diff --git a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseController.java b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseController.java
index c9b31c37..d1031b8c 100644
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseController.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseController.java
@@ -30,8 +30,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.lang.tree.Tree;
+import cn.hutool.core.util.StrUtil;
 
+import top.charles7c.cnadmin.common.annotation.CrudRequestMapping;
 import top.charles7c.cnadmin.common.model.query.PageQuery;
 import top.charles7c.cnadmin.common.model.query.SortQuery;
 import top.charles7c.cnadmin.common.model.vo.PageDataVO;
@@ -72,6 +75,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @GetMapping
     protected R<PageDataVO<V>> page(@Validated Q query, @Validated PageQuery pageQuery) {
+        this.checkPermission("list");
         PageDataVO<V> pageDataVO = baseService.page(query, pageQuery);
         return R.ok(pageDataVO);
     }
@@ -89,6 +93,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @GetMapping("/tree")
     protected R<List<Tree<Long>>> tree(@Validated Q query, @Validated SortQuery sortQuery) {
+        this.checkPermission("list");
         List<Tree<Long>> list = baseService.tree(query, sortQuery, false);
         return R.ok(list);
     }
@@ -106,6 +111,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @GetMapping("/list")
     protected R<List<V>> list(@Validated Q query, @Validated SortQuery sortQuery) {
+        this.checkPermission("list");
         List<V> list = baseService.list(query, sortQuery);
         return R.ok(list);
     }
@@ -122,6 +128,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @GetMapping("/{id}")
     protected R<D> get(@PathVariable Long id) {
+        this.checkPermission("list");
         D detail = baseService.get(id);
         return R.ok(detail);
     }
@@ -137,6 +144,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @PostMapping
     protected R<Long> add(@Validated(BaseRequest.Add.class) @RequestBody C request) {
+        this.checkPermission("add");
         Long id = baseService.add(request);
         return R.ok("新增成功", id);
     }
@@ -152,6 +160,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @PutMapping
     protected R update(@Validated(BaseRequest.Update.class) @RequestBody C request) {
+        this.checkPermission("update");
         baseService.update(request);
         return R.ok("修改成功");
     }
@@ -168,6 +177,7 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @ResponseBody
     @DeleteMapping("/{ids}")
     protected R delete(@PathVariable List<Long> ids) {
+        this.checkPermission("delete");
         baseService.delete(ids);
         return R.ok("删除成功");
     }
@@ -185,6 +195,20 @@ public abstract class BaseController<S extends BaseService<V, D, Q, C>, V, D, Q,
     @Operation(summary = "导出数据")
     @GetMapping("/export")
     protected void export(@Validated Q query, @Validated SortQuery sortQuery, HttpServletResponse response) {
+        this.checkPermission("export");
         baseService.export(query, sortQuery, response);
     }
+
+    /**
+     * 权限认证
+     *
+     * @param subPermission
+     *            部分权限码
+     */
+    private void checkPermission(String subPermission) {
+        CrudRequestMapping crudRequestMapping = this.getClass().getDeclaredAnnotation(CrudRequestMapping.class);
+        String path = crudRequestMapping.value();
+        String permissionPrefix = String.join(":", StrUtil.splitTrim(path, "/"));
+        StpUtil.checkPermission(String.format("%s:%s", permissionPrefix, subPermission));
+    }
 }
diff --git a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseServiceImpl.java b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseServiceImpl.java
index 4df6c64c..9aea0c1a 100644
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseServiceImpl.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/base/BaseServiceImpl.java
@@ -41,6 +41,7 @@ import com.baomidou.mybatisplus.extension.conditions.update.UpdateChainWrapper;
 import com.baomidou.mybatisplus.extension.toolkit.ChainWrappers;
 
 import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.bean.copier.CopyOptions;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.lang.Opt;
@@ -165,7 +166,10 @@ public abstract class BaseServiceImpl<M extends BaseMapper<T>, T, V, D, Q, C ext
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void update(C request) {
-        T entity = BeanUtil.copyProperties(request, entityClass);
+        String idName = this.currentEntityIdName();
+        Object idValue = ReflectUtil.getFieldValue(request, idName);
+        T entity = this.getById(idValue);
+        BeanUtil.copyProperties(request, entity, CopyOptions.create().ignoreNullValue());
         baseMapper.updateById(entity);
     }
 
@@ -211,8 +215,8 @@ public abstract class BaseServiceImpl<M extends BaseMapper<T>, T, V, D, Q, C ext
      *            ID
      * @return 实体信息
      */
-    protected T getById(Long id) {
-        T entity = baseMapper.selectById(id);
+    protected T getById(Object id) {
+        T entity = baseMapper.selectById(Convert.toStr(id));
         CheckUtils.throwIfNull(entity, String.format("ID为 [%s] 的记录已不存在", id));
         return entity;
     }
diff --git a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/consts/Constants.java b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/consts/Constants.java
index e848cbec..0979d5d1 100644
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/consts/Constants.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/consts/Constants.java
@@ -31,7 +31,12 @@ public class Constants {
     /**
      * 超级管理员角色编码
      */
-    public static final String ADMIN_ROLE_CODE = "admin";
+    public static final String SUPER_ADMIN = "admin";
+
+    /**
+     * 全部权限标识
+     */
+    public static final String ALL_PERMISSION = "*";
 
     /**
      * 默认密码
diff --git a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/handler/GlobalExceptionHandler.java b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/handler/GlobalExceptionHandler.java
index b7da3af1..5a06a332 100644
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/handler/GlobalExceptionHandler.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/handler/GlobalExceptionHandler.java
@@ -36,6 +36,8 @@ import org.springframework.web.method.annotation.MethodArgumentTypeMismatchExcep
 import org.springframework.web.multipart.MaxUploadSizeExceededException;
 
 import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.exception.NotPermissionException;
+import cn.dev33.satoken.exception.NotRoleException;
 import cn.hutool.core.util.NumberUtil;
 import cn.hutool.core.util.StrUtil;
 
@@ -163,7 +165,20 @@ public class GlobalExceptionHandler {
     }
 
     /**
-     * 拦截认证异常-未登录异常
+     * 拦截文件上传异常-超过上传大小限制
+     */
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    @ExceptionHandler(MaxUploadSizeExceededException.class)
+    public R handleMaxUploadSizeExceededException(MaxUploadSizeExceededException e, HttpServletRequest request) {
+        log.error("请求地址'{}'，上传文件失败，文件大小超过限制", request.getRequestURI(), e);
+        String sizeLimit = StrUtil.subBetween(e.getMessage(), "The maximum size ", " for");
+        String errorMsg = String.format("请上传小于 %s MB 的文件", NumberUtil.parseLong(sizeLimit) / 1024 / 1024);
+        LogContextHolder.setErrorMsg(errorMsg);
+        return R.fail(HttpStatus.BAD_REQUEST.value(), errorMsg);
+    }
+
+    /**
+     * 认证异常-登录认证
      */
     @ResponseStatus(HttpStatus.UNAUTHORIZED)
     @ExceptionHandler(NotLoginException.class)
@@ -188,15 +203,22 @@ public class GlobalExceptionHandler {
     }
 
     /**
-     * 拦截文件上传异常-超过上传大小限制
+     * 认证异常-权限认证
      */
-    @ResponseStatus(HttpStatus.BAD_REQUEST)
-    @ExceptionHandler(MaxUploadSizeExceededException.class)
-    public R handleMaxUploadSizeExceededException(MaxUploadSizeExceededException e, HttpServletRequest request) {
-        log.error("请求地址'{}'，上传文件失败，文件大小超过限制", request.getRequestURI(), e);
-        String sizeLimit = StrUtil.subBetween(e.getMessage(), "The maximum size ", " for");
-        String errorMsg = String.format("请上传小于 %s MB 的文件", NumberUtil.parseLong(sizeLimit) / 1024 / 1024);
-        LogContextHolder.setErrorMsg(errorMsg);
-        return R.fail(HttpStatus.BAD_REQUEST.value(), errorMsg);
+    @ResponseStatus(HttpStatus.FORBIDDEN)
+    @ExceptionHandler(NotPermissionException.class)
+    public R handleNotPermissionException(NotPermissionException e, HttpServletRequest request) {
+        log.error("请求地址'{}'，权限码校验失败'{}'", request.getRequestURI(), e);
+        return R.fail(HttpStatus.FORBIDDEN.value(), "没有访问权限，请联系管理员授权");
+    }
+
+    /**
+     * 认证异常-角色认证
+     */
+    @ResponseStatus(HttpStatus.FORBIDDEN)
+    @ExceptionHandler(NotRoleException.class)
+    public R handleNotRoleException(NotRoleException e, HttpServletRequest request) {
+        log.error("请求地址'{}'，角色权限校验失败'{}'", request.getRequestURI(), e);
+        return R.fail(HttpStatus.FORBIDDEN.value(), "没有访问权限，请联系管理员授权");
     }
 }
\ No newline at end of file
diff --git a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/model/dto/LoginUser.java b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/model/dto/LoginUser.java
index 7952bb28..fad70902 100644
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/model/dto/LoginUser.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/model/dto/LoginUser.java
@@ -18,6 +18,7 @@ package top.charles7c.cnadmin.common.model.dto;
 
 import java.io.Serializable;
 import java.time.LocalDateTime;
+import java.util.Set;
 
 import lombok.Data;
 
@@ -118,4 +119,14 @@ public class LoginUser implements Serializable {
      * 登录时间
      */
     private LocalDateTime loginTime;
+
+    /**
+     * 权限码集合
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色编码集合
+     */
+    private Set<String> roles;
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenConfiguration.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenConfiguration.java
index 601cdda9..37e496bb 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenConfiguration.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenConfiguration.java
@@ -24,8 +24,10 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import cn.dev33.satoken.dao.SaTokenDao;
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.jwt.StpLogicJwtForSimple;
+import cn.dev33.satoken.stp.StpInterface;
 import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.stp.StpUtil;
 
@@ -53,7 +55,23 @@ public class SaTokenConfiguration implements WebMvcConfigurer {
      * Sa-Token 整合 JWT（简单模式）
      */
     @Bean
-    public StpLogic getStpLogicJwt() {
+    public StpLogic stpLogic() {
         return new StpLogicJwtForSimple();
     }
+
+    /**
+     * Sa-Token 持久层本地 Redis 适配
+     */
+    @Bean
+    public SaTokenDao saTokenDao() {
+        return new SaTokenRedisDaoImpl();
+    }
+
+    /**
+     * Sa-Token 权限认证适配
+     */
+    @Bean
+    public StpInterface stpInterface() {
+        return new SaTokenPermissionImpl();
+    }
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenPermissionImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenPermissionImpl.java
new file mode 100644
index 00000000..f159a57e
--- /dev/null
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenPermissionImpl.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.cnadmin.auth.config.satoken;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import cn.dev33.satoken.stp.StpInterface;
+
+import top.charles7c.cnadmin.common.model.dto.LoginUser;
+import top.charles7c.cnadmin.common.util.helper.LoginHelper;
+
+/**
+ * Sa-Token 权限认证适配
+ *
+ * @author Charles7c
+ * @since 2023/3/1 22:28
+ */
+public class SaTokenPermissionImpl implements StpInterface {
+
+    @Override
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        LoginUser loginUser = LoginHelper.getLoginUser();
+        return new ArrayList<>(loginUser.getPermissions());
+    }
+
+    @Override
+    public List<String> getRoleList(Object loginId, String loginType) {
+        LoginUser loginUser = LoginHelper.getLoginUser();
+        return new ArrayList<>(loginUser.getRoles());
+    }
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenRedisDaoImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenRedisDaoImpl.java
index 50f55743..1ce608a2 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenRedisDaoImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/config/satoken/SaTokenRedisDaoImpl.java
@@ -21,20 +21,17 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.stereotype.Component;
-
 import cn.dev33.satoken.dao.SaTokenDao;
 import cn.dev33.satoken.util.SaFoxUtil;
 
 import top.charles7c.cnadmin.common.util.RedisUtils;
 
 /**
- * SaTokenDao 的本地 Redis 适配（参考：Sa-Token/sa-token-plugin/sa-token-dao-redisx/SaTokenDaoOfRedis.java）
+ * Sa-Token 持久层本地 Redis 适配（参考：Sa-Token/sa-token-plugin/sa-token-dao-redisx/SaTokenDaoOfRedis.java）
  *
  * @author Charles7c
  * @since 2022/12/28 22:55
  */
-@Component
 public class SaTokenRedisDaoImpl implements SaTokenDao {
 
     @Override
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/model/vo/UserInfoVO.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/model/vo/UserInfoVO.java
index ce1f745f..936455f5 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/model/vo/UserInfoVO.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/model/vo/UserInfoVO.java
@@ -19,6 +19,7 @@ package top.charles7c.cnadmin.auth.model.vo;
 import java.io.Serializable;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
+import java.util.Set;
 
 import lombok.Data;
 import lombok.experimental.Accessors;
@@ -123,9 +124,16 @@ public class UserInfoVO implements Serializable {
     private String deptName;
 
     /**
-     * 用户角色（临时 mock 用，写完角色体系后移除）
+     * 权限码集合
      */
-    private String role = "admin";
+    @Schema(description = "权限码集合")
+    private Set<String> permissions;
+
+    /**
+     * 角色编码集合
+     */
+    @Schema(description = "角色编码集合")
+    private Set<String> roles;
 
     public String getPhone() {
         return DesensitizedUtil.mobilePhone(phone);
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/PermissionService.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/PermissionService.java
new file mode 100644
index 00000000..5d57840f
--- /dev/null
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/PermissionService.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.cnadmin.auth.service;
+
+import java.util.Set;
+
+/**
+ * 权限业务接口
+ *
+ * @author Charles7c
+ * @since 2023/3/2 20:40
+ */
+public interface PermissionService {
+
+    /**
+     * 根据用户 ID 查询权限码
+     *
+     * @param userId
+     *            用户 ID
+     * @return 权限码集合
+     */
+    Set<String> listPermissionsByUserId(Long userId);
+
+    /**
+     * 根据用户 ID 查询角色编码
+     *
+     * @param userId
+     *            用户 ID
+     * @return 角色编码集合
+     */
+    Set<String> listRoleCodesByUserId(Long userId);
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/LoginServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/LoginServiceImpl.java
index adbd6922..6d154cc8 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/LoginServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/LoginServiceImpl.java
@@ -24,6 +24,7 @@ import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.bean.BeanUtil;
 
 import top.charles7c.cnadmin.auth.service.LoginService;
+import top.charles7c.cnadmin.auth.service.PermissionService;
 import top.charles7c.cnadmin.common.enums.DisEnableStatusEnum;
 import top.charles7c.cnadmin.common.model.dto.LoginUser;
 import top.charles7c.cnadmin.common.util.ExceptionUtils;
@@ -46,6 +47,7 @@ public class LoginServiceImpl implements LoginService {
 
     private final UserService userService;
     private final DeptService deptService;
+    private final PermissionService permissionService;
 
     @Override
     public String login(String username, String password) {
@@ -58,6 +60,8 @@ public class LoginServiceImpl implements LoginService {
         // 登录
         LoginUser loginUser = BeanUtil.copyProperties(userDO, LoginUser.class);
         loginUser.setDeptName(ExceptionUtils.exToNull(() -> deptService.get(loginUser.getDeptId()).getDeptName()));
+        loginUser.setPermissions(permissionService.listPermissionsByUserId(userId));
+        loginUser.setRoles(permissionService.listRoleCodesByUserId(userId));
         LoginHelper.login(loginUser);
 
         // 返回令牌
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/PermissionServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/PermissionServiceImpl.java
new file mode 100644
index 00000000..c9949e2d
--- /dev/null
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/auth/service/impl/PermissionServiceImpl.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.cnadmin.auth.service.impl;
+
+import java.util.Set;
+
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.stereotype.Service;
+
+import cn.hutool.core.collection.CollUtil;
+
+import top.charles7c.cnadmin.auth.service.PermissionService;
+import top.charles7c.cnadmin.common.consts.Constants;
+import top.charles7c.cnadmin.system.service.MenuService;
+import top.charles7c.cnadmin.system.service.RoleService;
+
+/**
+ * 权限业务实现类
+ *
+ * @author Charles7c
+ * @since 2023/3/2 20:40
+ */
+@Service
+@RequiredArgsConstructor
+public class PermissionServiceImpl implements PermissionService {
+
+    private final MenuService menuService;
+    private final RoleService roleService;
+
+    @Override
+    public Set<String> listPermissionsByUserId(Long userId) {
+        Set<String> roleCodeSet = this.listRoleCodesByUserId(userId);
+        // 超级管理员赋予全部权限
+        if (roleCodeSet.contains(Constants.SUPER_ADMIN)) {
+            return CollUtil.newHashSet(Constants.ALL_PERMISSION);
+        }
+        return menuService.listPermissionsByUserId(userId);
+    }
+
+    @Override
+    public Set<String> listRoleCodesByUserId(Long userId) {
+        return roleService.listRoleCodesByUserId(userId);
+    }
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/MenuMapper.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/MenuMapper.java
index 5a361cc4..409ba1cb 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/MenuMapper.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/MenuMapper.java
@@ -16,6 +16,10 @@
 
 package top.charles7c.cnadmin.system.mapper;
 
+import java.util.Set;
+
+import org.apache.ibatis.annotations.Param;
+
 import top.charles7c.cnadmin.common.base.BaseMapper;
 import top.charles7c.cnadmin.system.model.entity.MenuDO;
 
@@ -25,4 +29,14 @@ import top.charles7c.cnadmin.system.model.entity.MenuDO;
  * @author Charles7c
  * @since 2023/2/15 20:30
  */
-public interface MenuMapper extends BaseMapper<MenuDO> {}
+public interface MenuMapper extends BaseMapper<MenuDO> {
+
+    /**
+     * 根据 ID 查询权限码
+     *
+     * @param userId
+     *            用户 ID
+     * @return 权限码集合
+     */
+    Set<String> selectPermissionsByUserId(@Param("userId") Long userId);
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/RoleMenuMapper.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/RoleMenuMapper.java
index f00bc8c1..b2c9e037 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/RoleMenuMapper.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/RoleMenuMapper.java
@@ -18,9 +18,6 @@ package top.charles7c.cnadmin.system.mapper;
 
 import java.util.List;
 
-import org.apache.ibatis.annotations.Param;
-import org.apache.ibatis.annotations.Select;
-
 import top.charles7c.cnadmin.common.base.BaseMapper;
 import top.charles7c.cnadmin.system.model.entity.RoleMenuDO;
 
@@ -33,12 +30,11 @@ import top.charles7c.cnadmin.system.model.entity.RoleMenuDO;
 public interface RoleMenuMapper extends BaseMapper<RoleMenuDO> {
 
     /**
-     * 根据角色 ID 查询
+     * 根据角色 ID 列表查询
      *
-     * @param roleId
-     *            角色 ID
+     * @param roleIds
+     *            角色 ID 列表
      * @return 菜单 ID 列表
      */
-    @Select("SELECT `menu_id` FROM `sys_role_menu` WHERE `role_id` = #{roleId}")
-    List<Long> selectMenuIdsByRoleId(@Param("roleId") Long roleId);
+    List<Long> selectMenuIdsByRoleIds(List<Long> roleIds);
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/UserRoleMapper.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/UserRoleMapper.java
index 0cc09ed1..153a1174 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/UserRoleMapper.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/mapper/UserRoleMapper.java
@@ -16,6 +16,11 @@
 
 package top.charles7c.cnadmin.system.mapper;
 
+import java.util.List;
+
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+
 import top.charles7c.cnadmin.common.base.BaseMapper;
 import top.charles7c.cnadmin.system.model.entity.UserRoleDO;
 
@@ -25,4 +30,15 @@ import top.charles7c.cnadmin.system.model.entity.UserRoleDO;
  * @author Charles7c
  * @since 2023/2/13 23:13
  */
-public interface UserRoleMapper extends BaseMapper<UserRoleDO> {}
+public interface UserRoleMapper extends BaseMapper<UserRoleDO> {
+
+    /**
+     * 根据用户 ID 查询
+     *
+     * @param userId
+     *            用户 ID
+     * @return 角色 ID 列表
+     */
+    @Select("SELECT `role_id` FROM `sys_user_role` WHERE `user_id` = #{userId}")
+    List<Long> selectRoleIdsByUserId(@Param("userId") Long userId);
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/request/UserRequest.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/request/UserRequest.java
index e321246d..e6c41db3 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/request/UserRequest.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/request/UserRequest.java
@@ -104,13 +104,11 @@ public class UserRequest extends BaseRequest {
      * 部门 ID
      */
     @Schema(description = "所属部门")
-    @NotNull(message = "所属部门不能为空")
     private Long deptId;
 
     /**
      * 角色 ID 列表
      */
     @Schema(description = "所属角色")
-    @NotEmpty(message = "所属角色不能为空")
     private List<Long> roleIds;
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/vo/RoleVO.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/vo/RoleVO.java
index 5e794a62..e73af562 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/vo/RoleVO.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/model/vo/RoleVO.java
@@ -90,7 +90,7 @@ public class RoleVO extends BaseVO {
     private Boolean disabled;
 
     public Boolean getDisabled() {
-        if (Constants.ADMIN_ROLE_CODE.equals(roleCode)) {
+        if (Constants.SUPER_ADMIN.equals(roleCode)) {
             return true;
         }
         return disabled;
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/MenuService.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/MenuService.java
index b6cd8307..efb70e92 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/MenuService.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/MenuService.java
@@ -16,6 +16,8 @@
 
 package top.charles7c.cnadmin.system.service;
 
+import java.util.Set;
+
 import top.charles7c.cnadmin.common.base.BaseService;
 import top.charles7c.cnadmin.system.model.query.MenuQuery;
 import top.charles7c.cnadmin.system.model.request.MenuRequest;
@@ -27,4 +29,14 @@ import top.charles7c.cnadmin.system.model.vo.MenuVO;
  * @author Charles7c
  * @since 2023/2/15 20:30
  */
-public interface MenuService extends BaseService<MenuVO, MenuVO, MenuQuery, MenuRequest> {}
+public interface MenuService extends BaseService<MenuVO, MenuVO, MenuQuery, MenuRequest> {
+
+    /**
+     * 根据用户 ID 查询
+     *
+     * @param userId
+     *            用户 ID
+     * @return 权限码集合
+     */
+    Set<String> listPermissionsByUserId(Long userId);
+}
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleMenuService.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleMenuService.java
index 551afe28..b22204d6 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleMenuService.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleMenuService.java
@@ -39,9 +39,9 @@ public interface RoleMenuService {
     /**
      * 根据角色 ID 查询
      *
-     * @param roleId
-     *            角色 ID
+     * @param roleIds
+     *            角色 ID 列表
      * @return 菜单 ID 列表
      */
-    List<Long> listMenuIdByRoleId(Long roleId);
+    List<Long> listMenuIdByRoleIds(List<Long> roleIds);
 }
\ No newline at end of file
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleService.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleService.java
index 9dbd0cb0..c12fa94a 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleService.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/RoleService.java
@@ -17,6 +17,7 @@
 package top.charles7c.cnadmin.system.service;
 
 import java.util.List;
+import java.util.Set;
 
 import top.charles7c.cnadmin.common.base.BaseService;
 import top.charles7c.cnadmin.common.model.vo.LabelValueVO;
@@ -50,4 +51,13 @@ public interface RoleService extends BaseService<RoleVO, RoleDetailVO, RoleQuery
      * @return 角色名称列表
      */
     List<String> listRoleNamesByRoleIds(List<Long> roleIds);
+
+    /**
+     * 根据用户 ID 查询角色编码
+     *
+     * @param userId
+     *            用户 ID
+     * @return 角色编码集合
+     */
+    Set<String> listRoleCodesByUserId(Long userId);
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/MenuServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/MenuServiceImpl.java
index 0f4c2b45..6a4f3cfe 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/MenuServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/MenuServiceImpl.java
@@ -16,7 +16,7 @@
 
 package top.charles7c.cnadmin.system.service.impl;
 
-import java.util.List;
+import java.util.*;
 
 import lombok.RequiredArgsConstructor;
 
@@ -89,4 +89,9 @@ public class MenuServiceImpl extends BaseServiceImpl<MenuMapper, MenuDO, MenuVO,
         return super.lambdaQuery().eq(MenuDO::getMenuName, name).eq(MenuDO::getParentId, parentId)
             .ne(id != null, MenuDO::getMenuId, id).exists();
     }
+
+    @Override
+    public Set<String> listPermissionsByUserId(Long userId) {
+        return baseMapper.selectPermissionsByUserId(userId);
+    }
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleMenuServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleMenuServiceImpl.java
index c2361aa0..ffdbff35 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleMenuServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleMenuServiceImpl.java
@@ -16,6 +16,7 @@
 
 package top.charles7c.cnadmin.system.service.impl;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -57,7 +58,10 @@ public class RoleMenuServiceImpl implements RoleMenuService {
     }
 
     @Override
-    public List<Long> listMenuIdByRoleId(Long roleId) {
-        return roleMenuMapper.selectMenuIdsByRoleId(roleId);
+    public List<Long> listMenuIdByRoleIds(List<Long> roleIds) {
+        if (CollUtil.isEmpty(roleIds)) {
+            return Collections.emptyList();
+        }
+        return roleMenuMapper.selectMenuIdsByRoleIds(roleIds);
     }
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleServiceImpl.java
index bb7fd5eb..9d199351 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/RoleServiceImpl.java
@@ -18,6 +18,7 @@ package top.charles7c.cnadmin.system.service.impl;
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 import lombok.RequiredArgsConstructor;
@@ -61,8 +62,11 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleVO,
     @Transactional(rollbackFor = Exception.class)
     public Long add(RoleRequest request) {
         String roleName = request.getRoleName();
-        boolean isExists = this.checkNameExists(roleName, request.getRoleId());
-        CheckUtils.throwIf(() -> isExists, String.format("新增失败，'%s'已存在", roleName));
+        CheckUtils.throwIf(() -> this.checkNameExists(roleName, request.getRoleId()),
+            String.format("新增失败，'%s'已存在", roleName));
+        String roleCode = request.getRoleCode();
+        CheckUtils.throwIf(() -> this.checkCodeExists(roleCode, request.getRoleId()),
+            String.format("新增失败，'%s'已存在", roleCode));
 
         // 新增角色
         request.setStatus(DisEnableStatusEnum.ENABLE);
@@ -78,8 +82,11 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleVO,
     @Transactional(rollbackFor = Exception.class)
     public void update(RoleRequest request) {
         String roleName = request.getRoleName();
-        boolean isExists = this.checkNameExists(roleName, request.getRoleId());
-        CheckUtils.throwIf(() -> isExists, String.format("修改失败，'%s'已存在", roleName));
+        CheckUtils.throwIf(() -> this.checkNameExists(roleName, request.getRoleId()),
+            String.format("修改失败，'%s'已存在", roleName));
+        String roleCode = request.getRoleCode();
+        CheckUtils.throwIf(() -> this.checkCodeExists(roleCode, request.getRoleId()),
+            String.format("修改失败，'%s'已存在", roleCode));
 
         // 更新角色
         super.update(request);
@@ -110,18 +117,31 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleVO,
         return super.lambdaQuery().eq(RoleDO::getRoleName, name).ne(id != null, RoleDO::getRoleId, id).exists();
     }
 
+    /**
+     * 检查编码是否存在
+     *
+     * @param code
+     *            编码
+     * @param id
+     *            ID
+     * @return 是否存在
+     */
+    private boolean checkCodeExists(String code, Long id) {
+        return super.lambdaQuery().eq(RoleDO::getRoleCode, code).ne(id != null, RoleDO::getRoleId, id).exists();
+    }
+
     @Override
     public void fillDetail(Object detailObj) {
         super.fillDetail(detailObj);
         if (detailObj instanceof RoleDetailVO) {
             RoleDetailVO detailVO = (RoleDetailVO)detailObj;
             Long roleId = detailVO.getRoleId();
-            if (Constants.ADMIN_ROLE_CODE.equals(detailVO.getRoleCode())) {
+            if (Constants.SUPER_ADMIN.equals(detailVO.getRoleCode())) {
                 List<MenuVO> list = menuService.list(null, null);
                 List<Long> menuIds = list.stream().map(MenuVO::getMenuId).collect(Collectors.toList());
                 detailVO.setMenuIds(menuIds);
             } else {
-                detailVO.setMenuIds(roleMenuService.listMenuIdByRoleId(roleId));
+                detailVO.setMenuIds(roleMenuService.listMenuIdByRoleIds(Collections.singletonList(roleId)));
             }
             detailVO.setDeptIds(roleDeptService.listDeptIdByRoleId(roleId));
         }
@@ -143,4 +163,14 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleVO,
         }
         return roleList.stream().map(RoleDO::getRoleName).collect(Collectors.toList());
     }
+
+    @Override
+    public Set<String> listRoleCodesByUserId(Long userId) {
+        List<Long> roleIds = userRoleService.listRoleIdsByUserId(userId);
+        List<RoleDO> roleList = super.lambdaQuery().select(RoleDO::getRoleCode).in(RoleDO::getRoleId, roleIds).list();
+        if (CollUtil.isEmpty(roleList)) {
+            return Collections.emptySet();
+        }
+        return roleList.stream().map(RoleDO::getRoleCode).collect(Collectors.toSet());
+    }
 }
diff --git a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/UserRoleServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/UserRoleServiceImpl.java
index 7bbc395d..ac5341c9 100644
--- a/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/UserRoleServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/cnadmin/system/service/impl/UserRoleServiceImpl.java
@@ -16,7 +16,6 @@
 
 package top.charles7c.cnadmin.system.service.impl;
 
-import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -64,11 +63,6 @@ public class UserRoleServiceImpl implements UserRoleService {
 
     @Override
     public List<Long> listRoleIdsByUserId(Long userId) {
-        List<UserRoleDO> userRoleList = userRoleMapper.selectList(
-            Wrappers.<UserRoleDO>lambdaQuery().select(UserRoleDO::getRoleId).eq(UserRoleDO::getUserId, userId));
-        if (CollUtil.isEmpty(userRoleList)) {
-            return Collections.emptyList();
-        }
-        return userRoleList.stream().map(UserRoleDO::getRoleId).collect(Collectors.toList());
+        return userRoleMapper.selectRoleIdsByUserId(userId);
     }
 }
diff --git a/continew-admin-system/src/main/resources/mapper/MenuMapper.xml b/continew-admin-system/src/main/resources/mapper/MenuMapper.xml
index 9ad5ba2d..5fda33ac 100644
--- a/continew-admin-system/src/main/resources/mapper/MenuMapper.xml
+++ b/continew-admin-system/src/main/resources/mapper/MenuMapper.xml
@@ -1,4 +1,16 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
 <mapper namespace="top.charles7c.cnadmin.system.mapper.MenuMapper">
+    <select id="selectPermissionsByUserId" resultType="java.lang.String">
+        SELECT DISTINCT m.`permission`
+        FROM `sys_menu` m
+                 LEFT JOIN `sys_role_menu` rm ON rm.`menu_id` = m.`menu_id`
+                 LEFT JOIN `sys_role` r ON r.`role_id` = rm.`role_id`
+                 LEFT JOIN `sys_user_role` ur ON ur.`role_id` = rm.`role_id`
+                 LEFT JOIN `sys_user` u ON u.`user_id` = ur.`user_id`
+        WHERE u.`user_id` = #{userId}
+          AND m.`menu_type` IN (2, 3)
+          AND m.`status` = 1
+          AND r.`status` = 1
+    </select>
 </mapper>
\ No newline at end of file
diff --git a/continew-admin-system/src/main/resources/mapper/RoleMenuMapper.xml b/continew-admin-system/src/main/resources/mapper/RoleMenuMapper.xml
new file mode 100644
index 00000000..907c5006
--- /dev/null
+++ b/continew-admin-system/src/main/resources/mapper/RoleMenuMapper.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="top.charles7c.cnadmin.system.mapper.RoleMenuMapper">
+    <select id="selectMenuIdsByRoleIds" resultType="java.lang.Long">
+        SELECT
+            `menu_id`
+        FROM `sys_role_menu`
+        <where>
+            `role_id` IN
+            <foreach collection="list" item="roleId" open="(" close=")" separator=",">
+                #{roleId}
+            </foreach>
+        </where>
+    </select>
+</mapper>
\ No newline at end of file
diff --git a/continew-admin-ui/src/components/message-box/locale/en-US.ts b/continew-admin-ui/src/components/message-box/locale/en-US.ts
index 7bfcdff0..13e5d0c2 100644
--- a/continew-admin-ui/src/components/message-box/locale/en-US.ts
+++ b/continew-admin-ui/src/components/message-box/locale/en-US.ts
@@ -6,7 +6,6 @@ export default {
   'messageBox.allRead': 'All Read',
   'messageBox.viewMore': 'View More',
   'messageBox.noContent': 'No Content',
-  'messageBox.switchRoles': 'Switch Roles',
   'messageBox.userCenter': 'User Center',
   'messageBox.logout': 'Logout',
 };
diff --git a/continew-admin-ui/src/components/message-box/locale/zh-CN.ts b/continew-admin-ui/src/components/message-box/locale/zh-CN.ts
index cedf8164..5a2a97ed 100644
--- a/continew-admin-ui/src/components/message-box/locale/zh-CN.ts
+++ b/continew-admin-ui/src/components/message-box/locale/zh-CN.ts
@@ -6,7 +6,6 @@ export default {
   'messageBox.allRead': '全部已读',
   'messageBox.viewMore': '查看更多',
   'messageBox.noContent': '暂无内容',
-  'messageBox.switchRoles': '切换角色',
   'messageBox.userCenter': '个人中心',
   'messageBox.logout': '退出登录',
 };
diff --git a/continew-admin-ui/src/components/navbar/index.vue b/continew-admin-ui/src/components/navbar/index.vue
index 4b788f4a..6d45fb38 100644
--- a/continew-admin-ui/src/components/navbar/index.vue
+++ b/continew-admin-ui/src/components/navbar/index.vue
@@ -150,14 +150,6 @@
             <img alt="avatar" :src="getAvatar(loginStore.avatar, loginStore.gender)" />
           </a-avatar>
           <template #content>
-            <a-doption>
-              <a-space @click="switchRoles">
-                <icon-tag />
-                <span>
-                  {{ $t('messageBox.switchRoles') }}
-                </span>
-              </a-space>
-            </a-doption>
             <a-doption>
               <a-space @click="$router.push({ name: 'UserCenter' })">
                 <icon-settings />
@@ -183,7 +175,6 @@
 
 <script lang="ts" setup>
   import { computed, ref, inject } from 'vue';
-  import { Message } from '@arco-design/web-vue';
   import { useDark, useToggle, useFullscreen } from '@vueuse/core';
   import { useAppStore, useLoginStore } from '@/store';
   import { LOCALE_OPTIONS } from '@/locale';
@@ -242,10 +233,6 @@
     });
     triggerBtn.value.dispatchEvent(event);
   };
-  const switchRoles = async () => {
-    const res = await loginStore.switchRoles();
-    Message.success(res as string);
-  };
   const toggleDrawerMenu = inject('toggleDrawerMenu') as () => void;
 </script>
 
diff --git a/continew-admin-ui/src/directive/permission/index.ts b/continew-admin-ui/src/directive/permission/index.ts
index 950d2487..40a2491a 100644
--- a/continew-admin-ui/src/directive/permission/index.ts
+++ b/continew-admin-ui/src/directive/permission/index.ts
@@ -4,19 +4,30 @@ import { useLoginStore } from '@/store';
 function checkPermission(el: HTMLElement, binding: DirectiveBinding) {
   const { value } = binding;
   const loginStore = useLoginStore();
-  const { role } = loginStore;
+  const { permissions, roles } = loginStore;
+  const superAdmin = 'admin';
+  const allPermission = '*';
 
-  if (Array.isArray(value)) {
-    if (value.length > 0) {
-      const permissionValues = value;
-
-      const hasPermission = permissionValues.includes(role);
-      if (!hasPermission && el.parentNode) {
-        el.parentNode.removeChild(el);
-      }
+  if (Array.isArray(value) && value.length > 0) {
+    const permissionValues = value;
+    // 校验权限码
+    const hasPermission = permissions.some((permission: string) => {
+      return (
+        allPermission === permission || permissionValues.includes(permission)
+      );
+    });
+    // 检验角色编码
+    const hasRole = roles.some((role: string) => {
+      return superAdmin === role || permissionValues.includes(role);
+    });
+    // 如果没有权限，移除元素
+    if (!hasPermission && !hasRole && el.parentNode) {
+      el.parentNode.removeChild(el);
     }
   } else {
-    throw new Error(`need roles! Like v-permission="['admin','user']"`);
+    throw new Error(
+      `need roles! Like v-permission="['admin','system:user:add']"`
+    );
   }
 }
 
diff --git a/continew-admin-ui/src/hooks/permission.ts b/continew-admin-ui/src/hooks/permission.ts
index 5f00890f..f5b3ba86 100644
--- a/continew-admin-ui/src/hooks/permission.ts
+++ b/continew-admin-ui/src/hooks/permission.ts
@@ -9,7 +9,7 @@ export default function usePermission() {
         !route.meta?.requiresAuth ||
         !route.meta?.roles ||
         route.meta?.roles?.includes('*') ||
-        route.meta?.roles?.includes(loginStore.role)
+        route.meta?.roles?.includes(loginStore.roles[0])
       );
     },
     findFirstPermissionRoute(_routers: any, role = 'admin') {
diff --git a/continew-admin-ui/src/layout/default-layout.vue b/continew-admin-ui/src/layout/default-layout.vue
index bb926bcb..6d9f0912 100644
--- a/continew-admin-ui/src/layout/default-layout.vue
+++ b/continew-admin-ui/src/layout/default-layout.vue
@@ -88,7 +88,7 @@
     appStore.updateSettings({ menuCollapse: val });
   };
   watch(
-    () => loginStore.role,
+    () => loginStore.roles,
     (roleValue) => {
       if (roleValue && !permission.accessRouter(route))
         router.push({ name: 'notFound' });
diff --git a/continew-admin-ui/src/router/guard/permission.ts b/continew-admin-ui/src/router/guard/permission.ts
index 83ff6a17..d3c60d1f 100644
--- a/continew-admin-ui/src/router/guard/permission.ts
+++ b/continew-admin-ui/src/router/guard/permission.ts
@@ -45,7 +45,7 @@ export default function setupPermissionGuard(router: Router) {
       if (permissionsAllow) next();
       else {
         const destination =
-          Permission.findFirstPermissionRoute(appRoutes, loginStore.role) ||
+          Permission.findFirstPermissionRoute(appRoutes, loginStore.roles[0]) ||
           NOT_FOUND;
         next(destination);
       }
diff --git a/continew-admin-ui/src/router/guard/userLoginInfo.ts b/continew-admin-ui/src/router/guard/userLoginInfo.ts
index 9c053bb7..1aef989a 100644
--- a/continew-admin-ui/src/router/guard/userLoginInfo.ts
+++ b/continew-admin-ui/src/router/guard/userLoginInfo.ts
@@ -9,7 +9,7 @@ export default function setupUserLoginInfoGuard(router: Router) {
     NProgress.start();
     const loginStore = useLoginStore();
     if (isLogin()) {
-      if (loginStore.role) {
+      if (loginStore.roles[0]) {
         next();
       } else {
         try {
diff --git a/continew-admin-ui/src/router/routes/modules/arco-design/exception.ts b/continew-admin-ui/src/router/routes/modules/arco-design/exception.ts
index 4e6eec4c..5bfdebef 100644
--- a/continew-admin-ui/src/router/routes/modules/arco-design/exception.ts
+++ b/continew-admin-ui/src/router/routes/modules/arco-design/exception.ts
@@ -19,7 +19,7 @@ const EXCEPTION: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.exception.403',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
     {
diff --git a/continew-admin-ui/src/router/routes/modules/arco-design/form.ts b/continew-admin-ui/src/router/routes/modules/arco-design/form.ts
index 6de5f05e..000f3420 100644
--- a/continew-admin-ui/src/router/routes/modules/arco-design/form.ts
+++ b/continew-admin-ui/src/router/routes/modules/arco-design/form.ts
@@ -19,7 +19,7 @@ const FORM: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.form.step',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
     {
@@ -29,7 +29,7 @@ const FORM: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.form.group',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
   ],
diff --git a/continew-admin-ui/src/router/routes/modules/arco-design/profile.ts b/continew-admin-ui/src/router/routes/modules/arco-design/profile.ts
index 567f1850..11d06a68 100644
--- a/continew-admin-ui/src/router/routes/modules/arco-design/profile.ts
+++ b/continew-admin-ui/src/router/routes/modules/arco-design/profile.ts
@@ -19,7 +19,7 @@ const PROFILE: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.profile.basic',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
   ],
diff --git a/continew-admin-ui/src/router/routes/modules/arco-design/result.ts b/continew-admin-ui/src/router/routes/modules/arco-design/result.ts
index 238911b0..067fef54 100644
--- a/continew-admin-ui/src/router/routes/modules/arco-design/result.ts
+++ b/continew-admin-ui/src/router/routes/modules/arco-design/result.ts
@@ -19,7 +19,7 @@ const RESULT: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.result.success',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
     {
@@ -29,7 +29,7 @@ const RESULT: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.result.error',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
   ],
diff --git a/continew-admin-ui/src/router/routes/modules/arco-design/visualization.ts b/continew-admin-ui/src/router/routes/modules/arco-design/visualization.ts
index 53f3f6a3..f8b0e96f 100644
--- a/continew-admin-ui/src/router/routes/modules/arco-design/visualization.ts
+++ b/continew-admin-ui/src/router/routes/modules/arco-design/visualization.ts
@@ -19,7 +19,7 @@ const VISUALIZATION: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.visualization.dataAnalysis',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
     {
@@ -30,7 +30,7 @@ const VISUALIZATION: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.visualization.multiDimensionDataAnalysis',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
     {
@@ -40,7 +40,7 @@ const VISUALIZATION: AppRouteRecordRaw = {
       meta: {
         locale: 'menu.dashboard.monitor',
         requiresAuth: true,
-        roles: ['admin'],
+        roles: ['*'],
       },
     },
   ],
diff --git a/continew-admin-ui/src/store/modules/login/index.ts b/continew-admin-ui/src/store/modules/login/index.ts
index 5bf4c2f5..7a9c6870 100644
--- a/continew-admin-ui/src/store/modules/login/index.ts
+++ b/continew-admin-ui/src/store/modules/login/index.ts
@@ -25,14 +25,8 @@ const useLoginStore = defineStore('user', {
     registrationDate: undefined,
     deptId: 0,
     deptName: '',
-
-    job: 'backend',
-    jobName: '后端艺术家',
-    location: 'beijing',
-    locationName: '北京',
-    introduction: '低调星人',
-    personalWebsite: 'https://blog.charles7c.top',
-    role: '',
+    permissions: [],
+    roles: [],
   }),
 
   getters: {
@@ -87,14 +81,6 @@ const useLoginStore = defineStore('user', {
     resetInfo() {
       this.$reset();
     },
-
-    // 切换角色
-    switchRoles() {
-      return new Promise((resolve) => {
-        this.role = this.role === 'user' ? 'admin' : 'user';
-        resolve(this.role);
-      });
-    },
   },
 });
 
diff --git a/continew-admin-ui/src/store/modules/login/types.ts b/continew-admin-ui/src/store/modules/login/types.ts
index 1e3e3d63..d08e5d84 100644
--- a/continew-admin-ui/src/store/modules/login/types.ts
+++ b/continew-admin-ui/src/store/modules/login/types.ts
@@ -1,4 +1,3 @@
-export type RoleType = '' | '*' | 'admin' | 'user';
 export interface UserState {
   userId: number;
   username: string;
@@ -12,12 +11,6 @@ export interface UserState {
   registrationDate?: string;
   deptId?: number;
   deptName?: string;
-
-  job?: string;
-  jobName?: string;
-  location?: string;
-  locationName?: string;
-  introduction?: string;
-  personalWebsite?: string;
-  role: RoleType;
+  permissions: Array<string>;
+  roles: Array<string>;
 }
diff --git a/continew-admin-ui/src/utils/permission.ts b/continew-admin-ui/src/utils/permission.ts
new file mode 100644
index 00000000..e938503f
--- /dev/null
+++ b/continew-admin-ui/src/utils/permission.ts
@@ -0,0 +1,32 @@
+import { useLoginStore } from '@/store';
+
+/**
+ * 权限判断
+ *
+ * @param value 权限码列表
+ * @return true 有权限，false 没有权限
+ */
+export default function checkPermission(value: Array<string>) {
+  const loginStore = useLoginStore();
+  const { permissions, roles } = loginStore;
+  const superAdmin = 'admin';
+  const allPermission = '*';
+
+  if (Array.isArray(value) && value.length > 0) {
+    const permissionValues = value;
+    // 校验权限码
+    const hasPermission = permissions.some((permission: string) => {
+      return (
+        allPermission === permission || permissionValues.includes(permission)
+      );
+    });
+    // 检验角色编码
+    const hasRole = roles.some((role: string) => {
+      return superAdmin === role || permissionValues.includes(role);
+    });
+    return hasPermission || hasRole;
+  }
+  throw new Error(
+    `need roles! Like v-permission="['admin','system:user:add']"`
+  );
+}
diff --git a/continew-admin-ui/src/views/monitor/log/system/index.vue b/continew-admin-ui/src/views/monitor/log/system/index.vue
index 212f22e3..0196acd4 100644
--- a/continew-admin-ui/src/views/monitor/log/system/index.vue
+++ b/continew-admin-ui/src/views/monitor/log/system/index.vue
@@ -74,10 +74,10 @@
           <a-table-column title="创建时间" data-index="createTime" />
           <a-table-column title="操作" align="center">
             <template #cell="{ record }">
-              <a-button v-permission="['admin']" type="text" size="small" title="查看详情" @click="toDetail(record.logId)">
+              <a-button type="text" size="small" title="查看详情" @click="toDetail(record.logId)">
                 <template #icon><icon-eye /></template>详情
               </a-button>
-              <a-button v-if="record.exceptionDetail" v-permission="['admin']" type="text" size="small" title="查看异常详情" @click="toExceptionDetail(record)">
+              <a-button v-if="record.exceptionDetail" type="text" size="small" title="查看异常详情" @click="toExceptionDetail(record)">
                 <template #icon><icon-bug /></template>异常
               </a-button>
             </template>
diff --git a/continew-admin-ui/src/views/monitor/online/index.vue b/continew-admin-ui/src/views/monitor/online/index.vue
index 81a69dfb..65c9e5d1 100644
--- a/continew-admin-ui/src/views/monitor/online/index.vue
+++ b/continew-admin-ui/src/views/monitor/online/index.vue
@@ -70,7 +70,7 @@
             <template #cell="{ record }">
               <a-popconfirm content="确定要强退该用户吗？" type="warning" @ok="handleKickout(record.token)">
                 <a-button
-                  v-permission="['admin']"
+                  v-permission="['monitor:online:user:delete']"
                   type="text"
                   size="small"
                   :disabled="currentToken === record.token"
diff --git a/continew-admin-ui/src/views/system/dept/index.vue b/continew-admin-ui/src/views/system/dept/index.vue
index e698f544..fe9a3ff5 100644
--- a/continew-admin-ui/src/views/system/dept/index.vue
+++ b/continew-admin-ui/src/views/system/dept/index.vue
@@ -42,10 +42,15 @@
           <a-row>
             <a-col :span="12">
               <a-space>
-                <a-button type="primary" @click="toAdd">
+                <a-button
+                  v-permission="['system:dept:add']"
+                  type="primary"
+                  @click="toAdd"
+                >
                   <template #icon><icon-plus /></template>新增
                 </a-button>
                 <a-button
+                  v-permission="['system:dept:update']"
                   type="primary"
                   status="success"
                   :disabled="single"
@@ -55,6 +60,7 @@
                   <template #icon><icon-edit /></template>修改
                 </a-button>
                 <a-button
+                  v-permission="['system:dept:delete']"
                   type="primary"
                   status="danger"
                   :disabled="multiple"
@@ -64,6 +70,7 @@
                   <template #icon><icon-delete /></template>删除
                 </a-button>
                 <a-button
+                  v-permission="['system:dept:export']"
                   :loading="exportLoading"
                   type="primary"
                   status="warning"
@@ -122,6 +129,7 @@
                 v-model="record.status"
                 :checked-value="1"
                 :unchecked-value="2"
+                :disabled="!checkPermission(['system:dept:update'])"
                 @change="handleChangeStatus(record)"
               />
             </template>
@@ -132,7 +140,7 @@
           <a-table-column title="操作" align="center">
             <template #cell="{ record }">
               <a-button
-                v-permission="['admin']"
+                v-permission="['system:dept:update']"
                 type="text"
                 size="small"
                 title="修改"
@@ -146,7 +154,7 @@
                 @ok="handleDelete([record.deptId])"
               >
                 <a-button
-                  v-permission="['admin']"
+                  v-permission="['system:dept:delete']"
                   type="text"
                   size="small"
                   title="删除"
@@ -293,6 +301,7 @@
     deleteDept,
   } from '@/api/system/dept';
   import { listDeptTree } from '@/api/common';
+  import checkPermission from '@/utils/permission';
 
   const { proxy } = getCurrentInstance() as any;
   const { DisEnableStatusEnum } = proxy.useDict('DisEnableStatusEnum');
diff --git a/continew-admin-ui/src/views/system/menu/index.vue b/continew-admin-ui/src/views/system/menu/index.vue
index ee5b3ada..738428ef 100644
--- a/continew-admin-ui/src/views/system/menu/index.vue
+++ b/continew-admin-ui/src/views/system/menu/index.vue
@@ -42,10 +42,15 @@
           <a-row>
             <a-col :span="12">
               <a-space>
-                <a-button type="primary" @click="toAdd">
+                <a-button
+                  v-permission="['system:menu:add']"
+                  type="primary"
+                  @click="toAdd"
+                >
                   <template #icon><icon-plus /></template>新增
                 </a-button>
                 <a-button
+                  v-permission="['system:menu:update']"
                   type="primary"
                   status="success"
                   :disabled="single"
@@ -55,6 +60,7 @@
                   <template #icon><icon-edit /></template>修改
                 </a-button>
                 <a-button
+                  v-permission="['system:menu:delete']"
                   type="primary"
                   status="danger"
                   :disabled="multiple"
@@ -64,6 +70,7 @@
                   <template #icon><icon-delete /></template>删除
                 </a-button>
                 <a-button
+                  v-permission="['system:menu:export']"
                   :loading="exportLoading"
                   type="primary"
                   status="warning"
@@ -122,6 +129,7 @@
                 v-model="record.status"
                 :checked-value="1"
                 :unchecked-value="2"
+                :disabled="!checkPermission(['system:menu:update'])"
                 @change="handleChangeStatus(record)"
               />
             </template>
@@ -148,7 +156,7 @@
           <a-table-column title="操作" align="center">
             <template #cell="{ record }">
               <a-button
-                v-permission="['admin']"
+                v-permission="['system:menu:update']"
                 type="text"
                 size="small"
                 title="修改"
@@ -162,7 +170,7 @@
                 @ok="handleDelete([record.menuId])"
               >
                 <a-button
-                  v-permission="['admin']"
+                  v-permission="['system:menu:delete']"
                   type="text"
                   size="small"
                   title="删除"
@@ -346,6 +354,7 @@
     deleteMenu,
   } from '@/api/system/menu';
   import { listMenuTree } from '@/api/common';
+  import checkPermission from '@/utils/permission';
 
   const { proxy } = getCurrentInstance() as any;
   const { DisEnableStatusEnum } = proxy.useDict('DisEnableStatusEnum');
diff --git a/continew-admin-ui/src/views/system/role/index.vue b/continew-admin-ui/src/views/system/role/index.vue
index 78f35a75..b6177076 100644
--- a/continew-admin-ui/src/views/system/role/index.vue
+++ b/continew-admin-ui/src/views/system/role/index.vue
@@ -42,10 +42,15 @@
           <a-row>
             <a-col :span="12">
               <a-space>
-                <a-button type="primary" @click="toAdd">
+                <a-button
+                  v-permission="['system:role:add']"
+                  type="primary"
+                  @click="toAdd"
+                >
                   <template #icon><icon-plus /></template>新增
                 </a-button>
                 <a-button
+                  v-permission="['system:role:update']"
                   type="primary"
                   status="success"
                   :disabled="single"
@@ -55,6 +60,7 @@
                   <template #icon><icon-edit /></template>修改
                 </a-button>
                 <a-button
+                  v-permission="['system:role:delete']"
                   type="primary"
                   status="danger"
                   :disabled="multiple"
@@ -64,6 +70,7 @@
                   <template #icon><icon-delete /></template>删除
                 </a-button>
                 <a-button
+                  v-permission="['system:role:export']"
                   :loading="exportLoading"
                   type="primary"
                   status="warning"
@@ -137,7 +144,7 @@
                 v-model="record.status"
                 :checked-value="1"
                 :unchecked-value="2"
-                :disabled="record.disabled"
+                :disabled="record.disabled || !checkPermission(['system:role:update'])"
                 @change="handleChangeStatus(record)"
               />
             </template>
@@ -148,7 +155,7 @@
           <a-table-column title="操作" align="center">
             <template #cell="{ record }">
               <a-button
-                v-permission="['admin']"
+                v-permission="['system:role:update']"
                 type="text"
                 size="small"
                 title="修改"
@@ -163,7 +170,7 @@
                 @ok="handleDelete([record.roleId])"
               >
                 <a-button
-                  v-permission="['admin']"
+                  v-permission="['system:role:delete']"
                   type="text"
                   size="small"
                   title="删除"
@@ -389,9 +396,13 @@
     deleteRole,
   } from '@/api/system/role';
   import { listMenuTree, listDeptTree } from '@/api/common';
+  import checkPermission from '@/utils/permission';
 
   const { proxy } = getCurrentInstance() as any;
-  const { DataScopeEnum, DisEnableStatusEnum } = proxy.useDict('DataScopeEnum', 'DisEnableStatusEnum');
+  const { DataScopeEnum, DisEnableStatusEnum } = proxy.useDict(
+    'DataScopeEnum',
+    'DisEnableStatusEnum'
+  );
 
   const roleList = ref<RoleRecord[]>([]);
   const role = ref<RoleRecord>({
@@ -572,7 +583,9 @@
 
     // 获取半选中的菜单
     const halfCheckedNodes = proxy.$refs.menuRef.getHalfCheckedNodes();
-    const halfCheckedKeys = halfCheckedNodes.map((item: TreeNodeData) => item.key);
+    const halfCheckedKeys = halfCheckedNodes.map(
+      (item: TreeNodeData) => item.key
+    );
     // eslint-disable-next-line prefer-spread
     checkedKeys.unshift.apply(checkedKeys, halfCheckedKeys);
     return checkedKeys;
@@ -582,13 +595,18 @@
    * 获取所有选中的部门
    */
   const getDeptAllCheckedKeys = () => {
+    if (!proxy.$refs.deptRef) {
+      return [];
+    }
     // 获取目前被选中的部门
     const checkedNodes = proxy.$refs.deptRef.getCheckedNodes();
     const checkedKeys = checkedNodes.map((item: TreeNodeData) => item.key);
 
     // 获取半选中的部门
     const halfCheckedNodes = proxy.$refs.deptRef.getHalfCheckedNodes();
-    const halfCheckedKeys = halfCheckedNodes.map((item: TreeNodeData) => item.key);
+    const halfCheckedKeys = halfCheckedNodes.map(
+      (item: TreeNodeData) => item.key
+    );
     // eslint-disable-next-line prefer-spread
     checkedKeys.unshift.apply(checkedKeys, halfCheckedKeys);
     return checkedKeys;
diff --git a/continew-admin-ui/src/views/system/user/index.vue b/continew-admin-ui/src/views/system/user/index.vue
index b3e1928d..58a9dd4a 100644
--- a/continew-admin-ui/src/views/system/user/index.vue
+++ b/continew-admin-ui/src/views/system/user/index.vue
@@ -62,10 +62,15 @@
               <a-row>
                 <a-col :span="12">
                   <a-space>
-                    <a-button type="primary" @click="toAdd">
+                    <a-button
+                      v-permission="['system:user:add']"
+                      type="primary"
+                      @click="toAdd"
+                    >
                       <template #icon><icon-plus /></template>新增
                     </a-button>
                     <a-button
+                      v-permission="['system:user:update']"
                       type="primary"
                       status="success"
                       :disabled="single"
@@ -75,6 +80,7 @@
                       <template #icon><icon-edit /></template>修改
                     </a-button>
                     <a-button
+                      v-permission="['system:user:delete']"
                       type="primary"
                       status="danger"
                       :disabled="multiple"
@@ -84,6 +90,7 @@
                       <template #icon><icon-delete /></template>删除
                     </a-button>
                     <a-button
+                      v-permission="['system:user:export']"
                       :loading="exportLoading"
                       type="primary"
                       status="warning"
@@ -166,7 +173,7 @@
                     v-model="record.status"
                     :checked-value="1"
                     :unchecked-value="2"
-                    :disabled="record.disabled"
+                    :disabled="record.disabled || !checkPermission(['system:user:update'])"
                     @change="handleChangeStatus(record)"
                   />
                 </template>
@@ -186,7 +193,7 @@
               >
                 <template #cell="{ record }">
                   <a-button
-                    v-permission="['admin']"
+                    v-permission="['system:user:update']"
                     type="text"
                     size="small"
                     title="修改"
@@ -200,7 +207,7 @@
                     @ok="handleDelete([record.userId])"
                   >
                     <a-button
-                      v-permission="['admin']"
+                      v-permission="['system:user:delete']"
                       type="text"
                       size="small"
                       title="删除"
@@ -215,7 +222,7 @@
                     @ok="handleResetPassword(record.userId)"
                   >
                     <a-button
-                      v-permission="['admin']"
+                      v-permission="['system:user:password:reset']"
                       type="text"
                       size="small"
                       title="重置密码"
@@ -224,7 +231,7 @@
                     </a-button>
                   </a-popconfirm>
                   <a-button
-                    v-permission="['admin']"
+                    v-permission="['system:user:role:update']"
                     type="text"
                     size="small"
                     title="分配角色"
@@ -475,6 +482,7 @@
   import { listDeptTree, listRoleDict } from '@/api/common';
   import { LabelValueState } from '@/store/modules/dict/types';
   import getAvatar from '@/utils/avatar';
+  import checkPermission from '@/utils/permission';
 
   const { proxy } = getCurrentInstance() as any;
   const { DisEnableStatusEnum } = proxy.useDict('DisEnableStatusEnum');
diff --git a/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/monitor/OnlineUserController.java b/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/monitor/OnlineUserController.java
index 372e0de0..4f508fe4 100644
--- a/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/monitor/OnlineUserController.java
+++ b/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/monitor/OnlineUserController.java
@@ -29,6 +29,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import cn.dev33.satoken.dao.SaTokenDao;
 import cn.dev33.satoken.session.SaSession;
 import cn.dev33.satoken.stp.StpUtil;
@@ -59,6 +60,7 @@ import top.charles7c.cnadmin.monitor.model.vo.*;
 public class OnlineUserController {
 
     @Operation(summary = "分页查询列表")
+    @SaCheckPermission("monitor:online:user:list")
     @GetMapping
     public R<PageDataVO<OnlineUserVO>> page(@Validated OnlineUserQuery query, @Validated PageQuery pageQuery) {
         List<LoginUser> loginUserList = new ArrayList<>();
@@ -113,6 +115,7 @@ public class OnlineUserController {
     }
 
     @Operation(summary = "强退在线用户")
+    @SaCheckPermission("monitor:online:user:delete")
     @DeleteMapping("/{token}")
     public R kickout(@PathVariable String token) {
         String currentToken = StpUtil.getTokenValue();
diff --git a/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/system/UserController.java b/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/system/UserController.java
index a659e884..1cb693a8 100644
--- a/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/system/UserController.java
+++ b/continew-admin-webapi/src/main/java/top/charles7c/cnadmin/webapi/controller/system/UserController.java
@@ -25,6 +25,8 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
+import cn.dev33.satoken.annotation.SaCheckPermission;
+
 import top.charles7c.cnadmin.common.annotation.CrudRequestMapping;
 import top.charles7c.cnadmin.common.base.BaseController;
 import top.charles7c.cnadmin.common.base.BaseRequest;
@@ -50,12 +52,14 @@ import top.charles7c.cnadmin.system.service.UserService;
 public class UserController extends BaseController<UserService, UserVO, UserDetailVO, UserQuery, UserRequest> {
 
     @Override
+    @SaCheckPermission("system:user:add")
     protected R<Long> add(@Validated(BaseRequest.Add.class) @RequestBody UserRequest request) {
         Long id = baseService.add(request);
         return R.ok(String.format("新增成功，请牢记默认密码：%s", Constants.DEFAULT_PASSWORD), id);
     }
 
     @Operation(summary = "重置密码", description = "重置用户登录密码为默认密码")
+    @SaCheckPermission("system:user:password:reset")
     @PatchMapping("/{userId}/password")
     public R resetPassword(@PathVariable Long userId) {
         baseService.resetPassword(userId);
@@ -63,6 +67,7 @@ public class UserController extends BaseController<UserService, UserVO, UserDeta
     }
 
     @Operation(summary = "分配角色", description = "为用户新增或移除角色")
+    @SaCheckPermission("system:user:role:update")
     @PatchMapping("/{userId}/role")
     public R updateUserRole(@PathVariable Long userId, @Validated @RequestBody UpdateUserRoleRequest request) {
         baseService.updateUserRole(request, userId);
diff --git a/continew-admin-webapi/src/main/resources/db/changelog/v0.0.1/continew-admin_data.sql b/continew-admin-webapi/src/main/resources/db/changelog/v0.0.1/continew-admin_data.sql
index e8590d81..590808bf 100644
--- a/continew-admin-webapi/src/main/resources/db/changelog/v0.0.1/continew-admin_data.sql
+++ b/continew-admin-webapi/src/main/resources/db/changelog/v0.0.1/continew-admin_data.sql
@@ -59,16 +59,6 @@ INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1011);
 INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1012);
 INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1013);
 INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1014);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1030);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1031);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1032);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1033);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1034);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1050);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1051);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1052);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1053);
-INSERT IGNORE INTO `sys_role_menu` VALUES (2, 1054);
 
 -- 初始化默认角色和部门关联数据
 INSERT IGNORE INTO `sys_role_dept` VALUES (2, 5);