diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasPermissionGroupReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasPermissionGroupReq.java
index 8735d0ae..893ef00f 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasPermissionGroupReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasPermissionGroupReq.java
@@ -35,6 +35,16 @@ public class QuerySaasPermissionGroupReq extends PageRequest {
 	 */
 	private Integer isCommon;
 
+	/**
+	 * 工作台id（过滤权限集作用范围）
+	 */
+	private List<Long> workspaceId;
+
+	/**
+	 * 单位id（过滤权限集作用范围）
+	 */
+	private List<Long> ouId;
+
 	/**
 	 * 创建者
 	 */
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasRoleReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasRoleReq.java
index 2527491b..94bc2937 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasRoleReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QuerySaasRoleReq.java
@@ -33,6 +33,16 @@ public class QuerySaasRoleReq {
 	 */
 	private List<String> ouTypeCode;
 
+	/**
+	 * 工作台id（过滤权限集作用范围）
+	 */
+	private List<Long> workspaceId;
+
+	/**
+	 * 单位id（过滤权限集作用范围）
+	 */
+	private List<Long> ouId;
+
 	/**
 	 * 分组id
 	 */
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasPermissionGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasPermissionGroupVO.java
index 97102097..bc7b72c4 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasPermissionGroupVO.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasPermissionGroupVO.java
@@ -55,6 +55,7 @@ public class SaasPermissionGroupVO {
 	 * 权限
 	 */
 	private List<PermissionPointTreeNode> feature;
+
 	/**
 	 * 权限范围
 	 */
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java
index 777362cc..a1a132d1 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java
@@ -4,6 +4,7 @@ import cn.axzo.basics.common.BeanMapper;
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.framework.domain.page.PageResp;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.tyr.client.model.enums.PermissionScopeType;
 import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
 import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq;
 import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO;
@@ -99,10 +100,28 @@ public class PermissionGroupImpl implements PermissionGroupService {
             // 查询featureCode
             feature = featureService.listNodesByIds(permissionList.stream().map(SaasPgroupPermissionRelation::getFeatureId).collect(Collectors.toList()));
         }
-        List<SaasPermissionGroupScope> saasPermissionGroupScopes = saasPermissionGroupScopeDao.lambdaQuery()
+        List<SaasPermissionGroupScope> saasPermissionGroupScopesSource = saasPermissionGroupScopeDao.lambdaQuery()
                 .in(SaasPermissionGroupScope::getPgroupId, groupIds)
                 .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
                 .list();
+        // 过滤权限集作用范围
+        List<SaasPermissionGroupScope> saasPermissionGroupScopes = saasPermissionGroupScopesSource.stream().filter(e -> {
+            // 过滤出选中的工作台
+            if (CollectionUtils.isNotEmpty(req.getWorkspaceId())
+                    && PermissionScopeType.WORKSPACE.getCode().equals(e.getScopeType())
+                    && req.getWorkspaceId().contains(e.getScopeId())) {
+                req.getWorkspaceId().contains(e.getScopeId());
+                return true;
+            }
+            // 过滤出选中的单位
+            if (CollectionUtils.isNotEmpty(req.getOuId())
+                    && PermissionScopeType.OU.getCode().equals(e.getScopeType())
+                    && req.getOuId().contains(e.getScopeId())) {
+                req.getWorkspaceId().contains(e.getScopeId());
+                return true;
+            }
+            return false;
+        }).collect(Collectors.toList());
         // 组装填充字段
         List<PermissionPointTreeNode> finalFeature = feature;
         return groupList.stream().map(group ->
@@ -110,7 +129,7 @@ public class PermissionGroupImpl implements PermissionGroupService {
                         .id(group.getId())
                         .name(group.getName())
                         .feature(finalFeature)
-                        .scopes(saasPermissionGroupScopes.stream().map(e -> BeanMapper.copyBean(e, SaasRolePermissionScopeVO.class)).collect(Collectors.toList()))
+                        .scopes(saasPermissionGroupScopes.stream().filter(e -> e.getPgroupId().equals(group.getId())).map(e -> BeanMapper.copyBean(e, SaasRolePermissionScopeVO.class)).collect(Collectors.toList()))
                         .createBy(group.getCreateBy())
                         .updateBy(group.getUpdateBy())
                         .type(group.getType())
@@ -167,10 +186,28 @@ public class PermissionGroupImpl implements PermissionGroupService {
             // 查询featureCode
             feature = featureService.listNodesByIds(permissionList.stream().map(SaasPgroupPermissionRelation::getFeatureId).collect(Collectors.toList()));
         }
-        List<SaasPermissionGroupScope> saasPermissionGroupScopes = saasPermissionGroupScopeDao.lambdaQuery()
+        List<SaasPermissionGroupScope> saasPermissionGroupScopesSource = saasPermissionGroupScopeDao.lambdaQuery()
                 .in(SaasPermissionGroupScope::getPgroupId, groupIds)
                 .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
                 .list();
+        // 过滤权限集作用范围
+        List<SaasPermissionGroupScope> saasPermissionGroupScopes = saasPermissionGroupScopesSource.stream().filter(e -> {
+            // 过滤出选中的工作台
+            if (CollectionUtils.isNotEmpty(req.getWorkspaceId())
+                    && PermissionScopeType.WORKSPACE.getCode().equals(e.getScopeType())
+                    && req.getWorkspaceId().contains(e.getScopeId())) {
+                req.getWorkspaceId().contains(e.getScopeId());
+                return true;
+            }
+            // 过滤出选中的单位
+            if (CollectionUtils.isNotEmpty(req.getOuId())
+                    && PermissionScopeType.OU.getCode().equals(e.getScopeType())
+                    && req.getOuId().contains(e.getScopeId())) {
+                req.getWorkspaceId().contains(e.getScopeId());
+                return true;
+            }
+            return false;
+        }).collect(Collectors.toList());
         // 组装填充字段
         List<PermissionPointTreeNode> finalFeature = feature;
         List<SaasPermissionGroupVO> pageList = groupList.stream().map(group ->
@@ -178,7 +215,7 @@ public class PermissionGroupImpl implements PermissionGroupService {
                         .id(group.getId())
                         .name(group.getName())
                         .feature(finalFeature)
-                        .scopes(saasPermissionGroupScopes.stream().map(e -> BeanMapper.copyBean(e, SaasRolePermissionScopeVO.class)).collect(Collectors.toList()))
+                        .scopes(saasPermissionGroupScopes.stream().filter(e -> e.getPgroupId().equals(group.getId())).map(e -> BeanMapper.copyBean(e, SaasRolePermissionScopeVO.class)).collect(Collectors.toList()))
                         .createBy(group.getCreateBy())
                         .updateBy(group.getUpdateBy())
                         .type(group.getType())
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
index 4450c7b9..5274ab9b 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
@@ -56,7 +56,7 @@ public class RoleServiceImpl implements RoleService {
 		if (CollectionUtils.isEmpty(roleIds)) {
 			return new ArrayList<>();
 		}
-		return getByIds(roleIds, null);
+		return getByIds(roleIds, null, null,null);
 	}
 
 	/**
@@ -64,7 +64,7 @@ public class RoleServiceImpl implements RoleService {
 	 *
 	 * @return
 	 */
-	public List<SaasRoleVO> getByIds(List<Long> roleIds, Integer isCommon) {
+	public List<SaasRoleVO> getByIds(List<Long> roleIds, Integer isCommon, List<Long> workspaceId, List<Long> ouId) {
 		if (CollectionUtils.isEmpty(roleIds)) {
 			return new ArrayList<>();
 		}
@@ -79,9 +79,12 @@ public class RoleServiceImpl implements RoleService {
 			// 转map<roleId,relation>
 			pgrouRelationMap = saasPgroupRoleRelations.stream().collect(Collectors.groupingBy(SaasPgroupRoleRelation::getRoleId));
 			// 查询权限集
-			pGroupMap = permissionGroupService.query(QuerySaasPermissionGroupReq.builder().isCommon(isCommon)
-					.ids(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList()))
-					.build())
+			pGroupMap = permissionGroupService.query(QuerySaasPermissionGroupReq.builder()
+							.isCommon(isCommon)
+							.ids(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList()))
+							.workspaceId(workspaceId)
+							.ouId(ouId)
+							.build())
 				// 转map<pgroupId>
 				.stream().collect(Collectors.groupingBy(SaasPermissionGroupVO::getId));
 		}
@@ -142,7 +145,7 @@ public class RoleServiceImpl implements RoleService {
 			.eq(StringUtils.isNotBlank(req.getRoleType()), SaasRole::getRoleType, req.getRoleType())
 			.orderByDesc(BaseEntity::getId)
 			.list();
-		return getByIds(list.stream().map(BaseEntity::getId).collect(Collectors.toList()), req.getIsCommon());
+		return getByIds(list.stream().map(BaseEntity::getId).collect(Collectors.toList()), req.getIsCommon(),req.getWorkspaceId(),req.getOuId());
 	}
 
 	@Override