diff --git a/src/main/java/com/xuxd/kafka/console/controller/ClusterController.java b/src/main/java/com/xuxd/kafka/console/controller/ClusterController.java
index 2fc090f..d7a6a78 100644
--- a/src/main/java/com/xuxd/kafka/console/controller/ClusterController.java
+++ b/src/main/java/com/xuxd/kafka/console/controller/ClusterController.java
@@ -31,7 +31,7 @@ public class ClusterController {
         return clusterService.getClusterInfo();
     }
 
-    @Permission("op:cluster-switch")
+    @Permission({"op:cluster-switch", "user-manage:cluster-role:add"})
     @GetMapping("/info")
     public Object getClusterInfoList() {
         return clusterService.getClusterInfoList();
diff --git a/src/main/java/com/xuxd/kafka/console/service/impl/ClusterRoleRelationServiceImpl.java b/src/main/java/com/xuxd/kafka/console/service/impl/ClusterRoleRelationServiceImpl.java
index 3abbb56..b8012de 100644
--- a/src/main/java/com/xuxd/kafka/console/service/impl/ClusterRoleRelationServiceImpl.java
+++ b/src/main/java/com/xuxd/kafka/console/service/impl/ClusterRoleRelationServiceImpl.java
@@ -1,5 +1,6 @@
 package com.xuxd.kafka.console.service.impl;
 
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.xuxd.kafka.console.beans.ResponseData;
 import com.xuxd.kafka.console.beans.dos.ClusterInfoDO;
 import com.xuxd.kafka.console.beans.dos.ClusterRoleRelationDO;
@@ -10,6 +11,7 @@ import com.xuxd.kafka.console.dao.ClusterInfoMapper;
 import com.xuxd.kafka.console.dao.ClusterRoleRelationMapper;
 import com.xuxd.kafka.console.dao.SysRoleMapper;
 import com.xuxd.kafka.console.service.ClusterRoleRelationService;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -21,6 +23,7 @@ import java.util.stream.Collectors;
  * @author: xuxd
  * @since: 2023/8/23 21:50
  **/
+@Slf4j
 @Service
 public class ClusterRoleRelationServiceImpl implements ClusterRoleRelationService {
 
@@ -62,7 +65,18 @@ public class ClusterRoleRelationServiceImpl implements ClusterRoleRelationServic
 
     @Override
     public ResponseData add(ClusterRoleRelationDTO dto) {
-        mapper.insert(dto.toDO());
+        ClusterRoleRelationDO relationDO = dto.toDO();
+        if (relationDO.getClusterInfoId() == -1L) {
+            // all insert
+            for (ClusterInfoDO clusterInfoDO : clusterInfoMapper.selectList(null)) {
+                ClusterRoleRelationDO aDo = new ClusterRoleRelationDO();
+                aDo.setRoleId(relationDO.getRoleId());
+                aDo.setClusterInfoId(clusterInfoDO.getId());
+                insertIfNotExist(aDo);
+            }
+        } else {
+            insertIfNotExist(relationDO);
+        }
         return ResponseData.create().success();
     }
 
@@ -71,4 +85,16 @@ public class ClusterRoleRelationServiceImpl implements ClusterRoleRelationServic
         mapper.deleteById(id);
         return ResponseData.create().success();
     }
+
+    private void insertIfNotExist(ClusterRoleRelationDO relationDO) {
+        QueryWrapper<ClusterRoleRelationDO> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("role_id", relationDO.getRoleId()).
+                eq("cluster_info_id", relationDO.getClusterInfoId());
+        Integer count = mapper.selectCount(queryWrapper);
+        if (count > 0) {
+            log.info("已存在，不再增加：{}", relationDO);
+            return;
+        }
+        mapper.insert(relationDO);
+    }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 97967c0..2e39b41 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -50,7 +50,7 @@ cron:
 
 # 权限认证设置，设置为true，需要先登录才能访问
 auth:
-  enable: false
+  enable: true
   # 登录用户token的过期时间，单位：小时
   expire-hours: 24
   # 隐藏集群的属性信息，如果当前用户没有集群切换里的编辑权限，就不能看集群的属性信息，有开启ACL的集群需要开启这个
diff --git a/ui/src/utils/api.js b/ui/src/utils/api.js
index 86a618b..659a41f 100644
--- a/ui/src/utils/api.js
+++ b/ui/src/utils/api.js
@@ -358,3 +358,18 @@ export const AuthApi = {
     method: "post",
   },
 };
+
+export const ClusterRoleRelationApi = {
+  select: {
+    url: "/cluster-role/relation",
+    method: "get",
+  },
+  add: {
+    url: "/cluster-role/relation",
+    method: "post",
+  },
+  delete: {
+    url: "/cluster-role/relation",
+    method: "delete",
+  },
+};
diff --git a/ui/src/views/user/ClusterRoleRelation.vue b/ui/src/views/user/ClusterRoleRelation.vue
new file mode 100644
index 0000000..136762a
--- /dev/null
+++ b/ui/src/views/user/ClusterRoleRelation.vue
@@ -0,0 +1,235 @@
+<template>
+  <div class="tab-content">
+    <a-spin :spinning="loading">
+      <div id="search-offset-form-advanced-search">
+        <a-form
+          class="ant-advanced-search-form"
+          :form="form"
+          @submit="handleSearch"
+        >
+          <a-row :gutter="24">
+            <a-col :span="16">
+              <a-form-item label="角色">
+                <a-input
+                  v-decorator="['roleName']"
+                  placeholder="请输入角色名!"
+                  @change="onRoleNameChange"
+                />
+              </a-form-item>
+            </a-col>
+            <a-col :span="2" :style="{ textAlign: 'right' }">
+              <a-form-item>
+                <a-button
+                  type="primary"
+                  html-type="submit"
+                  @click="handleSearch()"
+                >
+                  刷新
+                </a-button>
+              </a-form-item>
+            </a-col>
+          </a-row>
+        </a-form>
+      </div>
+      <div class="operation-row-button">
+        <a-button
+          type="primary"
+          @click="openCreateUserDialog()"
+          v-action:user-manage:user:add
+          >新增集群归属权限
+        </a-button>
+      </div>
+      <a-table
+        :columns="columns"
+        :data-source="filteredData"
+        bordered
+        row-key="id"
+      >
+        <div slot="operation" slot-scope="record">
+          <a-popconfirm
+            title="确认删除?"
+            ok-text="确认"
+            cancel-text="取消"
+            @confirm="deleteRelation(record)"
+          >
+            <a-button
+              size="small"
+              href="javascript:;"
+              class="operation-btn"
+              v-action:user-manage:user:del
+              >删除
+            </a-button>
+          </a-popconfirm>
+        </div>
+      </a-table>
+      <CreateClusterRoleRelation
+        @closeCreateClusterRoleRelationDialog="
+          closeCreateClusterRoleRelationDialog
+        "
+        :visible="showCreateClusterRoleRelationDialog"
+      ></CreateClusterRoleRelation>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import request from "@/utils/request";
+
+import notification from "ant-design-vue/lib/notification";
+import { ClusterRoleRelationApi } from "@/utils/api";
+import CreateClusterRoleRelation from "@/views/user/CreateClusterRoleRelation.vue";
+
+export default {
+  name: "ClusterRoleRelation",
+  components: { CreateClusterRoleRelation },
+  props: {
+    topicList: {
+      type: Array,
+    },
+  },
+  data() {
+    return {
+      loading: false,
+      form: this.$form.createForm(this, { name: "user" }),
+      data: [],
+      filteredData: [],
+      filterRoleName: "",
+      showCreateClusterRoleRelationDialog: false,
+      columns: [
+        {
+          title: "角色",
+          dataIndex: "roleName",
+          key: "roleName",
+        },
+        {
+          title: "集群",
+          dataIndex: "clusterName",
+          key: "clusterName",
+        },
+        {
+          title: "操作",
+          key: "operation",
+          scopedSlots: { customRender: "operation" },
+        },
+      ],
+    };
+  },
+  methods: {
+    handleSearch() {
+      this.form.validateFields((err) => {
+        if (!err) {
+          this.loading = true;
+          request({
+            url: ClusterRoleRelationApi.select.url,
+            method: ClusterRoleRelationApi.select.method,
+          }).then((res) => {
+            this.loading = false;
+            if (res.code == 0) {
+              this.data = res.data;
+              this.filter();
+            } else {
+              notification.error({
+                message: "error",
+                description: res.msg,
+              });
+            }
+          });
+        }
+      });
+    },
+    refresh() {
+      this.handleSearch();
+    },
+    filter() {
+      this.filteredData = this.data.filter(
+        (e) => e.roleName.indexOf(this.filterRoleName) != -1
+      );
+    },
+    onRoleNameChange(input) {
+      this.filterRoleName = input.target.value;
+      this.filter();
+    },
+    openCreateUserDialog() {
+      this.showCreateClusterRoleRelationDialog = true;
+    },
+    closeCreateClusterRoleRelationDialog(p) {
+      this.showCreateClusterRoleRelationDialog = false;
+      if (p.refresh) {
+        this.refresh();
+      }
+    },
+    deleteRelation(user) {
+      this.loading = true;
+      request({
+        url: ClusterRoleRelationApi.delete.url + "?id=" + user.id,
+        method: ClusterRoleRelationApi.delete.method,
+      }).then((res) => {
+        this.loading = false;
+        if (res.code == 0) {
+          this.refresh();
+        } else {
+          notification.error({
+            message: "error",
+            description: res.msg,
+          });
+        }
+      });
+    },
+  },
+  created() {
+    this.handleSearch();
+  },
+};
+</script>
+
+<style scoped>
+.tab-content {
+  width: 100%;
+  height: 100%;
+}
+
+.ant-advanced-search-form {
+  padding: 24px;
+  background: #fbfbfb;
+  border: 1px solid #d9d9d9;
+  border-radius: 6px;
+}
+
+.ant-advanced-search-form .ant-form-item {
+  display: flex;
+}
+
+.ant-advanced-search-form input {
+  width: 400px;
+}
+
+.ant-advanced-search-form .ant-form-item-control-wrapper {
+  flex: 1;
+}
+
+#components-form-topic-advanced-search .ant-form {
+  max-width: none;
+  margin-bottom: 1%;
+}
+
+#search-offset-form-advanced-search .search-result-list {
+  margin-top: 16px;
+  border: 1px dashed #e9e9e9;
+  border-radius: 6px;
+  background-color: #fafafa;
+  min-height: 200px;
+  text-align: center;
+  padding-top: 80px;
+}
+
+.operation-row-button {
+  height: 4%;
+  text-align: left;
+  margin-bottom: 5px;
+  margin-top: 5px;
+}
+
+.operation-btn {
+  margin-right: 3%;
+}
+</style>
diff --git a/ui/src/views/user/CreateClusterRoleRelation.vue b/ui/src/views/user/CreateClusterRoleRelation.vue
new file mode 100644
index 0000000..0dd1346
--- /dev/null
+++ b/ui/src/views/user/CreateClusterRoleRelation.vue
@@ -0,0 +1,175 @@
+<template>
+  <a-modal
+    title="新增集群归属权限"
+    :visible="show"
+    :width="800"
+    :mask="false"
+    :destroyOnClose="true"
+    :footer="null"
+    :maskClosable="false"
+    @cancel="handleCancel"
+  >
+    <div>
+      <a-spin :spinning="loading">
+        <a-form
+          :form="form"
+          :label-col="{ span: 5 }"
+          :wrapper-col="{ span: 12 }"
+          @submit="handleSubmit"
+        >
+          <a-form-item label="角色">
+            <a-select
+              show-search
+              option-filter-prop="children"
+              v-decorator="[
+                'roleId',
+                { rules: [{ required: true, message: '请选择一个角色!' }] },
+              ]"
+              placeholder="请选择一个角色"
+            >
+              <a-select-option
+                v-for="role in roles"
+                :key="role.id"
+                :value="role.id"
+              >
+                {{ role.roleName }}
+              </a-select-option>
+            </a-select>
+          </a-form-item>
+          <a-form-item label="集群">
+            <a-select
+              show-search
+              option-filter-prop="children"
+              v-decorator="[
+                'clusterInfoId',
+                { rules: [{ required: true, message: '请选择集群!' }] },
+              ]"
+              placeholder="请选择集群"
+            >
+              <a-select-option
+                v-for="clusterInfo in clusterInfoList"
+                :key="clusterInfo.id"
+                :value="clusterInfo.id"
+              >
+                {{ clusterInfo.clusterName }}
+              </a-select-option>
+            </a-select>
+          </a-form-item>
+          <a-form-item :wrapper-col="{ span: 12, offset: 5 }">
+            <a-button type="primary" html-type="submit"> 提交</a-button>
+          </a-form-item>
+        </a-form>
+      </a-spin>
+    </div>
+  </a-modal>
+</template>
+
+<script>
+import request from "@/utils/request";
+import notification from "ant-design-vue/es/notification";
+import {
+  UserManageApi,
+  KafkaClusterApi,
+  ClusterRoleRelationApi,
+} from "@/utils/api";
+
+export default {
+  name: "CreateClusterRoleRelation",
+  props: {
+    visible: {
+      type: Boolean,
+      default: false,
+    },
+  },
+  data() {
+    return {
+      show: this.visible,
+      data: [],
+      loading: false,
+      form: this.$form.createForm(this, { name: "coordinated" }),
+      roles: [],
+      clusterInfoList: [],
+    };
+  },
+  watch: {
+    visible(v) {
+      this.show = v;
+      if (this.show) {
+        this.getRoles();
+      }
+    },
+  },
+  methods: {
+    handleSubmit(e) {
+      e.preventDefault();
+      this.form.validateFields((err, values) => {
+        if (!err) {
+          this.loading = true;
+          request({
+            url: ClusterRoleRelationApi.add.url,
+            method: ClusterRoleRelationApi.add.method,
+            data: values,
+          }).then((res) => {
+            this.loading = false;
+            if (res.code == 0) {
+              this.$message.success(res.msg);
+              this.$emit("closeCreateClusterRoleRelationDialog", {
+                refresh: true,
+                data: res.data,
+              });
+            } else {
+              notification.error({
+                message: "error",
+                description: res.msg,
+              });
+            }
+          });
+        }
+      });
+    },
+    getRoles() {
+      this.loading = true;
+      request({
+        url: UserManageApi.getRole.url,
+        method: UserManageApi.getRole.method,
+      }).then((res) => {
+        this.loading = false;
+        if (res.code == 0) {
+          this.roles = res.data;
+        } else {
+          notification.error({
+            message: "error",
+            description: res.msg,
+          });
+        }
+      });
+    },
+    getClusterInfoList() {
+      request({
+        url: KafkaClusterApi.getClusterInfoList.url,
+        method: KafkaClusterApi.getClusterInfoList.method,
+      }).then((res) => {
+        if (res.code == 0) {
+          this.clusterInfoList = res.data;
+          this.clusterInfoList.splice(0, 0, { id: -1, clusterName: "全部" });
+        } else {
+          notification.error({
+            message: "error",
+            description: res.msg,
+          });
+        }
+      });
+    },
+    handleCancel() {
+      this.data = [];
+      this.$emit("closeCreateClusterRoleRelationDialog", { refresh: true });
+    },
+  },
+  created() {
+    this.getRoles();
+    this.getClusterInfoList();
+  },
+};
+</script>
+
+<style scoped></style>
diff --git a/ui/src/views/user/Role.vue b/ui/src/views/user/Role.vue
index 42b44ed..1c98a00 100644
--- a/ui/src/views/user/Role.vue
+++ b/ui/src/views/user/Role.vue
@@ -46,6 +46,7 @@
             </div>
             <div class="role-info" v-if="selectedRole.roleName">
               <a-form :form="form">
+                <h2>角色信息配置</h2>
                 <a-form-item label="角色名称">
                   <a-input
                     v-decorator="[
@@ -73,7 +74,8 @@
                   />
                 </a-form-item>
 
-                <a-form-item label="权限配置">
+                <a-form-item>
+                  <h2>功能权限配置</h2>
                   <div
                     v-for="(menuPermission, index) in selectedPermissions"
                     :key="index"
diff --git a/ui/src/views/user/User.vue b/ui/src/views/user/User.vue
index 9dfe1c0..25c0a77 100644
--- a/ui/src/views/user/User.vue
+++ b/ui/src/views/user/User.vue
@@ -182,7 +182,7 @@ export default {
     },
     filter() {
       this.filteredData = this.data.filter(
-        (e) => e.username.indexOf(this.filterUsername) != -1
+        (e) => e && e.username && e.username.indexOf(this.filterUsername) != -1
       );
     },
     onUsernameChange(input) {
diff --git a/ui/src/views/user/UserManage.vue b/ui/src/views/user/UserManage.vue
index babc5a5..dc3a4dd 100644
--- a/ui/src/views/user/UserManage.vue
+++ b/ui/src/views/user/UserManage.vue
@@ -18,13 +18,20 @@
         </a-tab-pane>
         <a-tab-pane
           key="3"
+          tab="集群权限"
+          v-if="isAuthorized('user-manage:cluster-role')"
+        >
+          <ClusterRoleRelation></ClusterRoleRelation>
+        </a-tab-pane>
+        <a-tab-pane
+          key="4"
           tab="权限列表"
           v-if="isAuthorized('user-manage:permission')"
         >
           <Permission></Permission>
         </a-tab-pane>
         <a-tab-pane
-          key="4"
+          key="5"
           tab="个人设置"
           v-if="isAuthorized('user-manage:setting')"
         >
@@ -40,10 +47,11 @@ import Permission from "@/views/user/Permission.vue";
 import Role from "@/views/user/Role.vue";
 import User from "@/views/user/User.vue";
 import UserSetting from "@/views/user/UserSetting.vue";
+import ClusterRoleRelation from "@/views/user/ClusterRoleRelation.vue";
 import { isAuthorized } from "@/utils/auth";
 export default {
   name: "UserManage",
-  components: { Permission, Role, User, UserSetting },
+  components: { Permission, Role, User, UserSetting, ClusterRoleRelation },
   data() {
     return {
       loading: false,