diff --git a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/PermissionCodeConstants.java b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/PermissionCodeConstants.java
index 76ce33a48..36bd20aaa 100644
--- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/PermissionCodeConstants.java
+++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/PermissionCodeConstants.java
@@ -11,6 +11,36 @@ public interface PermissionCodeConstants {
     /**
      * 首页-公司信息统计信息
      */
-    String STAT_INFO_OPTION_CODE = "COMPANY_STAT_INFO";
+    String COMPANY_STAT_INFO = "COMPANY_STAT_INFO";
+
+    /**
+     * 人员_新增人员
+     */
+    String ADD_USER = "ADD_USER";
+
+    /**
+     * 人员_修改人员
+     */
+    String EDIT_USER = "EDIT_USER";
+
+    /**
+     * 人员_删除人员
+     */
+    String DELETE_USER = "DELETE_USER";
+
+    /**
+     * 人员_分配角色
+     */
+    String ASSIGN_USER_ROLE = "ASSIGN_USER_ROLE";
+
+    /**
+     * 人员_重置密码
+     */
+    String RESET_PASSWORD = "RESET_PASSWORD";
+
+    /**
+     * 人员_修改状态
+     */
+    String UPDATE_USER_STATUS = "UPDATE_USER_STATUS";
 
 }
diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/org/controller/HomeOrgStatController.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/org/controller/HomeOrgStatController.java
index d56a95016..53e97937e 100644
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/org/controller/HomeOrgStatController.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/org/controller/HomeOrgStatController.java
@@ -33,7 +33,7 @@ public class HomeOrgStatController {
      * @since 2023/6/26 22:51
      */
     @GetResource(name = "获取组织机构统计信息", path = "/org/statInfo", requiredPermission = true,
-            requirePermissionCode = PermissionCodeConstants.STAT_INFO_OPTION_CODE)
+            requirePermissionCode = PermissionCodeConstants.COMPANY_STAT_INFO)
     public ResponseData<HomeCompanyInfo> orgStatInfo() {
         return new SuccessResponseData<>(hrOrganizationService.orgStatInfo());
     }
diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/controller/SysUserController.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/controller/SysUserController.java
index 01bd85d4a..b20ae7f5c 100644
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/controller/SysUserController.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/controller/SysUserController.java
@@ -7,6 +7,7 @@ import cn.stylefeng.roses.kernel.rule.pojo.response.SuccessResponseData;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.ApiResource;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.GetResource;
 import cn.stylefeng.roses.kernel.scanner.api.annotation.PostResource;
+import cn.stylefeng.roses.kernel.sys.api.constants.PermissionCodeConstants;
 import cn.stylefeng.roses.kernel.sys.modular.user.entity.SysUser;
 import cn.stylefeng.roses.kernel.sys.modular.user.pojo.request.SysUserRequest;
 import cn.stylefeng.roses.kernel.sys.modular.user.pojo.request.SysUserRoleRequest;
@@ -40,7 +41,8 @@ public class SysUserController {
      * @author fengshuonan
      * @date 2023/06/10 21:26
      */
-    @PostResource(name = "添加用户", path = "/sysUser/add")
+    @PostResource(name = "添加用户", path = "/sysUser/add", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.ADD_USER)
     public ResponseData<SysUser> add(@RequestBody @Validated(SysUserRequest.add.class) SysUserRequest sysUserRequest) {
         sysUserService.add(sysUserRequest);
         return new SuccessResponseData<>();
@@ -52,7 +54,8 @@ public class SysUserController {
      * @author fengshuonan
      * @date 2023/06/10 21:26
      */
-    @PostResource(name = "删除用户", path = "/sysUser/delete")
+    @PostResource(name = "删除用户", path = "/sysUser/delete", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.DELETE_USER)
     public ResponseData<?> delete(@RequestBody @Validated(SysUserRequest.delete.class) SysUserRequest sysUserRequest) {
         sysUserService.del(sysUserRequest);
         return new SuccessResponseData<>();
@@ -64,7 +67,8 @@ public class SysUserController {
      * @author fengshuonan
      * @date 2023/06/10 21:26
      */
-    @PostResource(name = "批量删除用户", path = "/sysUser/batchDelete")
+    @PostResource(name = "批量删除用户", path = "/sysUser/batchDelete", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.DELETE_USER)
     public ResponseData<?> batchDelete(@RequestBody @Validated(BaseRequest.batchDelete.class) SysUserRequest sysUserRequest) {
         sysUserService.batchDel(sysUserRequest);
         return new SuccessResponseData<>();
@@ -76,7 +80,8 @@ public class SysUserController {
      * @author fengshuonan
      * @date 2023/06/10 21:26
      */
-    @PostResource(name = "编辑用户", path = "/sysUser/edit")
+    @PostResource(name = "编辑用户", path = "/sysUser/edit", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.EDIT_USER)
     public ResponseData<?> edit(@RequestBody @Validated(SysUserRequest.edit.class) SysUserRequest sysUserRequest) {
         sysUserService.edit(sysUserRequest);
         return new SuccessResponseData<>();
@@ -110,7 +115,8 @@ public class SysUserController {
      * @author fengshuonan
      * @since 2023/6/12 10:58
      */
-    @PostResource(name = "修改用户状态", path = "/sysUser/updateStatus")
+    @PostResource(name = "修改用户状态", path = "/sysUser/updateStatus", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.UPDATE_USER_STATUS)
     public ResponseData<?> updateStatus(@RequestBody @Validated(SysUserRequest.updateStatus.class) SysUserRequest sysUserRequest) {
         sysUserService.updateStatus(sysUserRequest);
         return new SuccessResponseData<>();
@@ -122,7 +128,8 @@ public class SysUserController {
      * @author fengshuonan
      * @since 2023/6/12 10:58
      */
-    @PostResource(name = "绑定用户角色", path = "/sysUser/bindRoles")
+    @PostResource(name = "绑定用户角色", path = "/sysUser/bindRoles", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.ASSIGN_USER_ROLE)
     public ResponseData<?> bindRoles(@RequestBody @Validated(SysUserRoleRequest.bindRoles.class) SysUserRoleRequest sysUserRoleRequest) {
         sysUserRoleService.bindRoles(sysUserRoleRequest);
         return new SuccessResponseData<>();
@@ -134,7 +141,8 @@ public class SysUserController {
      * @author fengshuonan
      * @since 2023/6/12 14:49
      */
-    @PostResource(name = "重置用户密码", path = "/sysUser/resetPassword")
+    @PostResource(name = "重置用户密码", path = "/sysUser/resetPassword", requiredPermission = true,
+            requirePermissionCode = PermissionCodeConstants.RESET_PASSWORD)
     public ResponseData<?> resetPassword(@RequestBody @Validated(SysUserRequest.resetPassword.class) SysUserRequest sysUserRequest) {
         sysUserService.resetPassword(sysUserRequest);
         return new SuccessResponseData<>();