diff --git a/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java b/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java
index 47259e2..33f93b6 100644
--- a/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java
+++ b/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java
@@ -60,6 +60,7 @@ public class SecurityConfig {
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/auth/**").permitAll()
                         .requestMatchers("/auth/register").permitAll()
+//                        .requestMatchers("/user/**").permitAll()
                         .anyRequest().access((authenticationSupplier, requestAuthorizationContext) -> {
                             HttpServletRequest request = requestAuthorizationContext.getRequest();
                             Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
diff --git a/src/main/java/asia/yulinling/workflow/controller/UserController.java b/src/main/java/asia/yulinling/workflow/controller/UserController.java
index 3a2ef98..4ba0790 100644
--- a/src/main/java/asia/yulinling/workflow/controller/UserController.java
+++ b/src/main/java/asia/yulinling/workflow/controller/UserController.java
@@ -1,6 +1,7 @@
 package asia.yulinling.workflow.controller;
 
 import asia.yulinling.workflow.dto.request.PageParam;
+import asia.yulinling.workflow.dto.request.RoleUserRequest;
 import asia.yulinling.workflow.dto.request.UpdateUserRequest;
 import asia.yulinling.workflow.dto.response.PageResult;
 import asia.yulinling.workflow.model.ApiResponse;
@@ -34,4 +35,9 @@ public class UserController {
     public ApiResponse<PageResult<UserVO>> usersPage(PageParam pageParam) {
         return userService.getUserListByPage(pageParam);
     }
+
+    @PostMapping("/updateRole")
+    public ApiResponse<?> updateUserRole(@RequestBody RoleUserRequest roleUserRequest) {
+        return userService.updateUserRole(roleUserRequest.getRoleId(), roleUserRequest.getUserId());
+    }
 }
diff --git a/src/main/java/asia/yulinling/workflow/dto/request/RoleUserRequest.java b/src/main/java/asia/yulinling/workflow/dto/request/RoleUserRequest.java
new file mode 100644
index 0000000..690f30b
--- /dev/null
+++ b/src/main/java/asia/yulinling/workflow/dto/request/RoleUserRequest.java
@@ -0,0 +1,24 @@
+package asia.yulinling.workflow.dto.request;
+
+import lombok.Data;
+
+/**
+ * <p>
+ * 角色用户请求类
+ * </p>
+ *
+ * @author YLL
+ * @since 2025/6/25
+ */
+@Data
+public class RoleUserRequest {
+    /**
+     * 角色Id
+     */
+    private Long roleId;
+
+    /**
+     * 用户Id
+     */
+    private Long userId;
+}
diff --git a/src/main/java/asia/yulinling/workflow/model/ApiResponse.java b/src/main/java/asia/yulinling/workflow/model/ApiResponse.java
index d2c03ce..3836b23 100644
--- a/src/main/java/asia/yulinling/workflow/model/ApiResponse.java
+++ b/src/main/java/asia/yulinling/workflow/model/ApiResponse.java
@@ -76,7 +76,7 @@ public class ApiResponse<T> {
      * @param message 返回内容
      * @return ApiResponse
      */
-    public static ApiResponse<Void> ofMessage(String message) {
+    public static ApiResponse<Void> ofSuccessMessage(String message) {
         return of(Status.SUCCESS.getCode(), message, null);
     }
 
diff --git a/src/main/java/asia/yulinling/workflow/service/UserService.java b/src/main/java/asia/yulinling/workflow/service/UserService.java
index 0414fdb..41b8618 100644
--- a/src/main/java/asia/yulinling/workflow/service/UserService.java
+++ b/src/main/java/asia/yulinling/workflow/service/UserService.java
@@ -39,5 +39,5 @@ public interface UserService {
      *
      * @return 请求结果
      */
-    ApiResponse<?> updateUserRole();
+    ApiResponse<?> updateUserRole(Long roleId, Long userId);
 }
diff --git a/src/main/java/asia/yulinling/workflow/service/impl/UserServiceImpl.java b/src/main/java/asia/yulinling/workflow/service/impl/UserServiceImpl.java
index 59127d8..a852759 100644
--- a/src/main/java/asia/yulinling/workflow/service/impl/UserServiceImpl.java
+++ b/src/main/java/asia/yulinling/workflow/service/impl/UserServiceImpl.java
@@ -1,15 +1,21 @@
 package asia.yulinling.workflow.service.impl;
 
+import asia.yulinling.workflow.constant.Status;
 import asia.yulinling.workflow.dto.request.PageParam;
 import asia.yulinling.workflow.dto.request.UpdateUserRequest;
 import asia.yulinling.workflow.dto.response.PageResult;
+import asia.yulinling.workflow.mapper.RoleMapper;
+import asia.yulinling.workflow.mapper.RoleUserMapper;
 import asia.yulinling.workflow.mapper.UserMapper;
 import asia.yulinling.workflow.model.ApiResponse;
+import asia.yulinling.workflow.model.entity.Role;
+import asia.yulinling.workflow.model.entity.RoleUser;
 import asia.yulinling.workflow.model.entity.User;
 import asia.yulinling.workflow.model.vo.user.UserVO;
 import asia.yulinling.workflow.scope.RequestScopeData;
 import asia.yulinling.workflow.service.UserService;
 import asia.yulinling.workflow.utils.PageUtil;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import lombok.RequiredArgsConstructor;
@@ -38,6 +44,8 @@ public class UserServiceImpl implements UserService {
     /** 注入用户Mapper */
     private final UserMapper userMapper;
     private final RequestScopeData scopeData;
+    private final RoleUserMapper roleUserMapper;
+    private final RoleMapper roleMapper;
 
     /**
      * 获取用户列表分页
@@ -87,7 +95,7 @@ public class UserServiceImpl implements UserService {
 
         if (!requestUserId.equals(userId)) {
             log.error("user id not match, scopeData: {}, requestUserId: {}", requestUserId, userId);
-            throw new RuntimeException("用户Id不匹配");
+            return ApiResponse.ofStatus(Status.BAD_REQUEST, "用户Id不匹配");
         }
 
         User user = new User();
@@ -110,7 +118,30 @@ public class UserServiceImpl implements UserService {
     }
 
     @Override
-    public ApiResponse<?> updateUserRole() {
-        return null;
+    @Transactional(rollbackFor = Exception.class)
+    public ApiResponse<?> updateUserRole(Long roleId, Long userId) {
+
+        LambdaQueryWrapper<Role> roleUserLambdaQueryWrapper = new LambdaQueryWrapper<>();
+        roleUserLambdaQueryWrapper.eq(Role::getId, roleId);
+        if (!roleMapper.exists(roleUserLambdaQueryWrapper)) {
+            return ApiResponse.ofStatus(Status.PARAM_NOT_MATCH, "角色不存在");
+        }
+
+        LambdaQueryWrapper<RoleUser> roleUserLambdaQueryWrapper2 = new LambdaQueryWrapper<>();
+        roleUserLambdaQueryWrapper2.eq(RoleUser::getUserId, userId);
+        if (!roleUserMapper.exists(roleUserLambdaQueryWrapper2)) {
+            return ApiResponse.ofStatus(Status.PARAM_NOT_MATCH, "用户不存在");
+        }
+
+        try {
+            LambdaUpdateWrapper<RoleUser> roleUserLambdaUpdateWrapper = new LambdaUpdateWrapper<>();
+            roleUserLambdaUpdateWrapper.eq(RoleUser::getUserId, userId);
+            roleUserLambdaUpdateWrapper.set(RoleUser::getRoleId, roleId);
+            roleUserMapper.update(null, roleUserLambdaUpdateWrapper);
+            return ApiResponse.ofSuccess("更新成功");
+        } catch (Exception e) {
+            log.error("update user role error:{}", e.getMessage());
+            throw new RuntimeException(e);
+        }
     }
 }