diff --git a/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs b/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs
index 67684c030f..6a8f862087 100644
--- a/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs
+++ b/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/CurrentTenantExtensions.cs
@@ -16,5 +16,12 @@ namespace Volo.Abp.MultiTenancy
 
             return currentTenant.Id.Value;
         }
+
+        public static MultiTenancySides GetMultiTenancySide(this ICurrentTenant currentTenant)
+        {
+            return currentTenant.Id.HasValue
+                ? MultiTenancySides.Tenant
+                : MultiTenancySides.Host;
+        }
     }
 }
\ No newline at end of file
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
index 560c5b87f1..2155420600 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@@ -7,6 +7,7 @@ using Microsoft.Extensions.Localization;
 using Microsoft.Extensions.Options;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.MultiTenancy;
 
 namespace Volo.Abp.PermissionManagement
 {
@@ -41,6 +42,8 @@ namespace Volo.Abp.PermissionManagement
                 Groups = new List<PermissionGroupDto>()
             };
 
+            var multiTenancySide = CurrentTenant.GetMultiTenancySide();
+
             foreach (var group in _permissionDefinitionManager.GetGroups())
             {
                 var groupDto = new PermissionGroupDto
@@ -57,6 +60,11 @@ namespace Volo.Abp.PermissionManagement
                         continue;
                     }
 
+                    if (!permission.MultiTenancySide.HasFlag(multiTenancySide))
+                    {
+                        continue;
+                    }
+
                     var grantInfoDto = new PermissionGrantInfoDto
                     {
                         Name = permission.Name,
@@ -97,13 +105,6 @@ namespace Volo.Abp.PermissionManagement
 
             foreach (var permissionDto in input.Permissions)
             {
-                var permissionDefinition = _permissionDefinitionManager.Get(permissionDto.Name);
-                if (permissionDefinition.Providers.Any() && 
-                    !permissionDefinition.Providers.Contains(providerName))
-                {
-                    throw new ApplicationException($"The permission named '{permissionDto.Name}' has not compatible with the provider named '{providerName}'");
-                }
-
                 await _permissionManager.SetAsync(permissionDto.Name, providerName, providerKey, permissionDto.IsGranted);
             }
         }
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs
index 203082828b..719dc654b8 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionDataSeedContributor.cs
@@ -3,28 +3,34 @@ using System.Threading.Tasks;
 using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.Data;
 using Volo.Abp.DependencyInjection;
+using Volo.Abp.MultiTenancy;
 
 namespace Volo.Abp.PermissionManagement
 {
     public class PermissionDataSeedContributor : IDataSeedContributor, ITransientDependency
     {
+        protected ICurrentTenant CurrentTenant { get; }
+
         protected IPermissionDefinitionManager PermissionDefinitionManager { get; }
         protected IPermissionDataSeeder PermissionDataSeeder { get; }
 
         public PermissionDataSeedContributor(
             IPermissionDefinitionManager permissionDefinitionManager,
-            IPermissionDataSeeder permissionDataSeeder)
+            IPermissionDataSeeder permissionDataSeeder,
+            ICurrentTenant currentTenant)
         {
             PermissionDefinitionManager = permissionDefinitionManager;
             PermissionDataSeeder = permissionDataSeeder;
+            CurrentTenant = currentTenant;
         }
 
-        public Task SeedAsync(DataSeedContext context)
+        public virtual Task SeedAsync(DataSeedContext context)
         {
+            var multiTenancySide = CurrentTenant.GetMultiTenancySide();
             var permissionNames = PermissionDefinitionManager
                 .GetPermissions()
+                .Where(p => p.MultiTenancySide.HasFlag(multiTenancySide))
                 .Select(p => p.Name)
-                //TODO: Filter host/tenant permissions!
                 .ToArray();
 
             return PermissionDataSeeder.SeedAsync(
diff --git a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs
index 18dff9f825..f8825c6e81 100644
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Domain/Volo/Abp/PermissionManagement/PermissionManager.cs
@@ -7,6 +7,7 @@ using Microsoft.Extensions.Options;
 using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Guids;
+using Volo.Abp.MultiTenancy;
 
 namespace Volo.Abp.PermissionManagement
 {
@@ -18,6 +19,8 @@ namespace Volo.Abp.PermissionManagement
 
         protected IGuidGenerator GuidGenerator { get; }
 
+        protected ICurrentTenant CurrentTenant { get; }
+
         protected IReadOnlyList<IPermissionManagementProvider> ManagementProviders => _lazyProviders.Value;
 
         protected PermissionManagementOptions Options { get; }
@@ -29,9 +32,11 @@ namespace Volo.Abp.PermissionManagement
             IPermissionGrantRepository permissionGrantRepository,
             IServiceProvider serviceProvider,
             IGuidGenerator guidGenerator,
-            IOptions<PermissionManagementOptions> options)
+            IOptions<PermissionManagementOptions> options,
+            ICurrentTenant currentTenant)
         {
             GuidGenerator = guidGenerator;
+            CurrentTenant = currentTenant;
             PermissionGrantRepository = permissionGrantRepository;
             PermissionDefinitionManager = permissionDefinitionManager;
             Options = options.Value;
@@ -64,7 +69,21 @@ namespace Volo.Abp.PermissionManagement
 
         public async Task SetAsync(string permissionName, string providerName, string providerKey, bool isGranted)
         {
-            var currentGrantInfo = await GetAsync(permissionName, providerName, providerKey);
+            var permission = PermissionDefinitionManager.Get(permissionName);
+
+            if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+            {
+                //TODO: BusinessException
+                throw new ApplicationException($"The permission named '{permission.Name}' has not compatible with the provider named '{providerName}'");
+            }
+
+            if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
+            {
+                //TODO: BusinessException
+                throw new ApplicationException($"The permission named '{permission.Name}' has multitenancy side '{permission.MultiTenancySide}' which is not compatible with the current multitenancy side '{CurrentTenant.GetMultiTenancySide()}'");
+            }
+
+            var currentGrantInfo = await GetInternalAsync(permission, providerName, providerKey);
             if (currentGrantInfo.IsGranted == isGranted)
             {
                 return;
@@ -73,19 +92,30 @@ namespace Volo.Abp.PermissionManagement
             var provider = ManagementProviders.FirstOrDefault(m => m.Name == providerName);
             if (provider == null)
             {
+                //TODO: BusinessException
                 throw new AbpException("Unknown permission management provider: " + providerName);
             }
 
             await provider.SetAsync(permissionName, providerKey, isGranted);
         }
 
-        protected virtual async Task<PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permissionDefinition, string providerName, string providerKey)
+        protected virtual async Task<PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permission, string providerName, string providerKey)
         {
-            var result = new PermissionWithGrantedProviders(permissionDefinition.Name, false);
+            var result = new PermissionWithGrantedProviders(permission.Name, false);
+
+            if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
+            {
+                return result;
+            }
+
+            if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+            {
+                return result;
+            }
 
             foreach (var provider in ManagementProviders)
             {
-                var providerResult = await provider.CheckAsync(permissionDefinition.Name, providerName, providerKey);
+                var providerResult = await provider.CheckAsync(permission.Name, providerName, providerKey);
                 if (providerResult.IsGranted)
                 {
                     result.IsGranted = true;