diff --git a/apps/audits/api.py b/apps/audits/api.py
index 752777fc6..3f2611b77 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -14,6 +14,7 @@ from common.plugins.es import QuerySet as ESQuerySet
 from ops.models.job import JobAuditLog
 from orgs.mixins.api import OrgGenericViewSet, OrgBulkModelViewSet
 from orgs.utils import current_org, tmp_to_root_org
+from orgs.models import Organization
 from users.models import User
 from .backends import TYPE_ENGINE_MAPPING
 from .const import ActivityChoices
@@ -145,7 +146,10 @@ class OperateLogViewSet(RetrieveModelMixin, ListModelMixin, OrgGenericViewSet):
         return super().get_serializer_class()
 
     def get_queryset(self):
-        qs = OperateLog.objects.all()
+        with tmp_to_root_org():
+            qs = OperateLog.objects.filter(
+                Q(org_id=current_org.id) | Q(org_id=Organization.SYSTEM_ID)
+            )
         es_config = settings.OPERATE_LOG_ELASTICSEARCH_CONFIG
         if es_config:
             engine_mod = import_module(TYPE_ENGINE_MAPPING['es'])
diff --git a/apps/audits/backends/db.py b/apps/audits/backends/db.py
index 5acae53cc..57de654d4 100644
--- a/apps/audits/backends/db.py
+++ b/apps/audits/backends/db.py
@@ -81,5 +81,6 @@ class OperateLogStore(object):
             limit = {str(_('Tips')): self.max_length_tip_msg}
             diff = self.convert_before_after_to_diff(limit, limit)
 
+        setattr(op_log, 'LOCKING_ORG', op_log.org_id)
         op_log.diff = diff
         op_log.save()
diff --git a/apps/audits/handler.py b/apps/audits/handler.py
index 0e7b540a2..d5f39dc7a 100644
--- a/apps/audits/handler.py
+++ b/apps/audits/handler.py
@@ -12,9 +12,9 @@ from common.local import encrypted_field_set
 from settings.serializers import SettingsSerializer
 from jumpserver.utils import current_request
 from orgs.utils import get_current_org_id
+from orgs.models import Organization
 
 from .backends import get_operate_log_storage
-from .const import ActionChoices
 
 
 logger = get_logger(__name__)
@@ -130,6 +130,14 @@ class OperatorLogHandler(metaclass=Singleton):
             after = self.__data_processing(after)
         return before, after
 
+    @staticmethod
+    def get_org_id(object_name):
+        system_obj = ('Role',)
+        org_id = get_current_org_id()
+        if object_name in system_obj:
+            org_id = Organization.SYSTEM_ID
+        return org_id
+
     def create_or_update_operate_log(
             self, action, resource_type, resource=None, resource_display=None,
             force=False, log_id=None, before=None, after=None,
@@ -148,12 +156,12 @@ class OperatorLogHandler(metaclass=Singleton):
             # 前后都没变化，没必要生成日志，除非手动强制保存
             return
 
+        org_id = self.get_org_id(object_name)
         data = {
             'id': log_id, "user": str(user), 'action': action,
-            'resource_type': str(resource_type),
+            'resource_type': str(resource_type), 'org_id': org_id,
             'resource_id': resource_id, 'resource': resource_display,
             'remote_addr': remote_addr, 'before': before, 'after': after,
-            'org_id': get_current_org_id(),
         }
         with transaction.atomic():
             if self.log_client.ping(timeout=1):