diff --git a/src/backend/bisheng/api/services/role_group_service.py b/src/backend/bisheng/api/services/role_group_service.py
index ef70f504d..7616dfde2 100644
--- a/src/backend/bisheng/api/services/role_group_service.py
+++ b/src/backend/bisheng/api/services/role_group_service.py
@@ -3,7 +3,7 @@
 from uuid import UUID
 
 from fastapi.encoders import jsonable_encoder
-from fastapi import Request
+from fastapi import Request, HTTPException
 
 from bisheng.api.services.assistant import AssistantService
 from bisheng.api.services.audit_log import AuditLogService
@@ -16,7 +16,9 @@
 from bisheng.database.models.group import Group, GroupCreate, GroupDao, GroupRead, DefaultGroup
 from bisheng.database.models.group_resource import GroupResourceDao, ResourceTypeEnum
 from bisheng.database.models.knowledge import KnowledgeDao
+from bisheng.database.models.role import AdminRole
 from bisheng.database.models.user import User, UserDao
+from bisheng.database.models.user_role import UserRoleDao
 from bisheng.database.models.user_group import UserGroupCreate, UserGroupDao, UserGroupRead
 from loguru import logger
 
@@ -141,7 +143,7 @@ def insert_user_group(self, user_group: UserGroupCreate) -> UserGroupRead:
     def replace_user_groups(self, request: Request, login_user: UserPayload, user_id: int, group_ids: List[int]):
         """ 覆盖用户的所在的用户组 """
         # 判断下被操作用户是否是超级管理员
-        user_role_list = UserRoleDao.get_user_role(user_id)
+        user_role_list = UserRoleDao.get_user_roles(user_id)
         if any(one.role_id == AdminRole for one in user_role_list):
             raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
 
diff --git a/src/backend/bisheng/api/v1/user.py b/src/backend/bisheng/api/v1/user.py
index d112d2db1..937478552 100644
--- a/src/backend/bisheng/api/v1/user.py
+++ b/src/backend/bisheng/api/v1/user.py
@@ -510,6 +510,8 @@ async def user_addrole(*,
     user_role_list = UserRoleDao.get_user_roles(user_role.user_id)
     if any(one.role_id == AdminRole for one in user_role_list):
         raise HTTPException(status_code=500, detail='系统管理员不允许编辑')
+    if any(one == AdminRole for one in user_role.role_id):
+        raise HTTPException(status_code=500, detail='不允许设置为系统管理员')
 
     if not login_user.is_admin():
         # 判断拥有哪些用户组的管理权限
diff --git a/src/backend/bisheng/database/models/role.py b/src/backend/bisheng/database/models/role.py
index da69dda3b..66f121688 100644
--- a/src/backend/bisheng/database/models/role.py
+++ b/src/backend/bisheng/database/models/role.py
@@ -47,14 +47,14 @@ class RoleDao(RoleBase):
     @classmethod
     def get_role_by_groups(cls, group: List[int], keyword: str = None, page: int = 0, limit: int = 0) -> List[Role]:
         """
-        获取用户组内的角色列表
+        获取用户组内的角色列表, 不包含系统管理员角色
         params:
             group: 用户组ID列表
             page: 页数
             limit: 每页条数
         return: 角色列表
         """
-        statement = select(Role)
+        statement = select(Role).where(Role.id > AdminRole)
         if group:
             statement = statement.where(Role.group_id.in_(group))
         if keyword:
@@ -69,7 +69,7 @@ def count_role_by_groups(cls, group: List[int], keyword: str = None) -> int:
         """
         统计用户组内的角色数量，参数如上
         """
-        statement = select(func.count(Role.id))
+        statement = select(func.count(Role.id)).where(Role.id > AdminRole)
         if group:
             statement = statement.where(Role.group_id.in_(group))
         if keyword: