
+        end
+      end
+    
+    app = ModuleApp.find params[:module_app_id] rescue nil
+    redirect_to edit_admin_module_app_path(app)
+  end
+
   def edit
     @module_app = ModuleApp.find(params[:id])
   end
diff --git a/app/controllers/admin/module_apps_controller.rb b/app/controllers/admin/module_apps_controller.rb
index 914c5138..56c2523f 100644
--- a/app/controllers/admin/module_apps_controller.rb
+++ b/app/controllers/admin/module_apps_controller.rb
@@ -18,7 +18,6 @@ class Admin::ModuleAppsController < ApplicationController
   
   def edit
     @module_app = ModuleApp.find(params[:id])
-    
   end
   
   
@@ -91,7 +90,7 @@ class Admin::ModuleAppsController < ApplicationController
   private
   def user_has_manager_privilege?
     @module_app = ModuleApp.find(params[:id])
-    @assign_to_user = User.find params[:manager_id] rescue nil
+    @assign_to_user = User.find params[:manager][:id] rescue nil
     if current_user.admin?  #only admin can assign app's manager
       return
     end
@@ -103,7 +102,7 @@ class Admin::ModuleAppsController < ApplicationController
   
   def user_has_sub_manager_privilege?
     @module_app = ModuleApp.find(params[:id])
-    @assign_to_user = User.find params[:sub_manager_id] rescue nil
+    @assign_to_user = User.find params[:sub_manager][:id] rescue nil
     if current_user.admin? || @module_app.managing_users.include?(current_user) #admin or app's manager can assign app's subanager
       return
     end
diff --git a/app/views/admin/module_apps/edit.html.erb b/app/views/admin/module_apps/edit.html.erb
index 96859a21..9429e963 100644
--- a/app/views/admin/module_apps/edit.html.erb
+++ b/app/views/admin/module_apps/edit.html.erb
@@ -6,9 +6,11 @@
 <br />
 <br />
 <!-- Remove if CSS done-->
+<h3><%= @module_app.title %></h3>
 
 <div id="manager_management">
-	<h1><%= @module_app.title %></h1>
+	<h1>Manager</h1>
+	
 	<dl id="manager">
 		<dt>Manager</ht>
 		<% @module_app.managers.each do |manager| %>
@@ -16,13 +18,11 @@
 		<% end %>
 		<dd>Add:
 			<%= form_tag(assign_manager_admin_module_app_path) do %>
-				<%= text_field_tag 'manager_id','Enter User ID here',:disabled  => !if_permit_to_assign(:manager)%>
+				<%= collection_select(:manager,:id, User.all, :id, :name, :prompt => true,:disabled  => !if_permit_to_assign(:manager))%>
 				<%= submit_tag 'Add Manager' %>
 			<% end %>
 		</dd>
 	</dl>
-	
-	
 	<dl id="sub_manager">
 		<dt>Sub Manager</ht>
 		<% @module_app.sub_managers.each do |manager| %>
@@ -30,12 +30,40 @@
 		<% end %>
 		<dd>Add:
 			<%= form_tag(assign_sub_manager_admin_module_app_path) do %>
-				<%= text_field_tag 'sub_manager_id','Enter User ID here',:disabled  => !if_permit_to_assign(:sub_manager)%>
+			<%= collection_select(:sub_manager,:id, User.all, :id, :name, :prompt => true,:disabled  => !if_permit_to_assign(:sub_manager))%>
 				<%= submit_tag 'Add Sub Manager' %>
 			<% end %>
 		</dd>
 	</dl>
-
-	
 </div>
-
+<div id="user_role_management">
+	<h1>User Role</h1>
+	<%= form_tag(admin_module_app_app_auths_path(@module_app),:method => :post) do %>
+		<%= collection_select(:new,:role, Role.all, :id, :key, :prompt => true) %>
+		<%= submit_tag 'Add Role' %><br/>
+		<%= collection_select(:new,:sub_role, SubRole.all, :id, :key, :prompt => true) %>
+		<%= submit_tag 'Add SubRole' %><br/>
+		<%= collection_select(:new,:privilege_user, User.all, :id, :name, :prompt => true) %>	
+		<%= submit_tag 'Add PrivilegeList' %><br/>
+		<%= collection_select(:new,:blocked_user, User.all, :id, :name, :prompt => true) %>
+		<%= submit_tag 'Add BlockedList' %><br/>
+	<% end %>
+	<ul>Roles </ul>
+	<% unless @module_app.app_auth.nil? %>
+		<% @module_app.app_auth.roles.each do |role| %>
+			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'role',role),:method => :delete %></li>
+		<% end %>
+	<ul>Sub Roles </ul>
+		<% @module_app.app_auth.sub_roles.each do |role| %>
+			<li> <%= role.key %> Build in:<%= role.built_in ? 'Yes' : 'No' %> </li><%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'sub_role',role),:method => :delete %>
+			<% end %>
+	<ul>PrivilegeList </ul>
+			<% @module_app.app_auth.privilege_users.each do |user| %>
+				<li> <%= user.name %> <%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'privilege_user',user),:method => :delete %> </li>
+			<% end %>
+	<ul>BlockedList </ul>
+			<% @module_app.app_auth.blocked_users.each do |user| %>
+				<li> <%= user.name %><%= link_to '[X]',remove_admin_module_app_app_auth_path(@module_app,@module_app.app_auth,'blocked_user',user),:method => :delete %> </li>
+			<% end %>
+<% end %>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
index e0e9eec2..efa64576 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -12,7 +12,7 @@ PrototypeR4::Application.routes.draw do
   # routes for admin
   namespace :admin do
     resources :assets
-    resources :app_auths
+    resources :app_auths 
 
     resources :designs do
       collection do
@@ -39,6 +39,12 @@ PrototypeR4::Application.routes.draw do
       end
     end
     resources :module_apps do
+      resources :app_auths do
+        member do
+          match 'remove/:type/:target_id' ,:action=> 'remove',:via => "delete",:as =>:remove
+        end
+      end
+      
       member do
         match 'assign_manager' ,:action=> 'assign_manager',:via => "post",:as =>:assign_manager
         match 'assign_sub_manager' ,:action=> 'assign_sub_manager',:via => "post",:as =>:assign_sub_manager