diff --git a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/RolesMapper.xml b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/RolesMapper.xml
index 3c52ea468..8c5c102eb 100644
--- a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/RolesMapper.xml
+++ b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/RolesMapper.xml
@@ -78,10 +78,9 @@
     <update id="logisticDeleteRolePermissions" parameterType="java.util.List">
         update mxk_role_permissions 
         set status=9 
-        where instid   =   #{instId} 
-            and id in
-            <foreach item="item" collection="list" open="(" separator="," close=")">
-                #{item.id}
+        where 1 = 1 and 
+            <foreach item="item" collection="list" open="(" separator="or" close=")">
+                ( id = #{item.id} and instid  =   #{item.instId} )
             </foreach>
     </update>
     
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/PermissionsController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/PermissionsController.java
index 426b05e12..0a5a4c9f0 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/PermissionsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/PermissionsController.java
@@ -61,12 +61,12 @@ public class PermissionsController {
 	public Message insert(@ModelAttribute("rolePermissions") RolePermissions rolePermissions) {
 		_logger.debug("-save  :" + rolePermissions);
 		//have
-		
+		String instId = WebContext.getUserInfo().getInstId();
 		RolePermissions queryRolePermissions = 
 				new RolePermissions(
 						rolePermissions.getAppId(),
 						rolePermissions.getRoleId(),
-						WebContext.getUserInfo().getInstId());
+						instId);
 		List<RolePermissions> rolePermissionsedList = rolesService.queryRolePermissions(queryRolePermissions);
 		
 		HashMap<String,String >permedMap =new HashMap<String,String >();
@@ -82,8 +82,9 @@ public class PermissionsController {
 		    RolePermissions newRolePermissions=new RolePermissions(
                     rolePermissions.getAppId(),
                     rolePermissions.getRoleId(),
-                    resourceId);
-		    newRolePermissions.setInstId(WebContext.getUserInfo().getInstId());
+                    resourceId,
+                    instId);
+		    newRolePermissions.setId(newRolePermissions.generateId());
 		    newPermsMap.put(newRolePermissions.getUniqueId(), rolePermissions.getAppId());
 		    
 		    if(!rolePermissions.getAppId().equalsIgnoreCase(resourceId) &&
@@ -96,6 +97,7 @@ public class PermissionsController {
 		ArrayList<RolePermissions> deleteRolePermissionsList =new ArrayList<RolePermissions>();
 		for(RolePermissions rolePerms : rolePermissionsedList) {
            if(!newPermsMap.containsKey(rolePerms.getUniqueId())) {
+        	   rolePerms.setInstId(instId);
                deleteRolePermissionsList.add(rolePerms);
            }
         }