diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/SaasPositionEnum.java b/tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/SaasPositionEnum.java
new file mode 100644
index 00000000..332dc68a
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/SaasPositionEnum.java
@@ -0,0 +1,37 @@
+package cn.axzo.tyr.client.common.enums;
+
+import cn.hutool.core.util.ArrayUtil;
+import com.baomidou.mybatisplus.annotation.EnumValue;
+import com.fasterxml.jackson.annotation.JsonValue;
+import lombok.Getter;
+
+/**
+ * position code
+ * @author tanjie@axzo.cn
+ * @date 2022/7/4 10:51
+ */
+public enum SaasPositionEnum {
+    PLAT_TEAM_OWNER("plat_teamowner", "平台级班组长"),
+    PLAT_ACTING_MONITOR("plat_actingmonitor", "班组管理员"),
+    PLAT_GROUP_LEADER("plat_groupleader", "平台级小组长"),
+    WORKSPACE_TEAM_OWNER("workspace_teamowner", "工作台级班组长"),
+    WORKSPACE_ACTING_MONITOR("workspace_actingmonitor", "工作台级代班长"),
+    WORKSPACE_GROUP_LEADER("workspace_groupleader", "工作台级小组长"),;
+
+    @Getter
+    @EnumValue
+    @JsonValue
+    private final String code;
+
+
+    private final String desc;
+
+    SaasPositionEnum(String value, String desc) {
+        this.code = value;
+        this.desc = desc;
+    }
+
+    public static SaasPositionEnum getValueByCode(String code) {
+        return ArrayUtil.firstMatch((o) -> o.getCode().equals(code), values());
+    }
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java
index 1dbb217f..23e2db8e 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java
@@ -4,6 +4,7 @@ import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
 import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
 import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -50,4 +51,15 @@ public interface SaasRoleGroupApi {
     @PostMapping("/api/saasRoleGroup/delete")
     ApiResult<Void> delete(@RequestParam @NotEmpty List<Long> ids);
 
+    /**
+     *
+     *  通过categoryCode查询分组
+     * @param categoryCode   #{@link  cn.axzo.tyr.client.common.enums.SaasPositionEnum}
+     *
+     * @return
+     */
+    @GetMapping("/api/saasRoleGroup/listByCategoryCode")
+    ApiResult<List<SaasRoleGroupVO>> listByCategoryCode(@RequestParam("categoryCode") String categoryCode);
+
+
 }
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
index ef848ced..7eb8f087 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
@@ -6,9 +6,11 @@ import cn.axzo.tyr.client.model.req.IdentityAuthReq;
 import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
+import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
 import cn.axzo.tyr.client.model.req.PermissionCacheReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
+import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
 import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -90,4 +92,15 @@ public interface TyrSaasAuthApi {
     @PostMapping("/api/v2/auth/tempDisableAuthCache")
     ApiResult<Void> tempDisableAuthCache(@Valid @RequestBody PermissionCacheReq req);
 
+
+    /**
+     *
+     * 通过资源ID、资源类型、角色分类  查询权限
+     * @param listPermissionFromRoleGroupReq
+     * @return
+     */
+    @PostMapping("/api/v1/auth/listIdentityFromRoleGroupCategoryCode")
+    ApiResult<List<ListPermissionFromRoleGroupResp>> listAuthByResourceAndRoleGroup(@RequestBody @Valid ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq);
+
+
 }
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java
new file mode 100644
index 00000000..05bb5800
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java
@@ -0,0 +1,53 @@
+package cn.axzo.tyr.client.model.req;
+
+import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+/**
+ * 通过角色分组及分类查询人员的权限
+ * @author tanjie@axzo.cn
+ * @date 2024/1/5 14:26
+ */
+@Data
+public class ListPermissionFromRoleGroupReq {
+
+
+    private List<Long> identityIds;
+
+    private IdentityType identityType;
+
+    private List<Long> personIds;
+
+
+    /**
+     * 分组CODE（ 代班长、班组管理员、小组长）
+     * #{@link  SaasPositionEnum#getCode()}
+     */
+    @NotNull
+    private String categoryCode;
+
+    private List<WorkspaceOuPair> workspaceOuPairs;
+
+    @Data
+    @Builder
+    @AllArgsConstructor
+    @NoArgsConstructor
+    public static class WorkspaceOuPair {
+
+        private Long workspaceId;
+
+        private Long ouId;
+
+        private Long resourceId;
+
+        private Integer resourceType;
+    }
+}
+
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java
new file mode 100644
index 00000000..b7403395
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java
@@ -0,0 +1,63 @@
+package cn.axzo.tyr.client.model.res;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+/**
+ * 通过角色分组及分类查询人员的权限
+ *
+ * @author tanjie@axzo.cn
+ * @date 2024/1/5 14:26
+ */
+@Data
+public class ListPermissionFromRoleGroupResp {
+
+
+    private Long identityId;
+
+    private IdentityType identityType;
+
+    private Long personId;
+
+    private Long ouId;
+
+    private Long workspaceId;
+
+    /**
+     * 平台班组ID
+     */
+    private Long teamOuId;
+
+    /**
+     * 分类名称
+     */
+    private String roleGroupName;
+
+    /**
+     * 分类CODE
+     */
+    private String roleGroupCode;
+
+    /**
+     * 角色ID
+     */
+    private String roleId;
+
+    /**
+     * 角色名称
+     */
+    private String roleName;
+
+    /**
+     * 权限集ID
+     */
+    private Long permissionGroupId;
+
+
+}
+
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
index d309d788..449812c4 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
@@ -55,6 +55,13 @@ public class SaasRoleGroupVO {
 	 */
 	private Integer sort;
 
+	private String code;
+
+	/**
+	 * 分组CODE
+	 */
+	private String categoryCode;
+
 	private Date createAt;
 
 	private Date updateAt;
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
index 7a08d52c..fc41cac7 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
@@ -10,9 +10,11 @@ import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
+import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
 import cn.axzo.tyr.client.model.req.PermissionCacheReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
+import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
 import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 import cn.axzo.tyr.server.model.PermissionCacheKey;
 import cn.axzo.tyr.server.service.PermissionCacheService;
@@ -86,4 +88,10 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
                 .build());
         return ApiResult.ok();
     }
+
+
+    @Override
+    public ApiResult<List<ListPermissionFromRoleGroupResp>> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
+        return ApiResult.ok(tyrSaasAuthService.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq));
+    }
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java
index 85e3f061..2ae46e91 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java
@@ -50,4 +50,10 @@ public class SaasRoleGroupController implements SaasRoleGroupApi {
         saasRoleGroupService.delete(ids);
         return ApiResult.ok();
     }
+
+    @Override
+    public ApiResult<List<SaasRoleGroupVO>> listByCategoryCode(String categoryCode) {
+        return ApiResult.ok(saasRoleGroupService.listByCategoryCode(categoryCode));
+    }
+
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java
index a8f02b69..0fe928d9 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java
@@ -5,6 +5,7 @@ import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
 import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper;
+import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.apache.commons.collections.CollectionUtils;
@@ -50,5 +51,9 @@ public class SaasRoleGroupDao extends ServiceImpl<SaasRoleGroupMapper, SaasRoleG
             .update();
     }
 
+    public List<SaasRoleGroup> listByCategoryCode(String categoryCode) {
+    return lambdaQuery().eq(BaseEntity::getIsDelete, 0L)
+                .eq(StrUtil.isNotBlank(categoryCode), SaasRoleGroup::getCategoryCode, categoryCode).list();
+    }
 }
 
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java
index 8d5797f4..32d8da5e 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java
@@ -59,6 +59,17 @@ public class SaasRoleGroup extends BaseEntity<SaasRoleGroup> implements Serializ
 	@TableField("sort")
 	private Integer sort;
 
+	/**
+	 * 分组CODE
+	 */
+	private String code;
+
+	/**
+	 * 分类CODE, 用于代班长，小组长的权限分类。
+	 */
+	private String categoryCode;
+
+
 	/**
 	 * 获取主键值
 	 *
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/TyrSaasAuthMapper.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/TyrSaasAuthMapper.java
index 4ba55061..b3b500ee 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/TyrSaasAuthMapper.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/TyrSaasAuthMapper.java
@@ -1,5 +1,8 @@
 package cn.axzo.tyr.server.repository.mapper;
 
+import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
+import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
+import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
 import cn.axzo.tyr.server.repository.entity.ProductFeatureInfo;
 import cn.axzo.tyr.server.repository.entity.ProductFeatureQuery;
 import cn.axzo.tyr.server.repository.entity.RolePermission;
@@ -21,4 +24,5 @@ public interface TyrSaasAuthMapper {
 
     List<ProductFeatureInfo> listProductFeature(@Param("query") ProductFeatureQuery query);
 
+    List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(@Param("req") ListPermissionFromRoleGroupReq query);
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java
index f172314a..966e0919 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java
@@ -25,4 +25,11 @@ public interface SaasRoleGroupService {
 	Long saveOrUpdate(SaasRoleGroupVO req);
 
 	void delete(List<Long> ids);
+
+	/**
+	 *  分组CODE查询角色分组
+	 * @param categoryCode
+	 * @return
+	 */
+	List<SaasRoleGroupVO> listByCategoryCode(String categoryCode);
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
index 76d3cde4..8d912f66 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
@@ -7,8 +7,10 @@ import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
+import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
+import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
 import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 
 import java.util.List;
@@ -40,4 +42,6 @@ public interface TyrSaasAuthService {
      * @return
      */
     IdentityAuthRes findIdentityAuthMix(IdentityAuthReq identityAuthReq);
+
+    List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq);
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
index ae318df5..dbec9ca2 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
@@ -158,4 +158,9 @@ public class SaasRoleGroupServiceImpl implements SaasRoleGroupService {
         saasRoleGroup.setOuId(req.getOuId() != null ? req.getOuId() : -1L);
         return saasRoleGroup;
     }
+
+    @Override
+    public List<SaasRoleGroupVO> listByCategoryCode(String categoryCode) {
+        return BeanUtil.copyToList(saasRoleGroupDao.listByCategoryCode(categoryCode), SaasRoleGroupVO.class);
+    }
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index cbda61f4..227a0b75 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -17,6 +17,7 @@ import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
 import cn.axzo.tyr.client.model.req.*;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
+import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
 import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
@@ -790,6 +791,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         return permissions;
     }
 
+    @Override
+    public List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
+        return saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq);
+
+    }
 
     @Data
     public static class UserRoleInfoMap {
diff --git a/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml b/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
index ae6f05ec..8e1284f4 100644
--- a/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
+++ b/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
@@ -75,4 +75,73 @@
             #{item, jdbcType=VARCHAR}
         </foreach>
     </select>
+
+    <select id="listAuthByResourceAndRoleGroup" resultType="cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp">
+        SELECT
+            t5.identity_id identityId,
+            t5.identity_type identityType,
+            t5.natural_person_id personId,
+            t5.ou_id ouId,
+            t5.worksspace_id workspaceId,
+            t5.resource_id teamOuId,
+            t5.resource_type resourceType,
+            t1.categroy_name categoryName,
+            t1.name roleGroupName,
+            t1.code roleGroupCode,
+            t3.id roleId,
+            t3.name roleName;
+            t4.group_id  permissionGroupId;
+        FROM
+            saas_role_group t1
+                INNER JOIN saas_role_group_relation t2 ON t1.id = t2.saas_role_group_id
+                INNER JOIN saas_role t3 ON t2.role_id = t3.id
+                INNER JOIN saas_pgroup_role_relation T4 ON t3.id = t4.role_id
+                INNER JOIN saas_role_user_relation t5 ON t3.id = t5.role_id
+        WHERE
+            t1.category_code = #{req.categoryCode}
+
+         <if test="req.identityIds != null ">
+             <foreach collection="req.identityIds" item="identity" open=" and t5.identity_id IN ( " close=" ) " separator=" , ">
+                  #{identity}
+             </foreach>
+         </if>
+
+
+        <if test="req.personIds != null ">
+            <foreach collection="req.personIds" item="personId" open=" and t5.natural_person_id IN ( " close=" ) " separator=" , ">
+                #{personId}
+            </foreach>
+        </if>
+
+        <if test="req.identityType  != null ">
+            AND T5.identityType  =#{req.identityType}
+        </if>
+
+        <if test="req.workspaceOuPairs != null and req.workspaceOuPairs.size()>0">
+            AND
+            <foreach collection="req.workspaceOuPairs" index="index" item="ouIdAndWorkspaceId" open="(" close=")"
+                     separator=") or ( ">
+                1=1
+                <if test="ouIdAndWorkspaceId.workspaceId !=null">
+                    and t1.workspace_id = #{ouIdAndWorkspaceId.workspaceId}
+                </if>
+
+                <if test="ouIdAndWorkspaceId.ouId !=null">
+                    and t1.ou_id = #{ouIdAndWorkspaceId.ouId}
+                </if>
+
+
+                <if test="ouIdAndWorkspaceId.resourceId !=null">
+                    and t1.resource_id = #{ouIdAndWorkspaceId.resourceId}
+                </if>
+
+
+                <if test="ouIdAndWorkspaceId.resourceType !=null">
+                    and t1.resource_type = #{ouIdAndWorkspaceId.resourceType}
+                </if>
+            </foreach>
+        </if>
+
+
+    </select>
 </mapper>
\ No newline at end of file