diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
index de8d23eb..05117cb0 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
@@ -2,7 +2,6 @@ package cn.axzo.tyr.client.model.req;
 
 import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
 import cn.axzo.foundation.dao.support.wrapper.Operator;
-import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@@ -60,4 +59,7 @@ public class ListSaasRoleGroupParam {
 
     @CriteriaField(ignore = true)
     private Set<String> paths;
+
+    @CriteriaField(field = "parentId", operator = Operator.IN)
+    private Set<Long> parentIds;
 }
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
index 87f1152e..ea41c58c 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
@@ -6,6 +6,7 @@ import lombok.Data;
 import lombok.NoArgsConstructor;
 
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
 import java.util.Date;
 import java.util.List;
 
@@ -25,7 +26,9 @@ public class SaasRoleGroupVO {
 
 	/**
 	 * 单位类型字典code
+	 * 这个历史定义成集合，但是只能给一个，且必填
 	 */
+	@NotEmpty(message = "ouTypeCode不能为空")
 	private List<String> ouTypeCode;
 
 	/**
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
index ed095252..fe5a35ca 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
@@ -11,7 +11,6 @@ import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.FeatureResourceType;
 import cn.axzo.tyr.client.common.enums.PageElementFeatureResourceRelationTypeEnum;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
-import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
 import cn.axzo.tyr.client.model.product.ProductSearchListReq;
 import cn.axzo.tyr.client.model.req.CommonDictQueryReq;
 import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq;
@@ -27,7 +26,6 @@ import cn.axzo.tyr.client.model.res.FeatureResourceDTO;
 import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode;
 import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
 import cn.axzo.tyr.client.model.res.SaasRoleRes;
-import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
 import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
 import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
 import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
@@ -51,7 +49,6 @@ import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleGroupDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
-import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
 import cn.axzo.tyr.server.repository.entity.SaasFeature;
 import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
 import cn.axzo.tyr.server.repository.entity.SaasPageElement;
@@ -62,7 +59,6 @@ import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
 import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
-import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 import cn.axzo.tyr.server.service.ProductFeatureRelationService;
 import cn.axzo.tyr.server.service.ProductPermissionCacheService;
 import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService;
@@ -72,7 +68,6 @@ import cn.axzo.tyr.server.service.RoleService;
 import cn.axzo.tyr.server.service.SaasCommonDictService;
 import cn.axzo.tyr.server.service.SaasFeatureResourceService;
 import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService;
-import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
 import cn.axzo.tyr.server.service.SaasRoleGroupService;
 import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.axzo.tyr.server.service.TyrSaasAuthService;
@@ -108,7 +103,6 @@ import java.io.IOException;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -190,10 +184,6 @@ public class PrivateController {
     private RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService;
     @Autowired
     private SendDingTalkHandler sendDingTalkHandler;
-    @Autowired
-    private SaasRoleGroupRelationService saasRoleGroupRelationService;
-    @Autowired
-    private SaasRoleUserRelationDao saasRoleUserRelationDao;
 
     /**
      * 统一层级的roleGroup按照id升序，sort从1递增
@@ -1408,148 +1398,6 @@ public class PrivateController {
         return "ok";
     }
 
-    @PostMapping("/api/private/superAdmin/create")
-    public Object createSuperAdmin(@RequestBody List<CreateSuperAdminParam> request) {
-
-        Date now = new Date();
-        request.forEach(e -> {
-            List<SaasRole> list = saasRoleDao.lambdaQuery()
-                    .eq(SaasRole::getRoleCode, e.getRoleCode())
-                    .list();
-            if (CollectionUtils.isNotEmpty(list)) {
-                return;
-            }
-
-            SaasRole superAdmin = new SaasRole();
-            superAdmin.setDescription(RoleTypeEnum.SUPER_ADMIN.getDesc());
-            superAdmin.setName(RoleTypeEnum.SUPER_ADMIN.getDesc());
-            superAdmin.setRoleCode(e.getRoleCode());
-            superAdmin.setWorkspaceId(-1L);
-            superAdmin.setWorkspaceType(e.getWorkspaceType());
-            superAdmin.setOwnerOuId(-1L);
-            superAdmin.setRoleType(RoleTypeEnum.SUPER_ADMIN.getValue());
-            superAdmin.setIsDelete(0L);
-            superAdmin.setCreateAt(now);
-            superAdmin.setUpdateAt(now);
-            superAdmin.setCreateBy(e.getCreateBy());
-            superAdmin.setUpdateBy(e.getCreateBy());
-            DictWorkSpaceTypeEnum dictWorkSpaceTypeEnum = DictWorkSpaceTypeEnum.getByValueWorkspaceType(e.getWorkspaceType());
-            superAdmin.setProductUnitType(dictWorkSpaceTypeEnum == null ? 0 : dictWorkSpaceTypeEnum.getSuperAdminProductType());
-
-            saasRoleDao.save(superAdmin);
-
-            if (e.getRoleGroupId() == null) {
-
-                SaasRoleGroupVO saasRoleGroupVO = SaasRoleGroupVO.builder()
-                        .workspaceTypeCode(e.getWorkspaceType().toString())
-                        .ouId(-1L)
-                        .workspaceId(-1L)
-                        .name("政务管理员")
-                        .ouTypeCode(Lists.newArrayList(dictWorkSpaceTypeEnum == null ? "0" : dictWorkSpaceTypeEnum.getSuperAdminProductType().toString()))
-                        .parentId(0L)
-                        .code("zw_superadmin_group")
-                        .build();
-                Long roleGroupId = saasRoleGroupService.saveOrUpdate(saasRoleGroupVO);
-
-                SaasRoleGroupRelation roleGroupRelation = new SaasRoleGroupRelation();
-                roleGroupRelation.setRoleId(superAdmin.getId());
-                roleGroupRelation.setSaasRoleGroupId(roleGroupId);
-                roleGroupRelation.setCreateAt(now);
-                roleGroupRelation.setUpdateAt(now);
-                saasRoleGroupRelationService.save(roleGroupRelation);
-            } else {
-                SaasRoleGroupRelation roleGroupRelation = new SaasRoleGroupRelation();
-                roleGroupRelation.setRoleId(superAdmin.getId());
-                roleGroupRelation.setSaasRoleGroupId(e.getRoleGroupId());
-                roleGroupRelation.setCreateAt(now);
-                roleGroupRelation.setUpdateAt(now);
-                saasRoleGroupRelationService.save(roleGroupRelation);
-            }
-        });
-
-        return "ok";
-    }
-
-    @PostMapping("/api/private/userSuperAdminRole/refresh")
-    public Object refreshUserSuperAdminRole() {
-        ListRoleReq listRoleReq = ListRoleReq.builder()
-                .roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
-                .build();
-
-        List<SaasRoleRes> allSuperAdminRoles = roleService.list(listRoleReq);
-
-        if (CollectionUtils.isEmpty(allSuperAdminRoles)) {
-            return "ok";
-        }
-
-        Map<Integer, SaasRoleRes> initSuperAdminRoles = allSuperAdminRoles.stream()
-                .filter(e -> e.getWorkspaceId() == -1L)
-                .collect(Collectors.toMap(SaasRoleRes::getWorkspaceType, Function.identity()));
-        if (initSuperAdminRoles.isEmpty()) {
-            return "ok";
-        }
-
-        List<SaasRoleRes> oldSuperAdminRoles = allSuperAdminRoles.stream()
-                .filter(e -> e.getWorkspaceId() != -1L)
-                .collect(Collectors.toList());
-
-        if (CollectionUtils.isEmpty(oldSuperAdminRoles)) {
-            return "ok";
-        }
-
-        Map<Long, Integer> oldSuperAdminRoleWorkspaceTypeMap = oldSuperAdminRoles.stream()
-                .collect(Collectors.toMap(SaasRoleRes::getId, SaasRoleRes::getWorkspaceType));
-
-        ListRoleUserRelationParam listRoleUserRelationParam = ListRoleUserRelationParam.builder()
-                .roleIds(oldSuperAdminRoles.stream()
-                        .map(SaasRoleRes::getId)
-                        .collect(Collectors.toList()))
-                .build();
-        List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(listRoleUserRelationParam);
-
-        List<SaasRoleUserRelation> update = saasRoleUsers.stream()
-                .map(e -> {
-                    SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
-                    saasRoleUserRelation.setId(e.getId());
-
-                    Integer workspaceType = oldSuperAdminRoleWorkspaceTypeMap.get(e.getRoleId());
-                    if (Objects.isNull(workspaceType)) {
-                        return null;
-                    }
-
-                    SaasRoleRes superAdmin = initSuperAdminRoles.get(workspaceType);
-                    if (Objects.isNull(superAdmin)) {
-                        return null;
-                    }
-
-                    saasRoleUserRelation.setRoleId(superAdmin.getId());
-                    return saasRoleUserRelation;
-                })
-                .filter(Objects::nonNull)
-                .collect(Collectors.toList());
-
-        if (CollectionUtils.isEmpty(update)) {
-            return "ok";
-        }
-        saasRoleUserRelationDao.updateBatchById(update);
-        return "ok";
-    }
-
-
-    @Data
-    @Builder
-    @NoArgsConstructor
-    @AllArgsConstructor
-    public static class CreateSuperAdminParam {
-        private String roleCode;
-
-        private Integer workspaceType;
-
-        private Long createBy;
-
-        private Long roleGroupId;
-    }
-
     @Data
     @Builder
     @NoArgsConstructor
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateRoleController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateRoleController.java
new file mode 100644
index 00000000..c9dd09af
--- /dev/null
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateRoleController.java
@@ -0,0 +1,537 @@
+package cn.axzo.tyr.server.controller;
+
+import cn.axzo.basics.common.exception.ServiceException;
+import cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum;
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
+import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
+import cn.axzo.tyr.client.model.enums.PermissionType;
+import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum;
+import cn.axzo.tyr.client.model.req.ListRoleReq;
+import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
+import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
+import cn.axzo.tyr.client.model.res.SaasRoleRes;
+import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
+import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
+import cn.axzo.tyr.client.model.vo.DeleteRoleVO;
+import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
+import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
+import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
+import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
+import cn.axzo.tyr.server.repository.entity.SaasRole;
+import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
+import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
+import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
+import cn.axzo.tyr.server.service.RoleService;
+import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
+import cn.axzo.tyr.server.service.SaasRoleGroupService;
+import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
+import cn.hutool.core.lang.Pair;
+import com.alibaba.excel.EasyExcel;
+import com.alibaba.excel.annotation.ExcelProperty;
+import com.alibaba.excel.context.AnalysisContext;
+import com.alibaba.excel.enums.CellExtraTypeEnum;
+import com.alibaba.excel.event.AnalysisEventListener;
+import com.alibaba.excel.metadata.CellExtra;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections.CollectionUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestPart;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
+
+import javax.validation.constraints.NotEmpty;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+public class PrivateRoleController {
+
+
+    @Autowired
+    private SaasRoleGroupRelationService saasRoleGroupRelationService;
+    @Autowired
+    private SaasRoleUserRelationDao saasRoleUserRelationDao;
+    @Autowired
+    private SaasRoleDao saasRoleDao;
+    @Autowired
+    private SaasRoleGroupService saasRoleGroupService;
+    @Autowired
+    private RoleService roleService;
+    @Autowired
+    private SaasRoleUserRelationService saasRoleUserRelationService;
+
+
+    @PostMapping("/api/private/superAdmin/create")
+    public Object createSuperAdmin(@RequestBody List<CreateSuperAdminParam> request) {
+
+        Date now = new Date();
+        request.forEach(e -> {
+            List<SaasRole> list = saasRoleDao.lambdaQuery()
+                    .eq(SaasRole::getRoleCode, e.getRoleCode())
+                    .list();
+            if (CollectionUtils.isNotEmpty(list)) {
+                return;
+            }
+
+            SaasRole superAdmin = new SaasRole();
+            superAdmin.setDescription(RoleTypeEnum.SUPER_ADMIN.getDesc());
+            superAdmin.setName(RoleTypeEnum.SUPER_ADMIN.getDesc());
+            superAdmin.setRoleCode(e.getRoleCode());
+            superAdmin.setWorkspaceId(-1L);
+            superAdmin.setWorkspaceType(e.getWorkspaceType());
+            superAdmin.setOwnerOuId(-1L);
+            superAdmin.setRoleType(RoleTypeEnum.SUPER_ADMIN.getValue());
+            superAdmin.setIsDelete(0L);
+            superAdmin.setCreateAt(now);
+            superAdmin.setUpdateAt(now);
+            superAdmin.setCreateBy(e.getCreateBy());
+            superAdmin.setUpdateBy(e.getCreateBy());
+            DictWorkSpaceTypeEnum dictWorkSpaceTypeEnum = DictWorkSpaceTypeEnum.getByValueWorkspaceType(e.getWorkspaceType());
+            superAdmin.setProductUnitType(dictWorkSpaceTypeEnum == null ? 0 : dictWorkSpaceTypeEnum.getSuperAdminProductType());
+
+            saasRoleDao.save(superAdmin);
+
+            if (e.getRoleGroupId() == null) {
+
+                SaasRoleGroup saasRoleGroup = saasRoleGroupService.lambdaQuery()
+                        .eq(SaasRoleGroup::getCode, e.getRoleGroupCode())
+                        .one();
+                Long roleGroupId;
+                if (saasRoleGroup == null) {
+                    SaasRoleGroupVO saasRoleGroupVO = SaasRoleGroupVO.builder()
+                            .workspaceTypeCode(e.getWorkspaceType().toString())
+                            .ouId(-1L)
+                            .workspaceId(-1L)
+                            .name(e.getRoleGroupName())
+                            .ouTypeCode(Lists.newArrayList(dictWorkSpaceTypeEnum == null ? "0" : dictWorkSpaceTypeEnum.getSuperAdminProductType().toString()))
+                            .parentId(0L)
+                            .code(e.getRoleGroupCode())
+                            .build();
+                    roleGroupId = saasRoleGroupService.saveOrUpdate(saasRoleGroupVO);
+                } else {
+                    roleGroupId = saasRoleGroup.getId();
+                }
+
+                SaasRoleGroupRelation roleGroupRelation = new SaasRoleGroupRelation();
+                roleGroupRelation.setRoleId(superAdmin.getId());
+                roleGroupRelation.setSaasRoleGroupId(roleGroupId);
+                roleGroupRelation.setCreateAt(now);
+                roleGroupRelation.setUpdateAt(now);
+                saasRoleGroupRelationService.save(roleGroupRelation);
+            } else {
+                SaasRoleGroupRelation roleGroupRelation = new SaasRoleGroupRelation();
+                roleGroupRelation.setRoleId(superAdmin.getId());
+                roleGroupRelation.setSaasRoleGroupId(e.getRoleGroupId());
+                roleGroupRelation.setCreateAt(now);
+                roleGroupRelation.setUpdateAt(now);
+                saasRoleGroupRelationService.save(roleGroupRelation);
+            }
+        });
+
+        return "ok";
+    }
+
+    @PostMapping("/api/private/userSuperAdminRole/refresh")
+    public Object refreshUserSuperAdminRole() {
+        ListRoleReq listRoleReq = ListRoleReq.builder()
+                .roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
+                .build();
+
+        List<SaasRoleRes> allSuperAdminRoles = roleService.list(listRoleReq);
+
+        if (CollectionUtils.isEmpty(allSuperAdminRoles)) {
+            return "ok";
+        }
+
+        Map<Integer, SaasRoleRes> initSuperAdminRoles = allSuperAdminRoles.stream()
+                .filter(e -> e.getWorkspaceId() == -1L)
+                .collect(Collectors.toMap(SaasRoleRes::getWorkspaceType, Function.identity()));
+        if (initSuperAdminRoles.isEmpty()) {
+            return "ok";
+        }
+
+        List<SaasRoleRes> oldSuperAdminRoles = allSuperAdminRoles.stream()
+                .filter(e -> e.getWorkspaceId() != -1L)
+                .collect(Collectors.toList());
+
+        if (CollectionUtils.isEmpty(oldSuperAdminRoles)) {
+            return "ok";
+        }
+
+        Map<Long, Integer> oldSuperAdminRoleWorkspaceTypeMap = oldSuperAdminRoles.stream()
+                .collect(Collectors.toMap(SaasRoleRes::getId, SaasRoleRes::getWorkspaceType));
+
+        ListRoleUserRelationParam listRoleUserRelationParam = ListRoleUserRelationParam.builder()
+                .roleIds(oldSuperAdminRoles.stream()
+                        .map(SaasRoleRes::getId)
+                        .collect(Collectors.toList()))
+                .build();
+        List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(listRoleUserRelationParam);
+
+        List<SaasRoleUserRelation> update = saasRoleUsers.stream()
+                .map(e -> {
+                    SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
+                    saasRoleUserRelation.setId(e.getId());
+
+                    Integer workspaceType = oldSuperAdminRoleWorkspaceTypeMap.get(e.getRoleId());
+                    if (Objects.isNull(workspaceType)) {
+                        return null;
+                    }
+
+                    SaasRoleRes superAdmin = initSuperAdminRoles.get(workspaceType);
+                    if (Objects.isNull(superAdmin)) {
+                        return null;
+                    }
+
+                    saasRoleUserRelation.setRoleId(superAdmin.getId());
+                    return saasRoleUserRelation;
+                })
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
+
+        if (CollectionUtils.isEmpty(update)) {
+            return "ok";
+        }
+        saasRoleUserRelationDao.updateBatchById(update);
+        return "ok";
+    }
+
+    private static final Map<String, Pair<SaasCooperateShipCooperateTypeEnum, WorkspaceTypeCodeEnum>> COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP = Maps.newHashMap();
+
+    static {
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("总包", Pair.of(SaasCooperateShipCooperateTypeEnum.PROJ_PRIMARY_CONTRACTING_UNIT, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("专业分包", Pair.of(SaasCooperateShipCooperateTypeEnum.PROJ_PROFESSIONAL_SUBCONTRACTING, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("劳务分包", Pair.of(SaasCooperateShipCooperateTypeEnum.PROJ_LABOR_SUBCONTRACTING, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("建设单位", Pair.of(SaasCooperateShipCooperateTypeEnum.PROJ_CONSTRUCTION_UNIT, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("监理单位", Pair.of(SaasCooperateShipCooperateTypeEnum.PROJ_SUPERVISION_UNIT, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("其他", Pair.of(SaasCooperateShipCooperateTypeEnum.OTHER, WorkspaceTypeCodeEnum.GENERAL_PROJECT));
+        COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.put("企业通用", Pair.of(SaasCooperateShipCooperateTypeEnum.ENT_COMMON, WorkspaceTypeCodeEnum.GENERAL_ENT));
+
+
+    }
+
+    @PostMapping("/api/private/roleGroupAndRole/init")
+    public Object initRoleGroup(@RequestPart("file") MultipartFile file) throws IOException {
+
+        AdminPermissionImportTableAnalysisEventListener listener = new AdminPermissionImportTableAnalysisEventListener();
+
+        List<ImportExcel> projects = EasyExcel.read(file.getInputStream(), ImportExcel.class, listener)
+                .extraRead(CellExtraTypeEnum.MERGE)
+                .sheet(0)
+                .doReadSync();
+
+        initRoleGroup(projects);
+
+        initRole(projects);
+        return "ok";
+    }
+
+    private SaasRoleGroupVO from(ImportExcel roleGroup,
+                                 Map<String, SaasRoleGroupDTO> parentRoleGroups) {
+        Pair<SaasCooperateShipCooperateTypeEnum, WorkspaceTypeCodeEnum> pair = COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.get(roleGroup.getProductType());
+
+        if (Objects.isNull(pair)) {
+            throw new ServiceException("单位类型错误,{}" + roleGroup.getProductType());
+        }
+
+        SaasRoleGroupDTO parentRoleGroup = parentRoleGroups.get(pair.getKey().getCode().toString());
+
+        if (Objects.isNull(parentRoleGroup)) {
+            throw new ServiceException("单位类型没有父节点分组,{}" + roleGroup.getProductType());
+        }
+
+        return SaasRoleGroupVO.builder()
+                .workspaceTypeCode(pair.getValue().getCode())
+                .ouId(-1L)
+                .workspaceId(-1L)
+                .name(roleGroup.getRoleGroupName())
+                .ouTypeCode(Lists.newArrayList(pair.getKey().getCode().toString()))
+                .parentId(parentRoleGroup.getId())
+                .code(roleGroup.getRoleGroupCode().replace(Character.toString((char) 65279), ""))
+                .build();
+    }
+
+    private void initRoleGroup(List<ImportExcel> projects) {
+
+        ListSaasRoleGroupParam listSaasRoleGroupParam = ListSaasRoleGroupParam.builder()
+                .parentIds(Sets.newHashSet(0L))
+                .workspaceTypeCodes(Sets.newHashSet(Integer.valueOf(WorkspaceTypeCodeEnum.GENERAL_PROJECT.getCode()),
+                        Integer.valueOf(WorkspaceTypeCodeEnum.GENERAL_ENT.getCode())))
+                .ouTypeCodes(COOPERATE_SHIP_COOPERATE_TYPE_ENUM_MAP.values().stream()
+                        .map(Pair::getKey)
+                        .map(SaasCooperateShipCooperateTypeEnum::getCode)
+                        .map(String::valueOf)
+                        .collect(Collectors.toSet()))
+                .build();
+        Map<String, SaasRoleGroupDTO> parentRoleGroups = saasRoleGroupService.list(listSaasRoleGroupParam).stream()
+                .collect(Collectors.toMap(SaasRoleGroupDTO::getOuTypeCode, Function.identity()));
+        // 先初始化角色分组
+        List<SaasRoleGroupVO> saasRoleGroups = projects.stream()
+                .map(roleGroup -> from(roleGroup, parentRoleGroups))
+                .distinct()
+                .collect(Collectors.toList());
+
+        createRoleGroup(saasRoleGroups);
+    }
+
+    private void createRoleGroup(List<SaasRoleGroupVO> saasRoleGroups) {
+
+        Set<String> oldCodes = saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
+                        .roleGroupCodes(saasRoleGroups.stream().map(SaasRoleGroupVO::getCode).collect(Collectors.toSet()))
+                        .build())
+                .stream()
+                .map(SaasRoleGroupDTO::getCode)
+                .collect(Collectors.toSet());
+
+        saasRoleGroups.forEach(e -> {
+            if (!oldCodes.contains(e.getCode())) {
+                saasRoleGroupService.saveOrUpdate(e);
+            }
+        });
+    }
+
+    private void initRole(List<ImportExcel> projects) {
+
+        Set<String> roleGroupCodes = projects.stream()
+                .map(ImportExcel::getRoleGroupCode)
+                .collect(Collectors.toSet());
+        Map<String, SaasRoleGroupDTO> roleGroups = saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
+                        .roleGroupCodes(roleGroupCodes)
+                        .build())
+                .stream()
+                .collect(Collectors.toMap(SaasRoleGroupDTO::getCode, Function.identity()));
+
+        List<SaveOrUpdateRoleVO> saveOrUpdateRoleVOS = projects.stream()
+                .map(e -> {
+                    SaveOrUpdateRoleVO saveOrUpdateRoleVO = new SaveOrUpdateRoleVO();
+                    saveOrUpdateRoleVO.setName(e.getRoleName());
+                    saveOrUpdateRoleVO.setRoleType(RoleTypeEnum.INIT.getValue());
+                    saveOrUpdateRoleVO.setWorkspaceId(-1L);
+                    saveOrUpdateRoleVO.setOwnerOuId(-1L);
+                    saveOrUpdateRoleVO.setOperatorId(154587L);
+                    saveOrUpdateRoleVO.setOperatorName("王今");
+                    saveOrUpdateRoleVO.setPermissionGroupName("通用权限");
+                    saveOrUpdateRoleVO.setPermissionGroupType(PermissionType.FEATURE.getCode());
+                    saveOrUpdateRoleVO.setRoleCode(e.getRoleCode());
+                    saveOrUpdateRoleVO.setIsDisplay(true);
+                    saveOrUpdateRoleVO.setEnabled(true);
+                    List<SaveOrUpdateRoleVO.GroupInfoVO> group = Lists.newArrayList();
+
+                    SaasRoleGroupDTO saasRoleGroupDTO = roleGroups.get(e.getRoleGroupCode().replace(Character.toString((char) 65279), ""));
+
+                    SaveOrUpdateRoleVO.GroupInfoVO groupInfoVO = new SaveOrUpdateRoleVO.GroupInfoVO();
+                    groupInfoVO.setId(saasRoleGroupDTO.getId());
+                    groupInfoVO.setWorkspaceTypeCode(saasRoleGroupDTO.getWorkspaceTypeCode());
+                    group.add(groupInfoVO);
+                    saveOrUpdateRoleVO.setGroupTree(group);
+                    return saveOrUpdateRoleVO;
+                })
+                .collect(Collectors.toList());
+
+        Set<String> oldCods = roleService.list(ListRoleReq.builder()
+                        .roleCodes(projects.stream().map(ImportExcel::getRoleCode).collect(Collectors.toSet()))
+                        .build())
+                .stream()
+                .map(SaasRoleRes::getRoleCode)
+                .collect(Collectors.toSet());
+        saveOrUpdateRoleVOS.forEach(e -> {
+
+            if (!oldCods.contains(e.getRoleCode())) {
+                roleService.saveOrUpdate(e);
+            }
+        });
+    }
+
+    @Slf4j
+    public static class AdminPermissionImportTableAnalysisEventListener extends AnalysisEventListener<ImportExcel> {
+
+
+        public AdminPermissionImportTableAnalysisEventListener() {
+        }
+
+        private List<ImportExcel> list = new ArrayList<>();
+
+        private List<CellExtra> cellExtraList = new ArrayList<>();
+
+        @Override
+        public void invoke(ImportExcel excelData, AnalysisContext analysisContext) {
+            log.info(" data -> {}", excelData);
+            list.add(excelData);
+        }
+
+        @Override
+        public void extra(CellExtra extra, AnalysisContext context) {
+            log.info(" extra -> {}", extra);
+            CellExtraTypeEnum type = extra.getType();
+            switch (type) {
+                case MERGE: {
+                    if (extra.getRowIndex() >= HEAD_ROW_NUM) {
+                        cellExtraList.add(extra);
+                    }
+                    break;
+                }
+                default:{
+                }
+            }
+        }
+
+        @Override
+        public void doAfterAllAnalysed(AnalysisContext analysisContext) {
+            log.info(" doAfterAllAnalysed");
+
+            //读取完成 填充合并过的单元格
+            if (cellExtraList != null && cellExtraList.size() > 0) {
+                mergeExcelData(list, cellExtraList, HEAD_ROW_NUM);
+            }
+        }
+
+        public List<ImportExcel> getList() {
+            return list;
+        }
+
+        public List<CellExtra> getCellExtraList() {
+            return cellExtraList;
+        }
+
+
+
+        private static final int HEAD_ROW_NUM = 1;
+
+        private void mergeExcelData(List<ImportExcel> excelDataList, List<CellExtra> cellExtraList, int headRowNum) {
+            cellExtraList.forEach(cellExtra -> {
+                int firstRowIndex = cellExtra.getFirstRowIndex() - headRowNum;
+                int lastRowIndex = cellExtra.getLastRowIndex() - headRowNum;
+                int firstColumnIndex = cellExtra.getFirstColumnIndex();
+                int lastColumnIndex = cellExtra.getLastColumnIndex();
+                //获取初始值 合并单元格左上角的值
+                Object initValue = getInitValueFromList(firstRowIndex, firstColumnIndex, excelDataList);
+                //设置值 把合并单元格左上角的值 设置到合并区域的每一个单元格
+                for (int i = firstRowIndex; i <= lastRowIndex; i++) {
+                    for (int j = firstColumnIndex; j <= lastColumnIndex; j++) {
+                        setInitValueToList(initValue, i, j, excelDataList);
+                    }
+                }
+            });
+        }
+
+        private void setInitValueToList(Object filedValue, Integer rowIndex, Integer columnIndex, List<ImportExcel> data) {
+            ImportExcel object = data.get(rowIndex);
+
+            for (Field field : object.getClass().getDeclaredFields()) {
+                field.setAccessible(true);
+                ExcelProperty annotation = field.getAnnotation(ExcelProperty.class);
+                if (annotation != null) {
+                    if (annotation.index() == columnIndex) {
+                        try {
+                            field.set(object, filedValue);
+                            break;
+                        } catch (IllegalAccessException e) {
+                            log.error("设置合并单元格的值异常：{}", e.getMessage());
+                        }
+                    }
+                }
+            }
+        }
+
+        private Object getInitValueFromList(Integer firstRowIndex, Integer firstColumnIndex, List<ImportExcel> data) {
+            Object filedValue = null;
+            ImportExcel object = data.get(firstRowIndex);
+            for (Field field : object.getClass().getDeclaredFields()) {
+                field.setAccessible(true);
+                ExcelProperty annotation = field.getAnnotation(ExcelProperty.class);
+                if (annotation != null) {
+                    if (annotation.index() == firstColumnIndex) {
+                        try {
+                            filedValue = field.get(object);
+                            break;
+                        } catch (IllegalAccessException e) {
+                            log.error("设置合并单元格的初始值异常：{}", e.getMessage());
+                        }
+                    }
+                }
+            }
+            return filedValue;
+        }
+    }
+
+    @PostMapping("/api/private/role/delete")
+    public Object deleteRole(@RequestBody @Validated DeleteRoleParam request) {
+
+        DeleteRoleVO deleteRoleParam = DeleteRoleVO.builder()
+                .roleIds(Lists.newArrayList(request.getRoleIds()))
+                .build();
+        roleService.deleteRole(deleteRoleParam);
+        return "ok";
+    }
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class DeleteRoleParam {
+
+        @NotEmpty(message = "roleIds不能为空")
+        private Set<Long> roleIds;
+    }
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class ImportExcel {
+        @ExcelProperty(value = "单位类型",index = 0)
+        private String productType;
+
+        @ExcelProperty(value = "角色分组",index = 1)
+        private String roleGroupName;
+
+        @ExcelProperty(value = "分组编码",index = 2)
+        private String roleGroupCode;
+
+        @ExcelProperty(value = "角色名字",index = 3)
+        private String roleName;
+
+        @ExcelProperty(value = "角色编码",index = 4)
+        private String roleCode;
+    }
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class CreateSuperAdminParam {
+        private String roleCode;
+
+        private Integer workspaceType;
+
+        private Long createBy;
+
+        private Long roleGroupId;
+
+        private String roleGroupCode;
+
+        private String roleGroupName;
+    }
+
+}
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
index 5e91fdd0..c8d32cd2 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
@@ -147,6 +147,17 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
     public Long saveOrUpdate(SaasRoleGroupVO req) {
         SaasRoleGroup saasRoleGroup = validAndBuildGroup(req);
         saasRoleGroupDao.saveOrUpdate(saasRoleGroup);
+
+        SaasRoleGroup update = SaasRoleGroup.builder().build();
+        update.setId(saasRoleGroup.getId());
+        if (Objects.equals(saasRoleGroup.getParentId(), 0L)) {
+            update.setPath(saasRoleGroup.getId().toString() + ",");
+        } else {
+            SaasRoleGroup parent = saasRoleGroupDao.getById(saasRoleGroup.getParentId());
+            update.setPath(Objects.isNull(parent) ? saasRoleGroup.getId().toString() + "," : parent.getPath() + saasRoleGroup.getId() + ",");
+        }
+
+        saasRoleGroupDao.updateById(update);
         try {
             saveOperateLogForInsertOrUpdate(req, saasRoleGroup);
         } catch (Exception e) {
@@ -256,12 +267,14 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
         List<SaasRoleGroup> groups = saasRoleGroupDao.lambdaQuery()
                 .eq(SaasRoleGroup::getWorkspaceId,req.getWorkspaceId())
                 .eq(SaasRoleGroup::getOuId,req.getOuId())
+                .eq(SaasRoleGroup::getOuTypeCode, req.getOuTypeCode().stream().findFirst().get())
                 .eq(SaasRoleGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
         if (CollectionUtils.isNotEmpty(groups)) {
             Optional<SaasRoleGroup> repeatGroupName = groups.stream()
                     .filter(g -> !Objects.equals(g.getId(), req.getId()) && StringUtils.equalsIgnoreCase(g.getName(), req.getName())).findFirst();
             if (repeatGroupName.isPresent()) {
-                throw new ServiceException("同一个企业单位、工作台或自定义角色分组,名称不能重复！");
+                log.info("同一个组织范围内,名称不能重复！,{}", req.getName());
+                throw new ServiceException("同一个组织范围内,名称不能重复！");
             }
         }
         // 拼接ouTypeCode字符串
@@ -280,11 +293,6 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
         saasRoleGroup.setCode(req.getCode());
         // 新增的时候，没有指定sort，sort放在同层级的最后
         assembleSort(saasRoleGroup);
-
-        if (!Objects.equals(saasRoleGroup.getParentId(), 0L)) {
-            SaasRoleGroup parent = saasRoleGroupDao.getById(saasRoleGroup.getParentId());
-            saasRoleGroup.setPath(Objects.isNull(parent) ? saasRoleGroup.getId().toString() + "," : parent.getPath() + saasRoleGroup.getId() + ",");
-        }
         return saasRoleGroup;
     }