diff --git a/integration-test/src/test/resources/role-user.http b/integration-test/src/test/resources/role-user.http
index 3d1e2906..aa43bfaf 100644
--- a/integration-test/src/test/resources/role-user.http
+++ b/integration-test/src/test/resources/role-user.http
@@ -21,4 +21,16 @@ Content-Type: application/json
 > reponse-check.js
 
 
+###
+POST {{host}}/api/saas-role-user/delete-user-role-of-workspace
+Accept: application/json
+Content-Type: application/json
+
+{
+
+}
+
+> reponse-check.js
+
+
 
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApplyApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApplyApi.java
index d3f3906c..24cd5278 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApplyApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApplyApi.java
@@ -30,9 +30,6 @@ public interface PermissionPointApplyApi {
     @PostMapping(value = "/api/v1/permissionPoint/apply/submit")
     ApiResult<Long> submitApply(@RequestBody@Valid SubmitPermissionPointApplyVO apply);
 
-    @PostMapping(value = "/api/v1/permissionPoint/apply/update-detail")
-    ApiResult<Void> updateDetail(@RequestBody@Valid UpdatePermissionPointApplyVO updateDetail);
-
     @PostMapping(value = "/api/v1/permissionPoint/apply/bind")
     ApiResult<Void> bindWorkflowInstantce(@RequestBody@Valid BindWorkflowInstantceVO bind);
 
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java
index 77cfd610..603db227 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java
@@ -21,6 +21,8 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.validation.constraints.NotNull;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * 产品相关 API
@@ -102,4 +104,12 @@ public interface ProductApi {
      */
     @PostMapping("api/auth/product/feature/relation/update")
     ApiResult<Boolean> updateFeatureRelation(@Validated @RequestBody List<ProductFeatureRelationUpdateReq> req);
+
+    /**
+     * 查询指定工作台关联的服务包下的产品权限点
+     *
+     * @param workspaceIds
+     * @return
+     */
+    ApiResult<Map<Long, List<ProductFeatureRelationVO>>> queryProductFeatureRelationByWorkspace(Set<Long> workspaceIds);
 }
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
index 8ce58b65..548fd6ec 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
@@ -1,18 +1,16 @@
 package cn.axzo.tyr.client.feign;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
+import cn.axzo.tyr.client.model.roleuser.dto.CreateAdminRoleDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
-import cn.azxo.framework.common.model.CommonResponse;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
 import java.util.List;
 
 /**
@@ -41,15 +39,42 @@ public interface TyrSaasRoleUserApi {
      * @param param
      * @return
      */
-    @PostMapping("api/saas-role-user/delete")
+    @PostMapping("/api/saas-role-user/delete")
     ApiResult<Boolean> deleteUserAllRoles(@RequestBody @Valid List<DeleteRoleUserParam> param);
 
     /**
-     * 新的 移除某个人在某个工作台的所有角色(除超管)
+     * 删除某个用户非超管角色(新)
      *
      * @param param
      * @return
      */
-    @PostMapping("api/saas-role-user/delete-user-role")
+    @PostMapping("/api/saas-role-user/delete-user-role")
     ApiResult<Boolean> deleteUserRoles(@RequestBody @Valid DeleteUserRoleParam param);
+
+    /**
+     *
+     * @param param
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/create-agency-admin-role")
+    ApiResult<CreateAdminRoleDTO> createAgencyAdminRole(@RequestBody @Valid CreateAgencyAdminRoleParam param);
+
+    @PostMapping("/api/saas-role-user/create-super-admin-role")
+    ApiResult<Void> createSuperAdminRole(@RequestBody @Valid @NotEmpty CreateSuperAdminRoleParam param);
+
+    /**
+     * 移除超管角色
+     * @param params
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/delete-admin-role")
+    ApiResult<Boolean> deleteAdminRole(@RequestBody @Valid @NotEmpty List<DeleteAdminRoleParam> params);
+
+    /**
+     * 批量查询超管, 只能批量获取单个工作台台下的超管，业务系统需要根据返回的identityId和identityType查询identityProfile查询用户明细信息
+     * @param param
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/super-admin-list")
+    ApiResult<List<SuperAdminInfoDTO>> superAdminList(@RequestBody @Valid SuperAdminParam param);
 }
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductSearchPageReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductSearchPageReq.java
index 2451a09b..6f16df0d 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductSearchPageReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductSearchPageReq.java
@@ -2,11 +2,8 @@ package cn.axzo.tyr.client.model.product;
 
 
 import cn.axzo.core.domain.PageRequest;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import lombok.NoArgsConstructor;
 import lombok.experimental.Accessors;
 
 /**
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
index b68e4f8f..dff78ac7 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
@@ -50,7 +50,7 @@ public class IdentityAuthReq {
     /**
      * {@link TerminalInfo#NT()}
      */
-    private String terminal;
+    private List<String> terminal;
     @Builder.Default
     private Set<Long> featureId = new HashSet<>();
     @Builder.Default
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/CreateAdminRoleDTO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/CreateAdminRoleDTO.java
new file mode 100644
index 00000000..2771e424
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/CreateAdminRoleDTO.java
@@ -0,0 +1,47 @@
+package cn.axzo.tyr.client.model.roleuser.dto;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/5/11 11:20
+ * @description :
+ */
+@Data
+public class CreateAdminRoleDTO {
+
+	/**
+	 * 身份Id
+	 */
+	private Long identityId;
+
+	/**
+	 * 身份类型
+	 */
+	private IdentityType identityType;
+
+	/**
+	 * 账户Id
+	 *
+	 * @deprecated 此字段业务中不要使用，全部用身份id来处理业务
+	 */
+	@Deprecated
+	private Long accountId;
+
+	/**
+	 * 手机号
+	 */
+	private String phone;
+
+	/**
+	 * 真实姓名
+	 */
+	private String realName;
+
+	/**
+	 * 自然人Id
+	 */
+	private Long naturalPersonId;
+
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SuperAdminInfoDTO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SuperAdminInfoDTO.java
new file mode 100644
index 00000000..88a81e17
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SuperAdminInfoDTO.java
@@ -0,0 +1,29 @@
+package cn.axzo.tyr.client.model.roleuser.dto;
+
+import lombok.Data;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/6/17 16:20
+ * @description : 超管信息
+ */
+@Data
+public class SuperAdminInfoDTO {
+
+  /**
+   * 身份ID
+   */
+  private Long identityId;
+  
+  private Integer identityType;
+  /**
+   * 工作台Id
+   */
+  private Long workspaceId;
+
+  /**
+   * 单位Id
+   */
+  private Long ouId;
+
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java
new file mode 100644
index 00000000..476d6559
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java
@@ -0,0 +1,65 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import java.util.List;
+
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Builder
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class CreateAgencyAdminRoleParam {
+
+	/**
+	 * 工作台id，与context校验
+	 */
+	@NotNull(message = "工作台Id不能为空")
+	private Long workspaceId;
+
+	/**
+	 * 单位id : 必填
+	 */
+	@NotNull(message = "单位Id不能为空")
+	private Long ouId;
+
+	/**
+	 * 单位类型
+	 */
+	@NotNull(message = "单位类型不能为空")
+	@Min(value = 1)
+	private Integer organizationalUnitType;
+
+	/**
+	 * 被赋予角色的人的身份类型
+	 */
+	@NotNull(message = "身份类型不能为空")
+	private IdentityType identityType;
+
+	/**
+	 * 手机号
+	 */
+	@NotBlank(message = "手机号不能为空")
+	private String phoneNo;
+
+	/**
+	 * 用户名
+	 */
+	@NotBlank(message = "用户名不能为空")
+	private String userName;
+
+	/**
+	 * 之前的所有RoleId都被更新
+	 */
+	@NotEmpty(message = "角色列表不能为空")
+	private List<Long> updateRoleIds;
+
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateSuperAdminRoleParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateSuperAdminRoleParam.java
new file mode 100644
index 00000000..37714d17
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateSuperAdminRoleParam.java
@@ -0,0 +1,62 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+
+@Data
+public class CreateSuperAdminRoleParam {
+
+	/**
+	 * 工作台id，与context校验
+	 */
+	@NotNull(message = "workspaceId不能为空")
+	private Long workspaceId;
+
+	/**
+	 * 单位id
+	 */
+	@NotNull(message = "ouId不能为空")
+	private Long ouId;
+
+	/**
+	 * 适用单位类型 1:总包 2:建设单位 4:监理单位 8:劳务分包 16:专业分包 0都可以用 只会挂在最末级
+	 * <p>
+	 * 业务层，这个字段不要直接用。有变种的getter、setter，或者直接用解释工具。
+	 */
+	private Long fitOuTypeBit;
+
+	/**
+	 *
+	 * 适用节点类型 1:部门 2:班组 4:小组 只会挂在最末级
+	 *
+	 * 业务层，这个字段不要直接用
+	 */
+	private Long fitOuNodeTypeBit;
+
+	/**
+	 * 角色Id，必填
+	 * 只能传SUPER_ADMIN，ADMIN
+	 */
+	private RoleTypeEnum roleType;
+
+	/**
+	 * 身份id
+	 */
+	@NotNull(message = "identityId不能为空")
+	private Long identityId;
+
+	/**
+	 * 身份类型
+	 */
+	@NotNull(message = "identityType不能为空")
+	private IdentityType identityType;
+
+	@NotNull(message = "workspaceType不能为空")
+	private Integer workspaceType;
+
+	private Long naturalPersonId;
+
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteAdminRoleParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteAdminRoleParam.java
new file mode 100644
index 00000000..a29c29dd
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteAdminRoleParam.java
@@ -0,0 +1,26 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+@Data
+public class DeleteAdminRoleParam {
+
+    /**
+     * 工作台id，与context校验
+     */
+    private Long workspaceId;
+    /**
+     * 单位id : 非必填
+     */
+    private Long ouId;
+    /**
+     * 被赋予角色的人的身份id
+     */
+    private Long identityId;
+
+    /**
+     * 身份类型，必填
+     */
+    private IdentityType identityType;
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteUserRolesOfWorkspaceParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteUserRolesOfWorkspaceParam.java
new file mode 100644
index 00000000..2ef239e6
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteUserRolesOfWorkspaceParam.java
@@ -0,0 +1,30 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotNull;
+
+/**
+ * @author haiyangjin
+ * @date 2023/10/17
+ */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class DeleteUserRolesOfWorkspaceParam {
+    /**
+     * 工作台id
+     */
+    @NotNull(message = "工作台ID不能为空")
+    private Long workspaceId;
+
+    /**
+     * 单位id
+     */
+    @NotNull(message = "单位ID不能为空")
+    private Long ouId;
+}
diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/SuperAdminParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/SuperAdminParam.java
new file mode 100644
index 00000000..11a0213f
--- /dev/null
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/SuperAdminParam.java
@@ -0,0 +1,35 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import java.util.List;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/6/17 16:28
+ * @description : 查询超管信息
+ */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class SuperAdminParam {
+
+  /**
+   * 工作台Id
+   */
+  @NotNull(message = "工作台Id不能为空")
+  private Long workspaceId;
+
+  /**
+   * 单位Id
+   */
+  @NotEmpty(message = "单位Id不能为空")
+  private List<Long> ouIds;
+}
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointApplyController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointApplyController.java
index 6e6b8956..94e780ff 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointApplyController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointApplyController.java
@@ -35,11 +35,6 @@ public class PermissionPointApplyController implements PermissionPointApplyApi {
         return ApiResult.ok(saasFeatureApplyService.saveApply(apply));
     }
 
-    @Override
-    public ApiResult<Void> updateDetail(UpdatePermissionPointApplyVO updateDetail) {
-        return null;
-    }
-
     @Override
     public ApiResult<Void> bindWorkflowInstantce(BindWorkflowInstantceVO bind) {
         saasFeatureApplyService.bindWorkflowInstantce(bind);
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java
index c3ae5fb8..0dda138e 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java
@@ -20,6 +20,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * 产品相关 API 实现
@@ -124,4 +126,10 @@ public class ProductController implements ProductApi {
         }
         return productFeatureRelationService.updateFeatureRelation(req);
     }
+
+
+    @Override
+    public ApiResult<Map<Long, List<ProductFeatureRelationVO>>> queryProductFeatureRelationByWorkspace(Set<Long> workspaceIds) {
+        return ApiResult.ok(productFeatureRelationService.getByWorkspace(workspaceIds));
+    }
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java
index 3c3bb6da..cb781a2a 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java
@@ -2,11 +2,10 @@ package cn.axzo.tyr.server.controller.roleuser;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.feign.TyrSaasRoleUserApi;
+import cn.axzo.tyr.client.model.roleuser.dto.CreateAdminRoleDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.axzo.tyr.server.service.SaasRoleUserService;
 import lombok.RequiredArgsConstructor;
@@ -45,7 +44,7 @@ public class RoleUserController implements TyrSaasRoleUserApi {
     }
 
     /**
-     * 新的 移除某个人在某个工作台的所有角色(除超管)
+     * 删除用户非超管角色
      *
      * @param param
      * @return
@@ -55,4 +54,31 @@ public class RoleUserController implements TyrSaasRoleUserApi {
         return ApiResult.ok(saasRoleUserService.deleteUserRoles(param));
     }
 
+    @Override
+    public ApiResult<CreateAdminRoleDTO> createAgencyAdminRole(CreateAgencyAdminRoleParam param) {
+        // todo cn.axzo.basics.auth.api.SaasRoleApi#grantAgencyAdminRole
+        return ApiResult.ok(new CreateAdminRoleDTO());
+    }
+
+    @Override
+    public ApiResult<Void> createSuperAdminRole(CreateSuperAdminRoleParam param) {
+        saasRoleUserService.createSuperAdminRole(param);
+        return ApiResult.ok();
+    }
+
+    @Override
+    public ApiResult<Boolean> deleteAdminRole(List<DeleteAdminRoleParam> params) {
+        // todo cn.axzo.basics.auth.api.SaasRoleApi#ungrantAdminRole
+        return ApiResult.ok(true);
+    }
+
+    /**
+     * cn.axzo.basics.auth.api.SaasRoleApi#batchFindSuperAdmin
+     * @param param
+     * @return
+     */
+    @Override
+    public ApiResult<List<SuperAdminInfoDTO>> superAdminList(SuperAdminParam param) {
+        return ApiResult.ok(saasRoleUserService.superAdminList(param));
+    }
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java
index 4a445d8c..d615b1e4 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java
@@ -2,10 +2,13 @@ package cn.axzo.tyr.server.repository.dao;
 
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleMapper;
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.collection.CollectionUtil;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.stereotype.Repository;
@@ -53,5 +56,30 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
 		}
 		return this.getBaseMapper().listRoleUserByPermissionGroup(permissionGroupIdList, workspaceIds);
 	}
+
+	public SaasRole findRoleByTypeAndWorkspaceIdAndOuId(String roleType, Long workspaceId,
+														Long ouId) {
+		List<SaasRole> list = this.lambdaQuery()
+				.eq(SaasRole::getRoleType, roleType)
+				.eq(SaasRole::getWorkspaceId, workspaceId)
+				.eq(SaasRole::getOwnerOuId, ouId)
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+				.list();
+		if(CollUtil.isEmpty(list)){
+			return null;
+		}
+        return list.get(0);
+	}
+
+	public List<SaasRole> listCommonRoleByNameAndWorkspaceIdAndOuId(String name, Long workspaceId,
+																	Long ouId) {
+		return lambdaQuery().eq(SaasRole::getName, name)
+				.eq(SaasRole::getWorkspaceId, workspaceId)
+				.eq(SaasRole::getOwnerOuId, ouId)
+				.eq(SaasRole::getRoleType, RoleTypeEnum.COMMON.getValue())
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+				.select(SaasRole::getId)
+				.list();
+	}
 }
 
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
index 300a0a9d..12bc37f0 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
@@ -1,10 +1,8 @@
 package cn.axzo.tyr.server.service;
 
 import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 
 import java.util.List;
@@ -44,7 +42,6 @@ public interface SaasRoleUserService {
      */
     boolean deleteUserRoles(DeleteUserRoleParam param);
 
-
     /**
      * <pre>
      *  查询人所在的工作台或者单位中的数据
@@ -60,4 +57,24 @@ public interface SaasRoleUserService {
      * @return
      */
     List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
+
+    /**
+     * workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色（支持角色赋予的同时 角色创建）
+     * work for: 组织 + 服务包
+     */
+    void createSuperAdminRole(CreateSuperAdminRoleParam param);
+
+    /**
+     * 批量获取超管信息
+     * @param param
+     * @return
+     */
+    List<SuperAdminInfoDTO> superAdminList(SuperAdminParam param);
+
+    /**
+     * 移除管理员
+     * @param params
+     * @return
+     */
+    boolean deleteAdminRole(List<DeleteAdminRoleParam> params);
 }
\ No newline at end of file
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
index f84ab108..f45bda5f 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
@@ -120,15 +120,15 @@ public class RoleServiceImpl implements RoleService {
 				pgrouRelationMap = saasPgroupRoleRelations.stream().collect(Collectors.groupingBy(SaasPgroupRoleRelation::getRoleId));
 				// 查询权限集
 				pGroupMap = permissionGroupService.page(QuerySaasPermissionGroupReq.builder()
-								.isCommon(isCommon)
-								.roleIds(roleIds)
-								.ids(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList()))
-								.workspaceId(workspaceId)
-								.ouId(ouId)
-								.fetchPage(Boolean.FALSE)
-								.build()).getList()
-						// 转map<pgroupId>
-						.stream().collect(Collectors.groupingBy(SaasPermissionGroupVO::getId));
+						.isCommon(isCommon)
+						.roleIds(roleIds)
+						.ids(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList()))
+						.workspaceId(workspaceId)
+						.ouId(ouId)
+						.fetchPage(Boolean.FALSE)
+						.build()).getList()
+					// 转map<pgroupId>
+					.stream().collect(Collectors.groupingBy(SaasPermissionGroupVO::getId));
 			}
 		}
 		Map<Long, List<SaasPgroupRoleRelation>> finalPgrouRelationMap = pgrouRelationMap;
@@ -138,12 +138,12 @@ public class RoleServiceImpl implements RoleService {
 			List<SaasPermissionGroupVO> pGroup = new ArrayList<>();
 			if (finalPgrouRelationMap != null && finalPgrouRelationMap.containsKey(role.getId())) {
 				pGroup = finalPgrouRelationMap.get(role.getId())
-						.stream()
-						.map(SaasPgroupRoleRelation::getGroupId)
-						.map(finalPGroupMap::get)
-						.filter(Objects::nonNull)
-						.flatMap(List::stream)
-						.collect(Collectors.toList());
+					.stream()
+					.map(SaasPgroupRoleRelation::getGroupId)
+					.map(finalPGroupMap::get)
+					.filter(Objects::nonNull)
+					.flatMap(List::stream)
+					.collect(Collectors.toList());
 			}
 			SaasRoleVO saasRoleVO = BeanUtil.copyProperties(role, SaasRoleVO.class);
 			saasRoleVO.setPermissionGroup(pGroup);
@@ -172,12 +172,13 @@ public class RoleServiceImpl implements RoleService {
 		}
 		// 根据工作台类型和单位类型查询角色分组
 		List<SaasRoleGroup> roleGroup = new ArrayList<>();
-		if (CollectionUtils.isNotEmpty(req.getWorkspaceTypeCode()) || CollectionUtils.isNotEmpty(req.getOuTypeCode())) {
+		// 如果传入了角色id就以传入的角色id为准
+		if (CollectionUtils.isEmpty(req.getIds()) && (CollectionUtils.isNotEmpty(req.getWorkspaceTypeCode()) || CollectionUtils.isNotEmpty(req.getOuTypeCode()))) {
 			roleGroup = saasRoleGroupDao.query(QuerySaasRoleGroupReq.builder()
-					.ids(req.getSassRoleGroupIds())
-					.workspaceTypeCode(req.getWorkspaceTypeCode())
-					.ouTypeCode(req.getOuTypeCode())
-					.build());
+				.ids(req.getSassRoleGroupIds())
+				.workspaceTypeCode(req.getWorkspaceTypeCode())
+				.ouTypeCode(req.getOuTypeCode())
+				.build());
 			if (CollectionUtils.isEmpty(roleGroup)) {
 				return new ArrayList<>();
 			}
@@ -186,8 +187,8 @@ public class RoleServiceImpl implements RoleService {
 		List<SaasRoleGroupRelation> groupRelation = new ArrayList<>();
 		if (CollectionUtils.isNotEmpty(roleGroup)) {
 			groupRelation = roleGroupRelationDao.lambdaQuery()
-					.in(SaasRoleGroupRelation::getSaasRoleGroupId, roleGroup.stream().map(BaseEntity::getId).collect(Collectors.toList()))
-					.list();
+				.in(SaasRoleGroupRelation::getSaasRoleGroupId, roleGroup.stream().map(BaseEntity::getId).collect(Collectors.toList()))
+				.list();
             if (CollectionUtils.isEmpty(groupRelation)) {
                 return new ArrayList<>();
             }
@@ -197,8 +198,8 @@ public class RoleServiceImpl implements RoleService {
 				.in(CollectionUtils.isNotEmpty(req.getIds()), BaseEntity::getId, req.getIds())
 				.in(CollectionUtils.isNotEmpty(groupRelation), BaseEntity::getId, groupRelation.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toList()))
 				.in(CollectionUtils.isNotEmpty(req.getRoleType()), SaasRole::getRoleType, req.getRoleType())
-				.in(CollectionUtils.isNotEmpty(req.getWorkspaceId()),SaasRole::getWorkspaceId,req.getWorkspaceId())
-				.in(CollectionUtils.isNotEmpty(req.getOuId()),SaasRole::getOwnerOuId,req.getOuId())
+				.in(CollectionUtils.isEmpty(req.getIds()) && CollectionUtils.isNotEmpty(req.getWorkspaceId()),SaasRole::getWorkspaceId,req.getWorkspaceId())
+				.in(CollectionUtils.isEmpty(req.getIds()) && CollectionUtils.isNotEmpty(req.getOuId()),SaasRole::getOwnerOuId,req.getOuId())
 				.orderByDesc(BaseEntity::getId)
 				.list();
 		return getByIds(list.stream().map(BaseEntity::getId).collect(Collectors.toList()), req.getIsCommon(),req.getWorkspaceId(),req.getOuId(),req.getIncludePermissionGroup());
@@ -209,12 +210,12 @@ public class RoleServiceImpl implements RoleService {
 		List<QueryBatchByIdentityIdTypeRes> result = new ArrayList<>();
 		req.forEach(e -> {
 			result.add(QueryBatchByIdentityIdTypeRes.builder()
-					.identityId(e.getIdentityId())
-					.identityType(e.getIdentityType())
-					.workspaceId(e.getWorkspaceId())
-					.ouId(e.getOuId())
-					.role(queryByIdentityIdType(e.getIdentityId(),e.getIdentityType(),e.getWorkspaceId(),e.getOuId()))
-					.build());
+				.identityId(e.getIdentityId())
+				.identityType(e.getIdentityType())
+				.workspaceId(e.getWorkspaceId())
+				.ouId(e.getOuId())
+				.role(queryByIdentityIdType(e.getIdentityId(),e.getIdentityType(),e.getWorkspaceId(),e.getOuId()))
+				.build());
 		});
 		return result;
 	}
@@ -276,17 +277,17 @@ public class RoleServiceImpl implements RoleService {
 			List<SaasRole> list = new ArrayList<>();
 			if (CollectionUtils.isNotEmpty(roleIds)) {
 				list = saasRoleDao.lambdaQuery()
-						.in(BaseEntity::getId, roleIds)
-						.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue())
-						.list();
+					.in(BaseEntity::getId, roleIds)
+					.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue())
+					.list();
 			}
 			result.add(IsSuperAdminRes.builder()
-					.identityId(e.getIdentityId())
-					.identityType(e.getIdentityType())
-					.workspaceId(e.getWorkspaceId())
-					.ouId(e.getOuId())
-					.isSuperAdmin(CollectionUtils.isNotEmpty(list)?true:false)
-					.build());
+				.identityId(e.getIdentityId())
+				.identityType(e.getIdentityType())
+				.workspaceId(e.getWorkspaceId())
+				.ouId(e.getOuId())
+				.isSuperAdmin(CollectionUtils.isNotEmpty(list)?true:false)
+				.build());
 		});
 		return result;
 	}
@@ -419,9 +420,9 @@ public class RoleServiceImpl implements RoleService {
 	 */
 	public List<SaasPgroupRoleRelation> queryPermissionGroupRelation(List<Long> roleIds) {
 		return saasPgroupRoleRelationDao.lambdaQuery()
-				.in(SaasPgroupRoleRelation::getRoleId, roleIds)
-				.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
-				.list();
+			.in(SaasPgroupRoleRelation::getRoleId, roleIds)
+			.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+			.list();
 	}
 
 	@Override
@@ -434,7 +435,7 @@ public class RoleServiceImpl implements RoleService {
 		Set<Long> initRoleId = new HashSet<>();
 		//有标准角，查询角色分组
 		if (role.stream().anyMatch(r -> Objects.equals(RoleTypeEnum.INIT.getValue(), r.getRoleType()))) {
-			List<SaasRoleGroupVO> roleGroupList = saasRoleGroupService.getList(QuerySaasRoleGroupReq.builder()
+			List<SaasRoleGroupVO>	roleGroupList = saasRoleGroupService.getList(QuerySaasRoleGroupReq.builder()
 					.workspaceTypeCode(Collections.singletonList(userRoleInfoMap.getWorkspaceType().toString()))
 					.ouTypeCode(Collections.singletonList(userRoleInfoMap.getWorkspaceJoinType().getValue().toString()))
 					.build());
@@ -448,7 +449,7 @@ public class RoleServiceImpl implements RoleService {
 				.collect(Collectors.toList());
 
 		return resultRole.stream().map(
-						e -> e.getMatchFeature(userRoleInfoMap.workspaceId, userRoleInfoMap.getOuId()))
+				e -> e.getMatchFeature(userRoleInfoMap.workspaceId, userRoleInfoMap.getOuId()))
 				.flatMap(List::stream)
 				.map(PermissionPointTreeNode::getPermissionPointId)
 				.collect(Collectors.toSet());
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
index 786d759a..a3bdeff9 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
@@ -1,13 +1,14 @@
 package cn.axzo.tyr.server.service.impl;
 
+import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.basics.common.exception.ServiceException;
+import cn.axzo.basics.common.util.AssertUtil;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.BaseWorkspaceModel;
 import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
@@ -16,11 +17,13 @@ import cn.axzo.tyr.server.service.SaasRoleUserService;
 import cn.hutool.core.collection.CollectionUtil;
 import com.alibaba.nacos.common.utils.CollectionUtils;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.google.common.collect.Lists;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
@@ -120,6 +123,7 @@ public class RoleUserService implements SaasRoleUserService {
 	}
 
 	@Override
+	@Transactional(rollbackFor = Exception.class)
 	public boolean deleteUserRoles(DeleteUserRoleParam param) {
 		List<SaasRole> roleList = saasRoleDao.lambdaQuery()
 				.eq(Objects.nonNull(param.getOuId()), SaasRole::getOwnerOuId, param.getOuId())
@@ -142,4 +146,73 @@ public class RoleUserService implements SaasRoleUserService {
 	public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
 		return roleUserRelationDao.queryByWorkspaceIdOrOu(identityId, identityType, workspaceIds, ouIds);
 	}
+
+	@Override
+	@Transactional(rollbackFor = Exception.class)
+	public void createSuperAdminRole(CreateSuperAdminRoleParam param) {
+		//获取超管角色
+		SaasRole saasRole = saasRoleDao
+				.findRoleByTypeAndWorkspaceIdAndOuId(RoleTypeEnum.SUPER_ADMIN.getValue(),
+						param.getWorkspaceId(), param.getOuId());
+		if (saasRole == null) {
+			saasRole = new SaasRole();
+			saasRole.setDescription(RoleTypeEnum.SUPER_ADMIN.getDesc());
+			saasRole.setName(RoleTypeEnum.SUPER_ADMIN.getDesc());
+			saasRole.setWorkspaceId(param.getWorkspaceId());
+			saasRole.setWorkspaceType(param.getWorkspaceType());
+			saasRole.setOwnerOuId(param.getOuId());
+			saasRole.setRoleType(RoleTypeEnum.SUPER_ADMIN.getValue());
+			saasRole.setIsDelete(0L);
+
+			checkRoleName(RoleTypeEnum.SUPER_ADMIN.getDesc(), param.getWorkspaceId(), param.getOuId());
+			saasRoleDao.save(saasRole);
+		}
+		//删除当前超管角色
+		roleUserRelationDao.deleteByRoldId(Lists.newArrayList(saasRole.getId()));
+
+		//新增关联关系
+		SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
+		saasRoleUserRelation.setIdentityId(param.getIdentityId());
+		saasRoleUserRelation.setRoleId(saasRole.getId());
+		saasRoleUserRelation.setIdentityType(param.getIdentityType().getCode());
+		saasRoleUserRelation.setNaturalPersonId(param.getNaturalPersonId());
+		saasRoleUserRelation.setOuId(param.getOuId());
+		saasRoleUserRelation.setWorkspaceId(param.getWorkspaceId());
+		roleUserRelationDao.save(saasRoleUserRelation);
+	}
+
+	private void checkRoleName(String name, Long workspaceId, Long ouId) {
+		List<SaasRole> saasRoles = saasRoleDao.listCommonRoleByNameAndWorkspaceIdAndOuId(name,
+				workspaceId, ouId);
+		AssertUtil.isEmpty(saasRoles, "已存在相同的角色名称，请更换角色名称");
+	}
+
+	@Override
+	public List<SuperAdminInfoDTO> superAdminList(SuperAdminParam param) {
+		if (param.getWorkspaceId() == null || CollectionUtil.isEmpty(param.getOuIds())) {
+			return Collections.emptyList();
+		}
+		List<SaasRoleUserRelation> relations = roleUserRelationDao.lambdaQuery()
+				.in(SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
+				.in(SaasRoleUserRelation::getOuId, param.getOuIds())
+				.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+		if (CollectionUtils.isEmpty(relations)) {
+			return Collections.emptyList();
+		}
+		return relations.stream().map(r -> {
+			SuperAdminInfoDTO superAdminInfo = new SuperAdminInfoDTO();
+			superAdminInfo.setWorkspaceId(r.getWorkspaceId());
+			superAdminInfo.setOuId(r.getOuId());
+			superAdminInfo.setIdentityId(r.getIdentityId());
+			superAdminInfo.setIdentityType(r.getIdentityType());
+			return superAdminInfo;
+		}).collect(Collectors.toList());
+	}
+
+	@Override
+	@Transactional(rollbackFor = Exception.class)
+	public boolean deleteAdminRole(List<DeleteAdminRoleParam> params) {
+
+		return false;
+	}
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyDetailServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyDetailServiceImpl.java
index 96353fa1..d2140a7c 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyDetailServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyDetailServiceImpl.java
@@ -89,9 +89,9 @@ public class SaasFeatureApplyDetailServiceImpl implements SaasFeatureApplyDetail
     @Transactional(rollbackFor = Exception.class)
     public void updateApplyDetail(PermissionPointApplyDetailUpdateReq req) {
         SaasFeatureApplyDetail detail = BeanMapper.copyBean(req, SaasFeatureApplyDetail.class, (p, s) -> {
-            s.setFitOuTypeBit(p.getFitOuTypeList() == null ? "" : JSON.toJSONString(p.getFitOuTypeList()));
+            s.setFitOuTypeBit(p.getFitOuTypeList() == null ? "[65535]" : JSON.toJSONString(p.getFitOuTypeList()));
             s.setFitOuNodeTypeBit(
-                    p.getFitOuNodeTypeList() == null ? "" : JSON.toJSONString(p.getFitOuNodeTypeList()));
+                    p.getFitOuNodeTypeList() == null ? "[65535]" : JSON.toJSONString(p.getFitOuNodeTypeList()));
         });
         this.saveOrUpdate(Lists.newArrayList(detail));
     }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyServiceImpl.java
index 77121a73..52cf7340 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyServiceImpl.java
@@ -5,6 +5,7 @@ import java.util.function.Function;
 import java.util.stream.Collectors;
 
 import cn.axzo.tyr.client.model.enums.FeatureDataType;
+import com.google.common.collect.Lists;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -423,9 +424,9 @@ public class SaasFeatureApplyServiceImpl implements SaasFeatureApplyService {
             detail.setSort(point.getSort());
             detail.setTerminal(point.getTerminal());
             detail.setFeatureType(point.getFeatureType());
-            detail.setFitOuTypeBit(point.getFitOuTypeList() == null ? "" : JSON.toJSONString(point.getFitOuTypeList()));
+            detail.setFitOuTypeBit(point.getFitOuTypeList() == null ? "[65535]" : JSON.toJSONString(point.getFitOuTypeList()));
             detail.setFitOuNodeTypeBit(
-                point.getFitOuNodeTypeList() == null ? "" : JSON.toJSONString(point.getFitOuNodeTypeList()));
+                point.getFitOuNodeTypeList() == null ? "[65535]" : JSON.toJSONString(point.getFitOuNodeTypeList()));
             detail.setDelegatedType(point.getDelegatedType());
             detail.setCreateBy(createBy);
             detail.setCreateAt(now);
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index e22b0cca..307e7045 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -424,7 +424,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                             //通过子级查询父级并打平树型结构
                             List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                     .ids(buttonPermissionPointId)
-                                    .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
+                                    .terminalList(identityAuthReq.getTerminal())
                                     .build());
 
                             workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
@@ -461,7 +461,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                         //通过子级查询父级并平铺菜单
                         List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                 .ids(new HashSet<>(resultHashAuthPointId))
-                                .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
+                                .terminalList(identityAuthReq.getTerminal())
                                 .build());
 
                         workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()