diff --git a/en/application-dev/security/accesstoken-guidelines.md b/en/application-dev/security/accesstoken-guidelines.md
index 93e6b808074f476ab103ee1b43db856d7ab472d6..59f4ab042f13956740232fe4e7a3c2fbfe4d7bc2 100644
--- a/en/application-dev/security/accesstoken-guidelines.md
+++ b/en/application-dev/security/accesstoken-guidelines.md
@@ -125,7 +125,7 @@ User authorization is required when an application needs to access user privacy
 
 > **NOTE**
 >
-> Each time before an API protected by a **user_grant** permission is called, **requestPermissionsFromUser()** will be called to request user authorization. After the permission is granted, the user may revoke the authorization in **Settings**. Therefore, the previous authorization status cannot be persistent.
+> Each time before an API protected by a **user_grant** permission is called, **[requestPermissionsFromUser()](../reference/apis/js-apis-abilityAccessCtrl.md#requestpermissionsfromuser9)** will be called to request user authorization. After the permission is granted, the user may revoke the authorization in **Settings**. Therefore, the previous authorization status cannot be persistent.
 
 ### Stage Model
 
diff --git a/en/application-dev/security/accesstoken-overview.md b/en/application-dev/security/accesstoken-overview.md
index b6eb50c0d37613e8bd7ee1ca98e1f86b9002ceea..a6bad0e40cc705ba4b0d66b2ab179ff874fc9286 100644
--- a/en/application-dev/security/accesstoken-overview.md
+++ b/en/application-dev/security/accesstoken-overview.md
@@ -39,10 +39,14 @@ The figure below illustrates the process.
 
 ![](figures/permission-workflow.png)
 
+**NOTE**
+
 1. Refer to the figure below to determine whether an application can apply for a permission.
 
 ![](figures/permission-application-process.png)
 
+**NOTE**
+
 1. See [Permission Levels](#permission-levels) for details about the mapping between the application Ability Privilege Level (APL) and the permission level.
 
 2. The permission authorization modes include user_grant (permission granted by the user) and system_grant (permission granted by the system). For details, see [Permission Types](#permission-types).
@@ -58,6 +62,8 @@ The figure below shows the permission verification process.
 
 ![](figures/permission-verify-process.png)
 
+**NOTE**
+
 1: An application permission can be used to control the access to an API that has sensitive data involved or security threats on core abilities.
 
 2: The API can be protected by a permission in the [ACL](#acl). For example, if contact information is involved in an API provided by an application, you can use a contact-related permission to protect the API.