diff --git a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
index d9e0d665..de57bf72 100644
--- a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
@@ -83,6 +83,16 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR
 	}
 
 	private boolean grantRoleMenu(List<Long> roleIds, List<Long> menuIds) {
+		// 防止越权配置超管角色
+		int administratorCount = baseMapper.selectCount(Wrappers.<Role>query().lambda().eq(Role::getRoleAlias, RoleConstant.ADMINISTRATOR).in(Role::getId, roleIds));
+		if (!AuthUtil.isAdministrator() && administratorCount > 0) {
+			throw new ServiceException("无权配置超管角色!");
+		}
+		// 防止越权配置管理员角色
+		int adminCount = baseMapper.selectCount(Wrappers.<Role>query().lambda().eq(Role::getRoleAlias, RoleConstant.ADMIN).in(Role::getId, roleIds));
+		if (!AuthUtil.isAdmin() && adminCount > 0) {
+			throw new ServiceException("无权配置管理员角色!");
+		}
 		// 删除角色配置的菜单集合
 		roleMenuService.remove(Wrappers.<RoleMenu>update().lambda().in(RoleMenu::getRoleId, roleIds));
 		// 组装配置