diff --git a/framework/market/.olares/config/cluster/deploy/market_deploy.yaml b/framework/market/.olares/config/cluster/deploy/market_deploy.yaml
index 2d8aad622..af8cba11f 100644
--- a/framework/market/.olares/config/cluster/deploy/market_deploy.yaml
+++ b/framework/market/.olares/config/cluster/deploy/market_deploy.yaml
@@ -24,6 +24,43 @@
 {{ $pg_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: market-sa
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: market-role
+rules:
+  # Access to systemenvs resources
+  - apiGroups:
+      - sys.bytetrade.io
+    resources:
+      - systemenvs
+    verbs:
+      - get
+      - list
+      - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: market-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: market-role
+subjects:
+  - kind: ServiceAccount
+    name: market-sa
+    namespace: {{ .Release.Namespace }}
+
 ---
 apiVersion: v1
 kind: Secret
@@ -79,6 +116,8 @@ spec:
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
 {{ end }}
     spec:
+      serviceAccountName: market-sa
+      serviceAccount: market-sa
       priorityClassName: "system-cluster-critical"
       initContainers:
         - args:
@@ -101,7 +140,7 @@ spec:
           name: check-chart-repo
       containers:
       - name: appstore-backend
-        image: beclab/market-backend:v0.5.3
+        image: beclab/market-backend:v0.5.4
         imagePullPolicy: IfNotPresent
         ports:
           - containerPort: 81