diff --git a/services/auth_service.py b/services/auth_service.py
index 937c269b6d46ed0f143d541f7ef65a47f93e42a7..fae714c398c2a5fb0a7416770a035039a7ba08fe 100644
--- a/services/auth_service.py
+++ b/services/auth_service.py
@@ -127,15 +127,16 @@ async def upgrade_role(name, data):
                                     data.get('review_reason', None))
 
 
-async def update_user_role(data, name):
+async def update_user_role(data, user_infos):
     user = await User.query_obj_one(User.id == data.get('user_id'))
     if user.role == User_Role.ADMIN:
         return ERROR_INVALID_OP, False
     if user.role == data['role']:
         return f'无效操作,{user.nick_name}已获得当前权限', False
-    await UserRoleOpRecord(applicant=user.nick_name, applicant_id=user.id, signer=name, has_review=True,
-                           review_result=User_Role_Review_Status.PASS, review_reason='管理员主动变更权限',
-                           method=data['method']).save()
+    if user_infos['role'] == User_Role.SENIOR and (data['role'] == User_Role.ADMIN or user.role == User_Role.SENIOR):
+        return ERROR_NO_OP_PERMISSION, False
+    await UserRoleOpRecord(applicant=user.nick_name, applicant_id=user.id, signer=user_infos['user_name'],
+                           review_reason='管理员主动变更权限', method=data['method']).save()
     user.role = data['role']
     await user.update()
     return None, True
@@ -145,15 +146,17 @@ async def get_operator_log(page_num, page_size, has_review):
     return await UserRoleOpRecord.query_page(page_num=page_num, page_size=page_size, search={'has_review': has_review})
 
 
-async def delete_user(id_list, name):
+async def delete_user(id_list, user_info):
+    if user_info['role'] == User_Role.SENIOR:
+        return ERROR_NO_OP_PERMISSION, False
     conditions = list()
     conditions.append(User.id.in_(id_list))
     conditions.append(User.role == User_Role.ADMIN)
     users = await User.query_obj_all(User.id.in_(id_list))
     for user in users:
         if user.role == User_Role.ADMIN:
-            return '禁止删除管理员', False
-    return await batch_delete(users, name)
+            return '禁止删除系统管理员', False
+    return await batch_delete(users, user_info['user_name'])
 
 
 def create_private_secret():
diff --git a/views/auth_view.py b/views/auth_view.py
index 713cb4c639d85f53216e823064e7eb3dd388d247..71e747e2498a4838ea57bec23554939803c98998 100644
--- a/views/auth_view.py
+++ b/views/auth_view.py
@@ -147,7 +147,7 @@ async def upgrade_role(request, user_infos):
     result, ok = check_args(args, request.json)
     if not ok:
         return result
-    result, ok = await update_user_role(request.json, user_infos['user_name'])
+    result, ok = await update_user_role(request.json, user_infos)
     if not ok:
         return rsp(code=500, msg=result)
     return rsp()
@@ -159,7 +159,7 @@ async def upgrade_role(request, user_infos):
 async def delete(request, user_infos):
     if 'user_id' not in request.args or not request.args['user_id']:
         return rsp(code=400, msg=ERROR_LACK_ARGS)
-    result, ok = await delete_user(request.args['user_id'], user_infos['user_name'])
+    result, ok = await delete_user(request.args['user_id'], user_infos)
     if not ok:
         return rsp(code=500, msg=result)
     return rsp()