diff --git a/apps/member/views.py b/apps/member/views.py
index d065b2b6..30fbb139 100644
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -131,7 +131,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         """
         We can't display information of a not registered user.
         """
-        return super().get_queryset().filter(profile__registration_valid=True).distinct()
+        return super().get_queryset().filter(profile__registration_valid=True)
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
diff --git a/apps/note/views.py b/apps/note/views.py
index 61b86e92..ef9da668 100644
--- a/apps/note/views.py
+++ b/apps/note/views.py
@@ -33,7 +33,9 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
     extra_context = {"title": _("Transfer money")}
 
     def get_queryset(self, **kwargs):
-        return super().get_queryset(**kwargs).order_by("-created_at").all()[:20]
+        return Transaction.objects.filter(
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
+        ).order_by("-created_at").all()[:20]
 
     def get_context_data(self, **kwargs):
         """
@@ -139,7 +141,9 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
     table_class = HistoryTable
 
     def get_queryset(self, **kwargs):
-        return super().get_queryset(**kwargs).order_by("-created_at")[:20]
+        return Transaction.objects.filter(
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
+        ).order_by("-created_at").all()[:20]
 
     def get_context_data(self, **kwargs):
         """
diff --git a/apps/permission/views.py b/apps/permission/views.py
index 83deddac..9132e5f0 100644
--- a/apps/permission/views.py
+++ b/apps/permission/views.py
@@ -20,7 +20,7 @@ class ProtectQuerysetMixin:
     """
     def get_queryset(self, **kwargs):
         qs = super().get_queryset(**kwargs)
-        return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view"))
+        return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view")).distinct()
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class)