diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 0940d6466..23745bf5c 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -320,6 +320,7 @@ class RoleMixin:
     _system_roles = None
     PERM_CACHE_KEY = 'USER_PERMS_{}_{}'
     _is_superuser = None
+    _update_superuser = False
 
     @lazyproperty
     def roles(self):
@@ -367,6 +368,8 @@ class RoleMixin:
 
     @is_superuser.setter
     def is_superuser(self, value):
+        self._is_superuser = value
+        self._update_superuser = True
         if value:
             self.system_roles.add_role_system_admin()
         else:
diff --git a/apps/users/signal_handlers.py b/apps/users/signal_handlers.py
index 065386fde..bd9b01845 100644
--- a/apps/users/signal_handlers.py
+++ b/apps/users/signal_handlers.py
@@ -60,9 +60,20 @@ def save_passwd_change(sender, instance: User, **kwargs):
         )
 
 
+def update_role_superuser_if_need(user):
+    if not user._update_superuser:
+        return
+    value = user._is_superuser
+    if value:
+        user.system_roles.add_role_system_admin()
+    else:
+        user.system_roles.remove_role_system_admin()
+
+
 @receiver(post_save, sender=User)
 @on_transaction_commit
 def on_user_create_set_default_system_role(sender, instance, created, **kwargs):
+    update_role_superuser_if_need(instance)
     if not created:
         return
     has_system_role = instance.system_roles.all().exists()