diff --git a/cmd/user_data.go b/cmd/user_data.go
index b71b820c..fea74032 100644
--- a/cmd/user_data.go
+++ b/cmd/user_data.go
@@ -114,6 +114,63 @@ var UserData = &cli.Command{
 				},
 			},
 		},
+		{
+			Name:   "user-set-restrict-features",
+			Usage:  "Set restrictions of user features",
+			Action: bindAction(setUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-add-restrict-features",
+			Usage:  "Add restrictions of user features",
+			Action: bindAction(addUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
+		{
+			Name:   "user-remove-restrict-features",
+			Usage:  "Remove restrictions of user features",
+			Action: bindAction(removeUserFeatureRestriction),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "username",
+					Aliases:  []string{"n"},
+					Required: true,
+					Usage:    "Specific user name",
+				},
+				&cli.StringFlag{
+					Name:     "features",
+					Aliases:  []string{"t"},
+					Required: true,
+					Usage:    "Specific feature types (feature types separated by commas)",
+				},
+			},
+		},
 		{
 			Name:   "user-resend-verify-email",
 			Usage:  "Resend user verify email",
@@ -436,6 +493,81 @@ func disableUser(c *core.CliContext) error {
 	return nil
 }
 
+func setUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+	err = clis.UserData.SetUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.setUserFeatureRestriction] error occurs when setting user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.setUserFeatureRestriction] user \"%s\" has been set new feature restriction", username)
+
+	return nil
+}
+
+func addUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.AddUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.addUserFeatureRestriction] error occurs when adding user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.addUserFeatureRestriction] user \"%s\" has been add new feature restriction", username)
+
+	return nil
+}
+
+func removeUserFeatureRestriction(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	username := c.String("username")
+	featureRestriction := core.ParseUserFeatureRestrictions(c.String("features"))
+
+	if featureRestriction < 1 {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] nothing has been modified")
+		return nil
+	}
+
+	err = clis.UserData.RemoveUserFeatureRestrictions(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.removeUserFeatureRestriction] error occurs when removing user feature restriction")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.removeUserFeatureRestriction] user \"%s\" has been removed new feature restriction", username)
+
+	return nil
+}
+
 func resendUserVerifyEmail(c *core.CliContext) error {
 	_, err := initializeSystem(c)
 
diff --git a/pkg/cli/user_data.go b/pkg/cli/user_data.go
index f5497f63..5e8adcdb 100644
--- a/pkg/cli/user_data.go
+++ b/pkg/cli/user_data.go
@@ -238,6 +238,57 @@ func (l *UserDataCli) DisableUser(c *core.CliContext, username string) error {
 	return nil
 }
 
+// SetUserFeatureRestrictions sets user feature restrictions according to the specified user name
+func (l *UserDataCli) SetUserFeatureRestrictions(c *core.CliContext, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		log.CliErrorf(c, "[user_data.SetUserFeatureRestrictions] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	err := l.users.UpdateUserFeatureRestriction(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.SetUserFeatureRestrictions] failed to set user feature restrictions by user name \"%s\", because %s", username, err.Error())
+		return err
+	}
+
+	return nil
+}
+
+// AddUserFeatureRestrictions adds user feature restrictions according to the specified user name
+func (l *UserDataCli) AddUserFeatureRestrictions(c *core.CliContext, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		log.CliErrorf(c, "[user_data.AddUserFeatureRestrictions] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	err := l.users.AddUserFeatureRestriction(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.AddUserFeatureRestrictions] failed to add user feature restrictions by user name \"%s\", because %s", username, err.Error())
+		return err
+	}
+
+	return nil
+}
+
+// RemoveUserFeatureRestrictions removes user feature restrictions according to the specified user name
+func (l *UserDataCli) RemoveUserFeatureRestrictions(c *core.CliContext, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		log.CliErrorf(c, "[user_data.RemoveUserFeatureRestrictions] user name is empty")
+		return errs.ErrUsernameIsEmpty
+	}
+
+	err := l.users.RemoveUserFeatureRestriction(c, username, featureRestriction)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.RemoveUserFeatureRestrictions] failed to remove user feature restrictions by user name \"%s\", because %s", username, err.Error())
+		return err
+	}
+
+	return nil
+}
+
 // ResendVerifyEmail resends an email with account activation link
 func (l *UserDataCli) ResendVerifyEmail(c *core.CliContext, username string) error {
 	if !l.CurrentConfig().EnableUserVerifyEmail {
diff --git a/pkg/services/users.go b/pkg/services/users.go
index 155b37c4..1c757fa6 100644
--- a/pkg/services/users.go
+++ b/pkg/services/users.go
@@ -471,6 +471,75 @@ func (s *UserService) DisableUser(c core.Context, username string) error {
 	return nil
 }
 
+// UpdateUserFeatureRestriction sets user user feature restrictions
+func (s *UserService) UpdateUserFeatureRestriction(c core.Context, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		return errs.ErrUsernameIsEmpty
+	}
+
+	now := time.Now().Unix()
+
+	updateModel := &models.User{
+		FeatureRestriction: featureRestriction,
+		UpdatedUnixTime:    now,
+	}
+
+	updatedRows, err := s.UserDB().NewSession(c).Cols("feature_restriction", "updated_unix_time").Where("username=? AND deleted=?", username, false).Update(updateModel)
+
+	if err != nil {
+		return err
+	} else if updatedRows < 1 {
+		return errs.ErrUserNotFound
+	}
+	return nil
+}
+
+// AddUserFeatureRestriction adds user user feature restrictions
+func (s *UserService) AddUserFeatureRestriction(c core.Context, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		return errs.ErrUsernameIsEmpty
+	}
+
+	now := time.Now().Unix()
+
+	updateModel := &models.User{
+		FeatureRestriction: featureRestriction,
+		UpdatedUnixTime:    now,
+	}
+
+	updatedRows, err := s.UserDB().NewSession(c).SetExpr("feature_restriction", fmt.Sprintf("feature_restriction|(%d)", updateModel.FeatureRestriction)).Cols("updated_unix_time").Where("username=? AND deleted=?", username, false).Update(updateModel)
+
+	if err != nil {
+		return err
+	} else if updatedRows < 1 {
+		return errs.ErrUserNotFound
+	}
+	return nil
+}
+
+// RemoveUserFeatureRestriction removes user user feature restrictions
+func (s *UserService) RemoveUserFeatureRestriction(c core.Context, username string, featureRestriction core.UserFeatureRestrictions) error {
+	if username == "" {
+		return errs.ErrUsernameIsEmpty
+	}
+
+	now := time.Now().Unix()
+
+	updateModel := &models.User{
+		FeatureRestriction: ^featureRestriction,
+		UpdatedUnixTime:    now,
+	}
+
+	updatedRows, err := s.UserDB().NewSession(c).SetExpr("feature_restriction", fmt.Sprintf("feature_restriction&(%d)", updateModel.FeatureRestriction)).Cols("updated_unix_time").Where("username=? AND deleted=?", username, false).Update(updateModel)
+
+	if err != nil {
+		return err
+	} else if updatedRows < 1 {
+		return errs.ErrUserNotFound
+	}
+	return nil
+}
+
 // SetUserEmailVerified sets user email address verified
 func (s *UserService) SetUserEmailVerified(c core.Context, username string) error {
 	if username == "" {