diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
index c5ab1f40..2e7130c5 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
@@ -13,6 +13,7 @@ import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 import cn.axzo.tyr.server.service.SaasRoleUserService;
 import cn.hutool.core.collection.CollectionUtil;
+import com.alibaba.nacos.common.utils.CollectionUtils;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
@@ -49,21 +50,23 @@ public class RoleUserService implements SaasRoleUserService {
 		}
 
 		List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.query(req.getIdentityId(), req.getIdentityType().getCode(), req.getWorkspaceId(), req.getOuId());
-		List<SaasRole> existsRole = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()));
-		List<SaasRole> notAdminRole = existsRole.stream().filter(e -> !RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole()).collect(Collectors.toList());
-
-		roleUserRelationDao.deleteByUser(BaseWorkspaceModel.builder()
-				.workspaceId(req.getWorkspaceId())
-				.ouId(req.getOuId())
-				.identityId(req.getIdentityId())
-				.identityType(req.getIdentityType())
-				.build()
+		if (CollectionUtils.isNotEmpty(existsRoleUser)) {
+			List<SaasRole> existsRole = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()));
+			List<SaasRole> notAdminRole = existsRole.stream().filter(e -> !RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole()).collect(Collectors.toList());
+			// 删除现有非管理员的角色
+			roleUserRelationDao.deleteByUser(BaseWorkspaceModel.builder()
+					.workspaceId(req.getWorkspaceId())
+					.ouId(req.getOuId())
+					.identityId(req.getIdentityId())
+					.identityType(req.getIdentityType())
+					.build()
 				, notAdminRole
-						.stream()
-						.mapToLong(BaseEntity::getId)
-						.boxed()
-						.collect(Collectors.toList()));
+					.stream()
+					.mapToLong(BaseEntity::getId)
+					.boxed()
+					.collect(Collectors.toList()));
 
+		}
 
 		roleUserRelationDao.saveBatch(req.getUpdateRoleIds().stream().map(e -> {
 			SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();