diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
index a457c53a2..8c271a73c 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
@@ -26,6 +26,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
         return this.selectVoPage(page, queryWrapper);
     }
 
+    /**
+     * 分页查询岗位列表
+     *
+     * @param queryWrapper 查询条件
+     * @return 包含岗位信息的分页结果
+     */
+    @DataPermission({
+        @DataColumn(key = "deptName", value = "dept_id"),
+        @DataColumn(key = "userName", value = "create_by")
+    })
+    default List<SysPostVo> selectPostList(Wrapper<SysPost> queryWrapper) {
+        return this.selectVoList(queryWrapper);
+    }
+
     /**
      * 查询用户所属岗位组
      *
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java
index e7c6ae38a..4c1c8b9df 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java
@@ -21,8 +21,7 @@ public interface SysUserRoleMapper extends BaseMapperPlus<SysUserRole, SysUserRo
      */
     default List<Long> selectUserIdsByRoleId(Long roleId) {
         return this.selectObjs(new LambdaQueryWrapper<SysUserRole>()
-            .select(SysUserRole::getUserId).inSql(SysUserRole::getRoleId,
-                "select role_id from sys_role where role_id = " + roleId)
+            .select(SysUserRole::getUserId).eq(SysUserRole::getRoleId, roleId)
         );
     }
 
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
index acfb708d7..c5d37a7f2 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
@@ -447,14 +447,20 @@ public class SysUserServiceImpl implements ISysUserService {
      * @param clear 清除已存在的关联数据
      */
     private void insertUserPost(SysUserBo user, boolean clear) {
-        Long[] posts = user.getPostIds();
-        if (ArrayUtil.isNotEmpty(posts)) {
+        List<Long> postIds = List.of(user.getPostIds());
+        if (ArrayUtil.isNotEmpty(postIds)) {
+            // 判断是否具有此角色的操作权限
+            List<SysPostVo> posts = postMapper.selectPostList(
+                new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
+            if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
+                throw new ServiceException("没有权限访问岗位的数据");
+            }
             if (clear) {
                 // 删除用户与岗位关联
                 userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
             }
             // 新增用户与岗位管理
-            List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
+            List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
                 SysUserPost up = new SysUserPost();
                 up.setUserId(user.getUserId());
                 up.setPostId(postId);