diff --git a/src/common/helper.js b/src/common/helper.js
index 79d6636c..cc8cdddd 100644
--- a/src/common/helper.js
+++ b/src/common/helper.js
@@ -914,6 +914,30 @@ async function listChallengesByMember (memberId) {
   return allIds
 }
 
+/**
+ * Lists resources that given member has in the given challenge.
+ * @param {Number} memberId the member id
+ * @param {String} id the challenge id
+ * @returns {Promise<Array>} an array of resources.
+ */
+async function listResourcesByMemberAndChallenge (memberId, challengeId) {
+  const token = await getM2MToken()
+  let response = {}
+  try {
+    response = await axios.get(config.RESOURCES_API_URL, {
+      headers: { Authorization: `Bearer ${token}` },
+      params: {
+        memberId,
+        challengeId
+      }
+    })
+  } catch (e) {
+    logger.debug(`Failed to get resources on challenge ${challengeId} that memberId ${memberId} has`, e)
+  }
+  const result = response.data || []
+  return result
+}
+
 /**
  * Check if ES refresh method is valid.
  *
@@ -1056,16 +1080,15 @@ async function ensureAccessibleByGroupsAccess (currentUser, challenge) {
  * @param {Object} challenge the challenge to check
  */
 async function _ensureAccessibleForTaskChallenge (currentUser, challenge) {
-  let challengeResourceIds
+  let memberResources
   // Check if challenge is task and apply security rules
   if (_.get(challenge, 'task.isTask', false) && _.get(challenge, 'task.isAssigned', false)) {
     if (currentUser) {
       if (!currentUser.isMachine) {
-        const challengeResources = await getChallengeResources(challenge.id)
-        challengeResourceIds = _.map(challengeResources, r => _.toString(r.memberId))
+        memberResources = await listResourcesByMemberAndChallenge(currentUser.userId, challenge.id)
       }
     }
-    const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine || hasAdminRole(currentUser) || _.includes((challengeResourceIds || []), _.toString(currentUser.userId))
+    const canAccesChallenge = _.isUndefined(currentUser) ? false : currentUser.isMachine || hasAdminRole(currentUser) || !_.isEmpty(memberResources)
     if (!canAccesChallenge) {
       throw new errors.ForbiddenError(`You don't have access to view this challenge`)
     }
@@ -1287,6 +1310,7 @@ module.exports = {
   ensureProjectExist,
   calculateChallengeEndDate,
   listChallengesByMember,
+  listResourcesByMemberAndChallenge,
   validateESRefreshMethod,
   getProjectDefaultTerms,
   validateChallengeTerms,
diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
index a0cbd32a..64c0852a 100644
--- a/src/services/ChallengeService.js
+++ b/src/services/ChallengeService.js
@@ -118,6 +118,52 @@ async function ensureAcessibilityToModifiedGroups (currentUser, data, challenge)
   }
 }
 
+/**
+ * Search challenges by legacyId
+ * @param {Object} currentUser the user who perform operation
+ * @param {Number} legacyId the legacyId
+ * @param {Number} page the page
+ * @param {Number} perPage the perPage
+ * @returns {Array} the search result
+ */
+async function searchByLegacyId (currentUser, legacyId, page, perPage) {
+  const esQuery = {
+    index: config.get('ES.ES_INDEX'),
+    type: config.get('ES.ES_TYPE'),
+    size: perPage,
+    from: (page - 1) * perPage,
+    body: {
+      query: {
+        term: {
+          legacyId
+        }
+      }
+    }
+  }
+
+  logger.debug(`es Query ${JSON.stringify(esQuery)}`)
+  let docs
+  try {
+    docs = await esClient.search(esQuery)
+  } catch (e) {
+    logger.error(`Query Error from ES ${JSON.stringify(e)}`)
+    docs = {
+      hits: {
+        hits: []
+      }
+    }
+  }
+  const ids = _.map(docs.hits.hits, item => item._source.id)
+  const result = []
+  for (const id of ids) {
+    try {
+      const challenge = await getChallenge(currentUser, id)
+      result.push(challenge)
+    } catch (e) {}
+  }
+  return result
+}
+
 /**
  * Search challenges
  * @param {Object} currentUser the user who perform operation
@@ -129,6 +175,10 @@ async function searchChallenges (currentUser, criteria) {
 
   const page = criteria.page || 1
   const perPage = criteria.perPage || 20
+  if (!_.isUndefined(criteria.legacyId)) {
+    const result = await searchByLegacyId(currentUser, criteria.legacyId, page, perPage)
+    return { total: result.length, page, perPage, result }
+  }
   const boolQuery = []
   let sortByScore = false
   const matchPhraseKeys = [
@@ -1175,13 +1225,16 @@ async function getChallenge (currentUser, id, checkIfExists) {
   // delete challenge.typeId
 
   // Remove privateDescription for unregistered users
-  let memberChallengeIds
   if (currentUser) {
     if (!currentUser.isMachine && !helper.hasAdminRole(currentUser)) {
       _.unset(challenge, 'billing')
-      memberChallengeIds = await helper.listChallengesByMember(currentUser.userId)
-      if (!_.includes(memberChallengeIds, challenge.id)) {
+      if (_.isEmpty(challenge.privateDescription)) {
         _.unset(challenge, 'privateDescription')
+      } else if (!_.get(challenge, 'task.isTask', false) || !_.get(challenge, 'task.isAssigned', false)) {
+        const memberResources = await helper.listResourcesByMemberAndChallenge(currentUser.userId, challenge.id)
+        if (_.isEmpty(memberResources)) {
+          _.unset(challenge, 'privateDescription')
+        }
       }
     }
   } else {