diff --git a/apiserver/paasng/paasng/infras/accounts/permissions/application.py b/apiserver/paasng/paasng/infras/accounts/permissions/application.py
index 4129d2fe95..0dd7475a6e 100644
--- a/apiserver/paasng/paasng/infras/accounts/permissions/application.py
+++ b/apiserver/paasng/paasng/infras/accounts/permissions/application.py
@@ -69,8 +69,7 @@ def has_object_permission(self, request, view, obj: Union[Application, Module]):
             elif isinstance(obj, Module):
                 return user_has_app_action_perm(request.user, obj.application, action)
             else:
-                logger.error("Application permission checked on incorrect object, type: %s", type(obj))
-                return False
+                raise TypeError(f"Permission check on incorrect type: {type(obj)}")
 
     return AppModulePermission
 
@@ -101,8 +100,7 @@ def has_object_permission(self, request, view, obj: Union[Application, Module]):
             elif isinstance(obj, Module):
                 return user_has_app_action_perm(request.user, obj.application, action)
             else:
-                logger.error("Application permission checked on incorrect object, type: %s", type(obj))
-                return False
+                raise TypeError(f"Permission check on incorrect type: {type(obj)}")
 
     return AppViewActionsPermission
 
diff --git a/apiserver/paasng/paasng/settings/__init__.py b/apiserver/paasng/paasng/settings/__init__.py
index aeeb3b51e0..bb0aa82088 100644
--- a/apiserver/paasng/paasng/settings/__init__.py
+++ b/apiserver/paasng/paasng/settings/__init__.py
@@ -176,14 +176,17 @@
     "paas_wl.infras.resources.generation",
     # 蓝鲸通知中心
     "bk_notice_sdk",
-    # This app helps us to make sure the permission was configured correctly
-    "paasng.infras.perm_insure",
 ]
 
 # Allow extending installed apps
 EXTRA_INSTALLED_APPS = settings.get("EXTRA_INSTALLED_APPS", [])
 INSTALLED_APPS += EXTRA_INSTALLED_APPS
 
+# The "perm_insure" module helps us to make sure that the permission is configured
+# correctly, put it at the end of the list to make sure that all URL confs have been
+# added to the root url before the perm checking starts.
+INSTALLED_APPS.append("paasng.infras.perm_insure")
+
 MIDDLEWARE = [
     "django_prometheus.middleware.PrometheusBeforeMiddleware",
     "paasng.infras.accounts.middlewares.RequestIDProvider",  # 注入 RequestID