diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index acd54547..58d7304a 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -344,6 +344,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         }
 
         Set<Long> realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getWorkspaceId).collect(Collectors.toSet());
+        Set<Long> realOuId = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getOuId).collect(Collectors.toSet());
         //工作台对应产品 key = workapceId
         CompletableFuture<Map<Long, List<ProductFeatureRelationVO>>> workspacePermissionPointFuture = CompletableFuture.supplyAsync(() -> {
             return productFeatureRelationService.getByWorkspace(realWorkspaceId);
@@ -357,6 +358,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         List<SaasRoleVO> existsRole = roleService.query(QuerySaasRoleReq.builder()
                 //角色ID
                 .ids(new ArrayList<>(userRoleMap.values()))
+                        .workspaceId(new ArrayList<>(realWorkspaceId))
+                        .ouId(new ArrayList<>(realOuId))
                 .includePermissionGroup(true)
                 .build());
         stopWatch.stop();
@@ -407,11 +410,15 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                             Set<Long> buttonPermissionPointId = productFeatureRelationVOS.stream().filter(productFeatureRelationVO ->
                                     Objects.equals(productFeatureRelationVO.getDictCode(), workspaceJoinType.getValue().toString())
                             ).map(ProductFeatureRelationVO::getFeatureId).collect(Collectors.toSet());
+                            if (CollectionUtil.isEmpty(buttonPermissionPointId)) {
+                                permissions.add(workspacePermission);
+                                return;
+                            }
 
                             //通过子级查询父级并打平树型结构
                             List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                     .ids(buttonPermissionPointId)
-                                    .terminalList(Collections.singletonList(identityAuthReq.getTerminal()))
+                                    .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
                                     .build());
 
                             workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
@@ -425,22 +432,27 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                             permissions.add(workspacePermission);
                             return;
                         }
-                        //非超管
-                        //获取免授权型
-                        List<PermissionPointTreeNode> noNeedPermissionPoint = permissionPointService.queryList(PermissionPointListQueryRequest.builder()
+                        // 非超管
+                        // 获取菜单详情信息
+                        List<PermissionPointTreeNode> productPermissionInfo = permissionPointService.queryList(PermissionPointListQueryRequest.builder()
                                 .ids(productFeatureRelationVOS.stream().map(ProductFeatureRelationVO::getFeatureId).distinct().collect(Collectors.toList()))
-                                .delegatedType(DelegatedType.NO_NEED.getCode())
                                 .build());
 
                         Set<Long> buttonPermissionPointIds = roleService.filterPermissionPoint(role, userRoleInfoMap);
 
+                        //获取免授权型
+                        Set<Long> noNeedPermissionPoint = productPermissionInfo.stream().filter(permission -> Objects.equals(permission.getDelegatedType(), DelegatedType.NO_NEED.getCode())).mapToLong(PermissionPointTreeNode::getPermissionPointId).boxed().collect(Collectors.toSet());
+                        buttonPermissionPointIds.addAll(noNeedPermissionPoint);
                         // 产品对应权限点（权限点的授权类型为免授权型）+角色对应权限点 与 产品对应权限点 取交集
-                        Collection<Long> resultHashAuthPointId = CollectionUtil.intersection(noNeedPermissionPoint.stream().mapToLong(PermissionPointTreeNode::getPermissionPointId).boxed().collect(Collectors.toSet()), buttonPermissionPointIds);
-
+                        Collection<Long> resultHashAuthPointId = CollectionUtil.intersection(buttonPermissionPointIds, productPermissionInfo.stream().mapToLong(PermissionPointTreeNode::getPermissionPointId).boxed().collect(Collectors.toList()));
+                        if (CollectionUtil.isEmpty(resultHashAuthPointId)) {
+                            permissions.add(workspacePermission);
+                            return;
+                        }
                         //通过子级查询父级并平铺菜单
                         List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                 .ids(new HashSet<>(resultHashAuthPointId))
-                                .terminalList(Collections.singletonList(identityAuthReq.getTerminal()))
+                                .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
                                 .build());
 
                         workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()