diff --git a/app/controllers/admin/dashboards_controller.rb b/app/controllers/admin/dashboards_controller.rb
index fec9da1..0a33a46 100644
--- a/app/controllers/admin/dashboards_controller.rb
+++ b/app/controllers/admin/dashboards_controller.rb
@@ -8,6 +8,7 @@ class Admin::DashboardsController < ApplicationController
     @module_app_contents, @module_app_contents_total = get_module_app_count(apps)
     @recent_updated = get_recently_updated(apps)
     @most_visited = get_most_visited(apps)
+    render_401 and return if !current_user.is_approved? rescue false
   end
 
   def get_cpu_usage
diff --git a/app/controllers/admin/members_controller.rb b/app/controllers/admin/members_controller.rb
index 8f8dcf6..eb775e0 100644
--- a/app/controllers/admin/members_controller.rb
+++ b/app/controllers/admin/members_controller.rb
@@ -29,7 +29,9 @@ class Admin::MembersController < OrbitMemberController
       @filter = {@new_filter[:type] => [@new_filter[:id].to_s]}
     end
 
-        if @filter.blank? and @mq.blank?
+    render_401 and return if current_user.nil? || !current_user.is_approved?
+
+    if @filter.blank? and @mq.blank?
 
       render case params[:at]
         when 'summary'
@@ -72,7 +74,7 @@ class Admin::MembersController < OrbitMemberController
       end
 
     end
-
+  
   end
 
   def show
@@ -92,6 +94,7 @@ class Admin::MembersController < OrbitMemberController
     end
 
     get_info_and_roles
+    render_401 and return if current_user.nil? || (@member.id.to_s != current_user.member_profile.id.to_s && !current_user.is_approved?)
   end
 
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index cd5d683..bfbc6cf 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -134,7 +134,9 @@ class ApplicationController < ActionController::Base
       
       redirect_to new_session_path if @current_user.nil?
       return true
-    else
+    elsif current_site.backend_openness_on
+      return true
+    elsif
       session[:login_referer] = request.url
       redirect_to new_session_path
       return false
diff --git a/app/controllers/orbit_admin_controller.rb b/app/controllers/orbit_admin_controller.rb
index 3e2ae71..5d56a00 100644
--- a/app/controllers/orbit_admin_controller.rb
+++ b/app/controllers/orbit_admin_controller.rb
@@ -77,7 +77,7 @@ class OrbitAdminController < ApplicationController
   end
 
   def load_authorized_categories
-    @user_authenticated_categories = current_user.is_admin? ? ["all"] : current_user.approved_categories.collect{|c| c.id}
+    @user_authenticated_categories = current_user.is_admin? ? ["all"] : current_user.approved_categories.collect{|c| c.id} rescue []
   end
 
 
diff --git a/app/controllers/orbit_member_controller.rb b/app/controllers/orbit_member_controller.rb
index b553ab9..038ac80 100644
--- a/app/controllers/orbit_member_controller.rb
+++ b/app/controllers/orbit_member_controller.rb
@@ -6,14 +6,14 @@ class OrbitMemberController < ApplicationController
 
   def check_aceess_rights
   	@user_has_privileges = false
-  	if current_user.is_admin?
+    if (current_user.is_admin? rescue false)
   		@user_has_privileges = true
   	else
   		visited_user = MemberProfile.find_by(:uid => params[:id].split("-").last).user.id rescue nil
-              visited_user = MemberProfile.find_by(:uid => params[:member_id].split("-").last).user.id  if visited_user.nil? rescue nil
+      visited_user = MemberProfile.find_by(:uid => params[:member_id].split("-").last).user.id  if visited_user.nil? rescue nil
   		visited_user = MemberProfile.find_by(:uid => params[:uid]).user.id if visited_user.nil? rescue nil
   		visited_user = MemberProfile.find(params[:member_profile_id]).user.id if visited_user.nil? rescue nil
-	  	if current_user.id == visited_user
+	  	if (current_user.id == visited_user rescue false)
 	  		@user_has_privileges = true
 	  	else
 	  		@user_has_privileges = false
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 9c4071c..972fd27 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -10,7 +10,7 @@ class SessionsController < ApplicationController
   def create
     user = User.find_by(user_name: params[:user_name]) rescue nil
     if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
-      if user.is_approved? || user.is_admin?
+      # if user.is_approved? || user.is_admin?
         session[:user_id] = user.id
         session[:login_referer] = nil
         if params[:referer_url]
@@ -18,10 +18,10 @@ class SessionsController < ApplicationController
         else
           redirect_to admin_dashboards_path
         end
-      else
-        flash.now.alert = "User not approved."
-        render "new"
-      end
+      # else
+      #   flash.now.alert = "User not approved."
+      #   render "new"
+      # end
     else
       flash.now.alert = "Invalid username or password"
       render "new"
diff --git a/app/helpers/orbit_backend_helper.rb b/app/helpers/orbit_backend_helper.rb
index 74bcb79..0145e85 100644
--- a/app/helpers/orbit_backend_helper.rb
+++ b/app/helpers/orbit_backend_helper.rb
@@ -141,7 +141,7 @@ module OrbitBackendHelper
     if @user_authenticated_categories.first == "all"
       return true
     else
-      @user_authenticated_categories.include?obj.category_id rescue current_user.is_manager?(@module_app)
+      @user_authenticated_categories.include?obj.category_id rescue (current_user.is_manager?(@module_app) rescue false)
     end
   end
 
diff --git a/app/views/admin/dashboards/index.html.erb b/app/views/admin/dashboards/index.html.erb
index f111e36..210cd7a 100644
--- a/app/views/admin/dashboards/index.html.erb
+++ b/app/views/admin/dashboards/index.html.erb
@@ -5,7 +5,7 @@
 <section id="main-wrap">
   <div class="wrap-inner initial">
   <div class="row-fluid">
-      <% if current_user.is_admin? %>
+      <% if (current_user.is_admin? rescue false) %>
       <div class="box span7">
         <div id='server_loading'>
           <%= render 'server_loading' %>
diff --git a/lib/orbit_app/helper/context_link_renderer.rb b/lib/orbit_app/helper/context_link_renderer.rb
index 72ac5d0..33ef2b4 100644
--- a/lib/orbit_app/helper/context_link_renderer.rb
+++ b/lib/orbit_app/helper/context_link_renderer.rb
@@ -6,6 +6,7 @@ module ContextLinkRenderer
     @belong_module_app = belong_module_app
     @request = request
     @params = params
+    @site = Site.first
     @current_user = current_user
     @available_for = available_for
     if can_display?
@@ -15,7 +16,9 @@ module ContextLinkRenderer
 
   def can_display?
   	status = "users"
-  	if @current_user.is_admin?
+    if @site.backend_openness_on && @current_user.nil?
+      status = "users"
+  	elsif @current_user.is_admin?
   		status = "admin"
   	elsif @current_user.is_manager?(@belong_module_app)
   		status = "managers"
diff --git a/lib/orbit_app/helper/side_bar_renderer.rb b/lib/orbit_app/helper/side_bar_renderer.rb
index 1d7e4dd..e4fe6a9 100644
--- a/lib/orbit_app/helper/side_bar_renderer.rb
+++ b/lib/orbit_app/helper/side_bar_renderer.rb
@@ -8,6 +8,7 @@ module SideBarRenderer
     @current_module_app = current_module_app
     @request = request
     @params = params
+    @site = Site.first
     @current_user = user
     @app_available_for = af
     if display?
@@ -27,6 +28,7 @@ module SideBarRenderer
     @current_module_app = current_module_app
     @request = request
     @params = params
+    @site = Site.first
     @current_user = user
     @app_available_for = available_for
     if display?
@@ -44,7 +46,9 @@ module SideBarRenderer
 
    def display? #控制sidebar 要不要算圖
     status = "users"
-    if @current_user.is_admin?
+    if @site.backend_openness_on && @current_user.nil?
+      status = "users"
+    elsif @current_user.is_admin?
       status = "admin"
     elsif @current_user.is_manager?(@belong_module_app)
       status = "managers"
diff --git a/lib/orbit_core_lib.rb b/lib/orbit_core_lib.rb
index cc53914..5001c64 100644
--- a/lib/orbit_core_lib.rb
+++ b/lib/orbit_core_lib.rb
@@ -57,7 +57,7 @@ module  OrbitCoreLib
         end
         @module_authorized_users ||= Authorization.module_authorized_users(@module_app.id).pluck(:user_id) rescue nil
         
-        if current_user.nil?
+        if current_user.nil? && !current_site.backend_openness_on
           redirect_to new_session_path 
           return
         end
@@ -65,7 +65,7 @@ module  OrbitCoreLib
         if !@module_app.nil?
           check_user_can_use
         else
-          if !current_user.is_admin?
+          if current_user.nil? || !current_user.is_admin?
             render "public/401"
           end
         end
@@ -89,7 +89,7 @@ module  OrbitCoreLib
       end
 
        def allow?(af)
-          if !current_user.nil?
+          if !current_user.nil? && current_user.is_approved?
             status = "users"
             if current_user.is_admin?
               status = "admin"