diff --git a/README.md b/README.md
index 13e383cd2..d8230eb71 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
     <a href="https://nacos.io/zh-cn/index.html" target="_blank"><img src="https://img.shields.io/badge/Nacos-2.0.3-brightgreen" alt="Nacos 2.0.3"></a>
     <a href="./LICENSE"><img src="https://img.shields.io/badge/License-Apache--2.0-blue" alt="License Apache 2.0"></a>
     <a href="https://blog.csdn.net/Pointer_v" target="_blank"><img src="https://img.shields.io/badge/Author-%E7%A0%81%E5%8C%A0%E5%90%9B-orange" alt="码匠君"></a>
-    <a href="#" target="_blank"><img src="https://img.shields.io/badge/Version-2.5.4.40-red" alt="Version 2.5.4.40"></a>
+    <a href="#" target="_blank"><img src="https://img.shields.io/badge/Version-2.5.4.50-red" alt="Version 2.5.4.50"></a>
     <a href="https://gitee.com/herodotus/eurynome-cloud"><img src="https://gitee.com/herodotus/eurynome-cloud/badge/star.svg?theme=dark" alt="Gitee star"></a>
     <a href="https://gitee.com/herodotus/eurynome-cloud"><img src="https://gitee.com/herodotus/eurynome-cloud/badge/fork.svg?theme=dark" alt="Gitee fork"></a>
 </p>
@@ -47,6 +47,10 @@ Eurynome Cloud是一款企业级微服务架构和服务能力开发平台。基
 
 > 部分功能演示，正在逐步添加
 
+### （2） 方法级动态权限
+
+![输入图片说明](./documents/readme/preview/oauth2expression.gif)
+
 ### （1） 服务调用链监控
 
 ![输入图片说明](./documents/readme/preview/skywalking.gif)
diff --git a/configurations/docker/docker-compose/herodotus/.env b/configurations/docker/docker-compose/herodotus/.env
index ed1b5e02b..9c6a7af0d 100644
--- a/configurations/docker/docker-compose/herodotus/.env
+++ b/configurations/docker/docker-compose/herodotus/.env
@@ -1,4 +1,4 @@
-VERSION=2.5.4.40
+VERSION=2.5.4.50
 GATEWAY_SERVICE_NAME=eurynome-cloud-gateway
 GATEWAY_SERVICE_PORT=8847
 UAA_SERVICE_NAME=eurynome-cloud-uaa
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index 31ae63055..5ff7f3bc2 100644
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -35,7 +35,7 @@
 
     <groupId>cn.herodotus.eurynome</groupId>
     <artifactId>dependencies</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>pom</packaging>
 
     <name>eurynome-cloud-dependencies</name>
diff --git a/documents/guides/description.md b/documents/guides/description.md
index 4f4e2de91..74c4a4118 100644
--- a/documents/guides/description.md
+++ b/documents/guides/description.md
@@ -9,13 +9,13 @@
 | 自定义OAuth2页面         | 自定义OAuth2 login、confirm、error页面，提升系统使用用户体验。可结合自身需求进行修改。 |
 | OAuth2 登录验证码        | OAuth2登录增加验证码保护，支持gif、中文、算数等类型，可通过配置进行修改以及是否显示验证码控制 |
 | OAuth2登录数据加密传输   | 基于AES对OAuth2登录数据进行动态加密传输，可通过配置对表单参数名进行动态配置，提升系统安全性 |
-| RBAC权限管理             | 采用自研的RBAC权限体系，支持OAuth2 Scope权限管理             |
+| 平台权限管理             | 基于RBAC模型，以角色和接口为核心，使用统一逻辑实现@PreAuthorize注解权限的全面动态可配置化。统一平台接口白名单，IP地址白名单，以及Scope绑定URL的管理。无须配置Security权限注解，支持URL粒度的鉴权和用户权限的动态配置。 完美支持单体式架构、UPMS自身应用需求、分布式架构以及分布式各服务多实例等各种应用场景。完美支持单体式架构、UPMS自身应用需求、分布式架构以及分布式各服务多实例等各种应用场景。             |
 | User、Client数据策略访问 | 支持OAuth2 UserDetails、ClientDetails数据直连数据库和Feign两种数据获取策略模式，OAuth2直连数据库性能更优，Feign访问数据服务独立可动态扩展。可通过配置动态修改具体采用哪种策略 |
 | 手机短信验证码注册和登录 | 支持通过手机验证码登录认证，与平台为统一体系，统一返回OAuth2 Token，支持服务接口鉴权。 |
 | 第三方系统社交注册和登录 | 基于JustAuth实现第三方系统社交登录认证，，与平台为统一体系，统一返回OAuth2 Token，支持服务接口鉴权，。所有JustAuth支持的第三方系统均支持。 |
 | 微信小程序注册和登录     | 支持微信小程序登录认证，与平台为统一体系，统一返回OAuth2 Token，支持服务接口鉴权。 |
 | 其它注册和登录           | 采用策略模式对外部登录和注册进行支持，目前未支持的登录，可参考标准，动态扩展，即可支持。 |
-| 权限鉴权                 | 基于RBAC模型，以角色为核心，无须配置Security权限注解，支持URL粒度的鉴权和用户权限的动态配置， |
+
 
 ### 统一服务访问网关
 
diff --git a/documents/readme/preview/oauth2expression.gif b/documents/readme/preview/oauth2expression.gif
new file mode 100644
index 000000000..32336ff37
Binary files /dev/null and b/documents/readme/preview/oauth2expression.gif differ
diff --git a/packages/eurynome-cloud-assistant/pom.xml b/packages/eurynome-cloud-assistant/pom.xml
index 5bb8f7b50..35fff5220 100644
--- a/packages/eurynome-cloud-assistant/pom.xml
+++ b/packages/eurynome-cloud-assistant/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/packages/eurynome-cloud-common/pom.xml b/packages/eurynome-cloud-common/pom.xml
index 8c251aaad..e5fbb222f 100644
--- a/packages/eurynome-cloud-common/pom.xml
+++ b/packages/eurynome-cloud-common/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-common</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <description>结对基础通用的工具类包,此包的定位是放在任何工程中都可以使用，而且尽可能依赖少的存在上下文组件</description>
diff --git a/packages/eurynome-cloud-constant/pom.xml b/packages/eurynome-cloud-constant/pom.xml
index 5da14ea10..fabacfe0b 100644
--- a/packages/eurynome-cloud-constant/pom.xml
+++ b/packages/eurynome-cloud-constant/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/packages/eurynome-cloud-constant/src/main/java/cn/herodotus/eurynome/constant/enums/OAuth2Expression.java b/packages/eurynome-cloud-constant/src/main/java/cn/herodotus/eurynome/constant/enums/OAuth2Expression.java
new file mode 100644
index 000000000..60bf0e51f
--- /dev/null
+++ b/packages/eurynome-cloud-constant/src/main/java/cn/herodotus/eurynome/constant/enums/OAuth2Expression.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2019-2021 Gengwei Zheng (herodotus@aliyun.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Project Name: eurynome-cloud
+ * Module Name: eurynome-cloud-constant
+ * File Name: OAuth2Expression.java
+ * Author: gengwei.zheng
+ * Date: 2021/08/14 06:50:14
+ */
+
+package cn.herodotus.eurynome.constant.enums;
+
+import com.google.common.collect.ImmutableMap;
+import io.swagger.annotations.ApiModelProperty;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <p>Description: 安全表达式 </p>
+ *
+ * @author : gengwei.zheng
+ * @date : 2021/8/14 6:50
+ */
+public enum OAuth2Expression {
+
+    PERMIT_ALL(0, "permitAll"),
+    ANONYMOUS(1, "anonymous"),
+    REMEMBER_ME(2, "rememberMe"),
+    DENY_ALL(3, "denyAll"),
+    AUTHENTICATED(4, "authenticated"),
+    FULLY_AUTHENTICATED(5, "fullyAuthenticated"),
+    NOT_PERMIT_ALL(6, "!permitAll"),
+    NOT_ANONYMOUS(7, "!anonymous"),
+    NOT_REMEMBER_ME(8, "!rememberMe"),
+    NOT_DENY_ALL(9, "!denyAll"),
+    NOT_AUTHENTICATED(10, "!authenticated"),
+    NOT_FULLY_AUTHENTICATED(11, "!fullyAuthenticated"),
+    HAS_ROLE(12, "hasRole"),
+    HAS_ANY_ROLE(13, "hasAnyRole"),
+    HAS_AUTHORITY(14, "hasAuthority"),
+    HAS_ANY_AUTHORITY(15, "hasAnyAuthority"),
+    HAS_IP_ADDRESS(16, "hasIpAddress"),
+    CLIENT_HAS_ROLE(17, "#oauth2.clientHasRole"),
+    CLIENT_HAS_ANY_ROLE(18, "#oauth2.clientHasAnyRole"),
+    HAS_SCOPE(19, "#oauth2.hasScope"),
+    HAS_ANY_SCOPE(20, "#oauth2.hasAnyScope"),
+    HAS_SCOPE_MATCHING(21, "#oauth2.hasScopeMatching"),
+    HAS_ANY_SCOPE_MATCHING(22, "#oauth2.hasAnyScopeMatching"),
+    DENY_OAUTH_CLIENT(23, "#oauth2.denyOAuthClient()"),
+    IS_OAUTH(24, "#oauth2.isOAuth()"),
+    IS_USER(25, "#oauth2.isUser()"),
+    IS_CLIENT(26, "#oauth2.isClient()");
+
+    private static final Map<String, OAuth2Expression> INDEX_MAP = new HashMap<>();
+    private static final List<Map<String, Object>> TO_JSON_STRUCT = new ArrayList<>();
+
+    @ApiModelProperty(value = "索引")
+    private final int index;
+    @ApiModelProperty(value = "文字")
+    private final String content;
+
+    static {
+        for (OAuth2Expression OAuth2Expression : OAuth2Expression.values()) {
+            INDEX_MAP.put(OAuth2Expression.name(), OAuth2Expression);
+            TO_JSON_STRUCT.add(OAuth2Expression.ordinal(),
+                    ImmutableMap.<String, Object>builder()
+                            .put("value", OAuth2Expression.name())
+                            .put("key", OAuth2Expression.name())
+                            .put("text", OAuth2Expression.getContent())
+                            .build());
+        }
+    }
+
+    OAuth2Expression(int index, String content) {
+        this.index = index;
+        this.content = content;
+    }
+
+    public int getIndex() {
+        return index;
+    }
+
+    public String getContent() {
+        return content;
+    }
+
+    public static OAuth2Expression getSecurityExpressions(int index) {
+        return INDEX_MAP.get(index);
+    }
+
+    public static List<Map<String, Object>> getToJsonStruct() {
+        return TO_JSON_STRUCT;
+    }
+}
diff --git a/packages/eurynome-cloud-crud/pom.xml b/packages/eurynome-cloud-crud/pom.xml
index f5f8d719b..01300c40f 100644
--- a/packages/eurynome-cloud-crud/pom.xml
+++ b/packages/eurynome-cloud-crud/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-crud</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/packages/eurynome-cloud-data/pom.xml b/packages/eurynome-cloud-data/pom.xml
index 3e12ec41e..56227187d 100644
--- a/packages/eurynome-cloud-data/pom.xml
+++ b/packages/eurynome-cloud-data/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-data</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <description>数据相关通用代码组件包，包括JPA,Redis,数据实体等相关内容</description>
diff --git a/packages/eurynome-cloud-kernel/pom.xml b/packages/eurynome-cloud-kernel/pom.xml
index 6c2d63c1f..692f3d0f4 100644
--- a/packages/eurynome-cloud-kernel/pom.xml
+++ b/packages/eurynome-cloud-kernel/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-kernel</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <description>平台通用的基础依赖，以及接入及管理等通用代码，上中台必需的基础代码。增加这层包，主要目的是抽取webflux和web依赖的通用性，降低其它包之间的耦合性，比如之前data要依赖logstash，logstash要依赖managementproperties</description>
diff --git a/packages/eurynome-cloud-oauth-starter/pom.xml b/packages/eurynome-cloud-oauth-starter/pom.xml
index 375146ef6..c686a2691 100644
--- a/packages/eurynome-cloud-oauth-starter/pom.xml
+++ b/packages/eurynome-cloud-oauth-starter/pom.xml
@@ -30,11 +30,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-oauth-starter</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/packages/eurynome-cloud-oauth/pom.xml b/packages/eurynome-cloud-oauth/pom.xml
index 6f94bc363..8ea5ed0bb 100644
--- a/packages/eurynome-cloud-oauth/pom.xml
+++ b/packages/eurynome-cloud-oauth/pom.xml
@@ -29,12 +29,12 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
 
     <artifactId>eurynome-cloud-oauth</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/packages/eurynome-cloud-rest/pom.xml b/packages/eurynome-cloud-rest/pom.xml
index 3f5084d58..88b7b357e 100644
--- a/packages/eurynome-cloud-rest/pom.xml
+++ b/packages/eurynome-cloud-rest/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-rest</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/packages/eurynome-cloud-security/pom.xml b/packages/eurynome-cloud-security/pom.xml
index 9fe9ef6f9..44a6afedc 100644
--- a/packages/eurynome-cloud-security/pom.xml
+++ b/packages/eurynome-cloud-security/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-security</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusAuthority.java b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusAuthority.java
deleted file mode 100644
index 163a64cb8..000000000
--- a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusAuthority.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2019-2021 Gengwei Zheng(herodotus@aliyun.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Project Name: eurynome-cloud
- * Module Name: eurynome-cloud-security
- * File Name: HerodotusAuthority.java
- * Author: gengwei.zheng
- * Date: 2021/05/07 11:28:07
- */
-
-package cn.herodotus.eurynome.security.definition.core;
-
-import com.google.common.base.MoreObjects;
-import com.google.common.base.Objects;
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * @author gengwei.zheng
- */
-public final class HerodotusAuthority implements GrantedAuthority {
-
-    private String authorityId;
-
-//    private String authorityName;
-
-    private String authorityCode;
-
-//    private String parentId;
-//
-//    private String url;
-//
-//    private String menuClass;
-//
-//    private Integer ranking;
-//
-//    private AuthorityType authorityType;
-
-    public HerodotusAuthority() {
-    }
-
-    public String getAuthorityId() {
-        return authorityId;
-    }
-
-    public void setAuthorityId(String authorityId) {
-        this.authorityId = authorityId;
-    }
-
-    public String getAuthorityCode() {
-        return authorityCode;
-    }
-
-    public void setAuthorityCode(String authorityCode) {
-        this.authorityCode = authorityCode;
-    }
-
-    @Override
-    public String getAuthority() {
-        return getAuthorityCode();
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) {
-            return true;
-        }
-        if (o == null || getClass() != o.getClass()) {
-            return false;
-        }
-        HerodotusAuthority that = (HerodotusAuthority) o;
-        return Objects.equal(authorityId, that.authorityId) && Objects.equal(authorityCode, that.authorityCode);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hashCode(authorityId, authorityCode);
-    }
-
-    @Override
-    public String toString() {
-        return MoreObjects.toStringHelper(this)
-                .add("authorityId", authorityId)
-                .add("authorityCode", authorityCode)
-                .toString();
-    }
-}
diff --git a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusRole.java b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusRole.java
deleted file mode 100644
index e039856b2..000000000
--- a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusRole.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2019-2021 Gengwei Zheng(herodotus@aliyun.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Project Name: eurynome-cloud
- * Module Name: eurynome-cloud-security
- * File Name: HerodotusRole.java
- * Author: gengwei.zheng
- * Date: 2021/05/07 11:28:07
- */
-
-package cn.herodotus.eurynome.security.definition.core;
-
-import com.google.common.base.MoreObjects;
-import org.apache.commons.lang3.builder.EqualsBuilder;
-import org.apache.commons.lang3.builder.HashCodeBuilder;
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * @author gengwei.zheng
- */
-public final class HerodotusRole implements GrantedAuthority {
-
-    private String roleId;
-
-//    private String roleName;
-
-    private String roleCode;
-
-    public HerodotusRole() {
-    }
-
-    public String getRoleId() {
-        return roleId;
-    }
-
-    public void setRoleId(String roleId) {
-        this.roleId = roleId;
-    }
-
-//    public String getRoleName() {
-//        return roleName;
-//    }
-//
-//    public void setRoleName(String roleName) {
-//        this.roleName = roleName;
-//    }
-
-    public String getRoleCode() {
-        return roleCode;
-    }
-
-    public void setRoleCode(String roleCode) {
-        this.roleCode = roleCode;
-    }
-
-    @Override
-    public String getAuthority() {
-        return getRoleCode();
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) {
-            return true;
-        }
-
-        if (o == null || getClass() != o.getClass()) {
-            return false;
-        }
-
-        HerodotusRole that = (HerodotusRole) o;
-
-        return new EqualsBuilder()
-                .append(getRoleId(), that.getRoleId())
-                .append(getRoleCode(), that.getRoleCode())
-                .isEquals();
-    }
-
-    @Override
-    public int hashCode() {
-        return new HashCodeBuilder(17, 37)
-                .append(getRoleId())
-                .append(getRoleCode())
-                .toHashCode();
-    }
-
-    @Override
-    public String toString() {
-        return MoreObjects.toStringHelper(this)
-                .add("roleId", roleId)
-                .add("roleCode", roleCode)
-                .toString();
-    }
-}
diff --git a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusUserDetails.java b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusUserDetails.java
index 06f25b058..63d3b9fc3 100644
--- a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusUserDetails.java
+++ b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/core/HerodotusUserDetails.java
@@ -24,12 +24,12 @@
 
 import com.alibaba.fastjson.annotation.JSONField;
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.google.common.base.MoreObjects;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 
 /**
  * @author gengwei.zheng
@@ -46,10 +46,6 @@ public class HerodotusUserDetails implements UserDetails {
 
     private String avatar;
 
-    private String clientId;
-
-    private List<HerodotusRole> roles = new ArrayList<>();
-
     private Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
 
     private boolean accountNonExpired;
@@ -151,35 +147,18 @@ public void setAvatar(String avatar) {
         this.avatar = avatar;
     }
 
-    public String getClientId() {
-        return clientId;
-    }
-
-    public void setClientId(String clientId) {
-        this.clientId = clientId;
-    }
-
-    public List<HerodotusRole> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(List<HerodotusRole> roles) {
-        this.roles = roles;
-    }
-
     @Override
     public String toString() {
-        return "ArtisanUserDetails{" +
-                "userId='" + userId + '\'' +
-                ", username='" + username + '\'' +
-                ", password='" + password + '\'' +
-                ", nickName='" + nickName + '\'' +
-                ", avatar='" + avatar + '\'' +
-                ", clientId='" + clientId + '\'' +
-                ", accountNonExpired=" + accountNonExpired +
-                ", accountNonLocked=" + accountNonLocked +
-                ", credentialsNonExpired=" + credentialsNonExpired +
-                ", enabled=" + enabled +
-                '}';
+        return MoreObjects.toStringHelper(this)
+                .add("userId", userId)
+                .add("username", username)
+                .add("password", password)
+                .add("nickName", nickName)
+                .add("avatar", avatar)
+                .add("accountNonExpired", accountNonExpired)
+                .add("accountNonLocked", accountNonLocked)
+                .add("credentialsNonExpired", credentialsNonExpired)
+                .add("enabled", enabled)
+                .toString();
     }
 }
diff --git a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/domain/SecurityAttribute.java b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/domain/SecurityAttribute.java
index e5560bf5f..c043f4e00 100644
--- a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/domain/SecurityAttribute.java
+++ b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/definition/domain/SecurityAttribute.java
@@ -22,8 +22,8 @@
 
 package cn.herodotus.eurynome.security.definition.domain;
 
-import cn.herodotus.eurynome.security.definition.core.HerodotusAuthority;
 import com.google.common.base.MoreObjects;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import java.io.Serializable;
 import java.util.Set;
@@ -36,17 +36,17 @@
  */
 public class SecurityAttribute implements Serializable {
 
-    private String metadataId;
+    private String attributeId;
 
-    private String defaultExpression;
+    private String attributeCode;
 
-    private String staticExpression;
+    private String attributeName;
 
-    private String dynamicExpression;
+    private String expression;
 
-    private String scopeExpression;
+    private String manualSetting;
 
-    private String ipExpression;
+    private String ipAddress;
 
     private String url;
 
@@ -54,56 +54,56 @@ public class SecurityAttribute implements Serializable {
 
     private String serviceId;
 
-    private Set<HerodotusAuthority> roles;
+    private Set<SimpleGrantedAuthority> roles;
 
-    private Set<HerodotusAuthority> scopes;
+    private Set<SimpleGrantedAuthority> scopes;
 
-    public String getMetadataId() {
-        return metadataId;
+    public String getAttributeId() {
+        return attributeId;
     }
 
-    public void setMetadataId(String metadataId) {
-        this.metadataId = metadataId;
+    public void setAttributeId(String attributeId) {
+        this.attributeId = attributeId;
     }
 
-    public String getDefaultExpression() {
-        return defaultExpression;
+    public String getAttributeCode() {
+        return attributeCode;
     }
 
-    public void setDefaultExpression(String defaultExpression) {
-        this.defaultExpression = defaultExpression;
+    public void setAttributeCode(String attributeCode) {
+        this.attributeCode = attributeCode;
     }
 
-    public String getStaticExpression() {
-        return staticExpression;
+    public String getAttributeName() {
+        return attributeName;
     }
 
-    public void setStaticExpression(String staticExpression) {
-        this.staticExpression = staticExpression;
+    public void setAttributeName(String attributeName) {
+        this.attributeName = attributeName;
     }
 
-    public String getDynamicExpression() {
-        return dynamicExpression;
+    public String getExpression() {
+        return expression;
     }
 
-    public void setDynamicExpression(String dynamicExpression) {
-        this.dynamicExpression = dynamicExpression;
+    public void setExpression(String expression) {
+        this.expression = expression;
     }
 
-    public String getScopeExpression() {
-        return scopeExpression;
+    public String getManualSetting() {
+        return manualSetting;
     }
 
-    public void setScopeExpression(String scopeExpression) {
-        this.scopeExpression = scopeExpression;
+    public void setManualSetting(String manualSetting) {
+        this.manualSetting = manualSetting;
     }
 
-    public String getIpExpression() {
-        return ipExpression;
+    public String getIpAddress() {
+        return ipAddress;
     }
 
-    public void setIpExpression(String ipExpression) {
-        this.ipExpression = ipExpression;
+    public void setIpAddress(String ipAddress) {
+        this.ipAddress = ipAddress;
     }
 
     public String getUrl() {
@@ -130,31 +130,31 @@ public void setServiceId(String serviceId) {
         this.serviceId = serviceId;
     }
 
-    public Set<HerodotusAuthority> getRoles() {
+    public Set<SimpleGrantedAuthority> getRoles() {
         return roles;
     }
 
-    public void setRoles(Set<HerodotusAuthority> roles) {
+    public void setRoles(Set<SimpleGrantedAuthority> roles) {
         this.roles = roles;
     }
 
-    public Set<HerodotusAuthority> getScopes() {
+    public Set<SimpleGrantedAuthority> getScopes() {
         return scopes;
     }
 
-    public void setScopes(Set<HerodotusAuthority> scopes) {
+    public void setScopes(Set<SimpleGrantedAuthority> scopes) {
         this.scopes = scopes;
     }
 
     @Override
     public String toString() {
         return MoreObjects.toStringHelper(this)
-                .add("metadataId", metadataId)
-                .add("defaultExpression", defaultExpression)
-                .add("staticExpression", staticExpression)
-                .add("dynamicExpression", dynamicExpression)
-                .add("scopeExpression", scopeExpression)
-                .add("ipExpression", ipExpression)
+                .add("attributeId", attributeId)
+                .add("attributeCode", attributeCode)
+                .add("attributeName", attributeName)
+                .add("expression", expression)
+                .add("manualSetting", manualSetting)
+                .add("ipAddress", ipAddress)
                 .add("url", url)
                 .add("requestMethod", requestMethod)
                 .add("serviceId", serviceId)
diff --git a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/utils/SecurityUtils.java b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/utils/SecurityUtils.java
index ece92abe3..b55ec9106 100644
--- a/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/utils/SecurityUtils.java
+++ b/packages/eurynome-cloud-security/src/main/java/cn/herodotus/eurynome/security/utils/SecurityUtils.java
@@ -23,35 +23,37 @@
 package cn.herodotus.eurynome.security.utils;
 
 import cn.herodotus.eurynome.common.utils.BeanUtils;
-import cn.hutool.core.bean.BeanUtil;
-import cn.herodotus.eurynome.constant.magic.SecurityConstants;
-import cn.herodotus.eurynome.security.definition.core.HerodotusRole;
 import cn.herodotus.eurynome.security.definition.core.HerodotusUserDetails;
-import lombok.extern.slf4j.Slf4j;
+import cn.hutool.core.bean.BeanUtil;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
-import java.util.Collection;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.stream.Collectors;
 
 
 /**
- * @author LIQIU
- * @date 2018-3-8
- **/
-@Slf4j
+ * <p>Description: 安全工具类 </p>
+ *
+ * @author : gengwei.zheng
+ * @date : 2021/8/13 16:50
+ */
 public class SecurityUtils {
 
+    private static final Logger log = LoggerFactory.getLogger(SecurityUtils.class);
+
+    public static final String PREFIX_ROLE = "ROLE_";
+    public static final String PREFIX_SCOPE = "SCOPE_";
+
     public static SecurityContext getSecurityContext() {
         return SecurityContextHolder.getContext();
     }
@@ -70,6 +72,7 @@ public static Object getDetails() {
 
     /**
      * 当用户角色发生变化，或者用户角色对应的权限发生变化，那么就从数据库中重新查询用户相关信息
+     *
      * @param newHerodotusUserDetails 从数据库中重新查询并生成的用户信息
      */
     public static void reloadAuthority(HerodotusUserDetails newHerodotusUserDetails) {
@@ -110,14 +113,6 @@ public static String getUsername() {
         return null;
     }
 
-    public static String getClientId() {
-        HerodotusUserDetails user = getPrincipal();
-        if (user != null) {
-            return user.getClientId();
-        }
-        return null;
-    }
-
     public static HerodotusUserDetails getPrincipals() {
         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
         if (principal != null) {
@@ -142,24 +137,6 @@ public static HerodotusUserDetails getPrincipals() {
         return null;
     }
 
-    public static boolean hasRole(String role) {
-
-        if (!StringUtils.startsWith(role, SecurityConstants.ROLE_PREFIX)) {
-            return false;
-        }
-
-        HerodotusUserDetails herodotusUserDetails = getPrincipal();
-        if (ObjectUtils.isNotEmpty(herodotusUserDetails)) {
-            List<HerodotusRole> roles = herodotusUserDetails.getRoles();
-            if (CollectionUtils.isNotEmpty(roles)) {
-                Collection filteredResult = roles.stream().filter(artisanRole -> artisanRole.getAuthority().equals(role)).collect(Collectors.toList());
-                return CollectionUtils.isNotEmpty(filteredResult);
-            }
-        }
-
-        return false;
-    }
-
     public static String getUserId() {
         HerodotusUserDetails herodotusUserDetails = getPrincipal();
         if (ObjectUtils.isNotEmpty(herodotusUserDetails)) {
@@ -187,24 +164,6 @@ public static String getAvatar() {
         return null;
     }
 
-    public static boolean hasAuthority(String authority) {
-
-        if (!StringUtils.startsWith(authority, SecurityConstants.AUTHORITY_PREFIX)) {
-            return false;
-        }
-
-        HerodotusUserDetails herodotusUserDetails = getPrincipal();
-        if (ObjectUtils.isNotEmpty(herodotusUserDetails)) {
-            Collection<? extends GrantedAuthority> authorities = herodotusUserDetails.getAuthorities();
-            if (CollectionUtils.isNotEmpty(authorities)) {
-                Collection filteredResult = authorities.stream().filter(grantedAuthority -> grantedAuthority.getAuthority().equals(authority)).collect(Collectors.toList());
-                return CollectionUtils.isNotEmpty(filteredResult);
-            }
-        }
-
-        return false;
-    }
-
     public static String encrypt(String password) {
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
         return encoder.encode(password);
@@ -213,12 +172,24 @@ public static String encrypt(String password) {
     public static String[] whitelistToAntMatchers(List<String> list) {
         if (CollectionUtils.isNotEmpty(list)) {
             String[] array = new String[list.size()];
-            log.debug("[Eurynome] |- Fetch The REST White List.");
+            log.debug("[Herodotus] |- Fetch The REST White List.");
             return list.toArray(array);
         }
 
-        log.warn("[Eurynome] |- Can not Fetch The REST White List Configurations.");
+        log.warn("[Herodotus] |- Can not Fetch The REST White List Configurations.");
         return new String[]{};
     }
 
+    public static String wellFormRolePrefix(String content) {
+        return wellFormPrefix(content, PREFIX_ROLE);
+    }
+
+    public static String wellFormPrefix(String content, String prefix) {
+        if (StringUtils.startsWith(content, prefix)) {
+            return content;
+        } else {
+            return prefix + content;
+        }
+    }
+
 }
diff --git a/packages/eurynome-cloud-starter/pom.xml b/packages/eurynome-cloud-starter/pom.xml
index 505bcdbd9..f18c56a6d 100644
--- a/packages/eurynome-cloud-starter/pom.xml
+++ b/packages/eurynome-cloud-starter/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>packages</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-starter</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <description>通用配置starter,此包的定位是统一未来接入的微服务使用</description>
     <packaging>jar</packaging>
diff --git a/packages/pom.xml b/packages/pom.xml
index 655ed6e5a..641e58e9d 100644
--- a/packages/pom.xml
+++ b/packages/pom.xml
@@ -29,7 +29,7 @@
     <parent>
         <artifactId>eurynome-cloud</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>packages</artifactId>
diff --git a/platform/eurynome-cloud-gateway/pom.xml b/platform/eurynome-cloud-gateway/pom.xml
index 1edfd8495..0cdbf3c19 100644
--- a/platform/eurynome-cloud-gateway/pom.xml
+++ b/platform/eurynome-cloud-gateway/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>platform</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-gateway</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/platform/eurynome-cloud-management/pom.xml b/platform/eurynome-cloud-management/pom.xml
index 3f73c60ec..dd29590ce 100644
--- a/platform/eurynome-cloud-management/pom.xml
+++ b/platform/eurynome-cloud-management/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>platform</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-management</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/platform/eurynome-cloud-uaa/pom.xml b/platform/eurynome-cloud-uaa/pom.xml
index 93e61a6d2..9213a4597 100644
--- a/platform/eurynome-cloud-uaa/pom.xml
+++ b/platform/eurynome-cloud-uaa/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>platform</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-uaa</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/platform/pom.xml b/platform/pom.xml
index 6d820a5ee..2bc9688dd 100644
--- a/platform/pom.xml
+++ b/platform/pom.xml
@@ -29,7 +29,7 @@
     <parent>
         <artifactId>eurynome-cloud</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/pom.xml b/pom.xml
index cb508f853..7e7d82c15 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,12 +7,12 @@
     <parent>
         <groupId>cn.herodotus.eurynome</groupId>
         <artifactId>dependencies</artifactId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
         <relativePath>dependencies/pom.xml</relativePath>
     </parent>
 
     <artifactId>eurynome-cloud</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>pom</packaging>
 
     <name>eurynome-cloud</name>
diff --git a/services/eurynome-cloud-bpmn-ability/pom.xml b/services/eurynome-cloud-bpmn-ability/pom.xml
index c9b1a0763..a813b922b 100644
--- a/services/eurynome-cloud-bpmn-ability/pom.xml
+++ b/services/eurynome-cloud-bpmn-ability/pom.xml
@@ -27,12 +27,12 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>eurynome-cloud-bpmn-ability</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <description>基于Camunda工作流的服务</description>
 
diff --git a/services/eurynome-cloud-bpmn-rest/pom.xml b/services/eurynome-cloud-bpmn-rest/pom.xml
index 3bfe5222f..e245e3db8 100644
--- a/services/eurynome-cloud-bpmn-rest/pom.xml
+++ b/services/eurynome-cloud-bpmn-rest/pom.xml
@@ -27,12 +27,12 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>eurynome-cloud-bpmn-rest</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
     <packaging>jar</packaging>
 
     <dependencies>
diff --git a/services/eurynome-cloud-upms-ability/pom.xml b/services/eurynome-cloud-upms-ability/pom.xml
index 15dae8037..a64fd6b01 100644
--- a/services/eurynome-cloud-upms-ability/pom.xml
+++ b/services/eurynome-cloud-upms-ability/pom.xml
@@ -27,12 +27,12 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>eurynome-cloud-upms-ability</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <dependencies>
         <dependency>
diff --git a/services/eurynome-cloud-upms-api/pom.xml b/services/eurynome-cloud-upms-api/pom.xml
index 292720028..34d263ba0 100644
--- a/services/eurynome-cloud-upms-api/pom.xml
+++ b/services/eurynome-cloud-upms-api/pom.xml
@@ -29,11 +29,11 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-upms-api</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <dependencies>
         <dependency>
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/constants/UpmsConstants.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/constants/UpmsConstants.java
index 77cffb254..5e2a29e50 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/constants/UpmsConstants.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/constants/UpmsConstants.java
@@ -22,6 +22,7 @@
 
 package cn.herodotus.eurynome.upms.api.constants;
 
+import cn.herodotus.eurynome.constant.enums.OAuth2Expression;
 import cn.herodotus.eurynome.constant.enums.StatusEnum;
 import cn.herodotus.eurynome.constant.magic.CacheConstants;
 import cn.herodotus.eurynome.constant.enums.GrantType;
@@ -54,7 +55,7 @@ public class UpmsConstants extends CacheConstants {
     public static final String REGION_SYS_ROLE = AREA_PREFIX + "sys:role";
     public static final String REGION_SYS_DEFAULT_ROLE = AREA_PREFIX + "sys:defaults:role";
     public static final String REGION_SYS_AUTHORITY = AREA_PREFIX + "sys:authority";
-    public static final String REGION_SYS_METADATA = AREA_PREFIX + "sys:metadata";
+    public static final String REGION_SYS_SECURITY_ATTRIBUTE = AREA_PREFIX + "sys:security:attribute";
     public static final String REGION_SYS_OWNERSHIP = AREA_PREFIX + "sys:ownership";
     public static final String REGION_SYS_SOCIAL_USER = AREA_PREFIX + "sys:social:user";
     public static final String REGION_VIEW_SYS_OWNERSHIP = AREA_PREFIX + "view:sys:ownership";
@@ -65,7 +66,7 @@ public class UpmsConstants extends CacheConstants {
     public static final String REGION_OAUTH_CLIENTDETAILS = AREA_PREFIX + "oauth:clientdetails";
     public static final String REGION_OAUTH_MICROSERVICES = AREA_PREFIX + "oauth:microservices";
     public static final String REGION_OAUTH_SCOPES = AREA_PREFIX + "oauth:scopes";
-    public static final String REGION_OAUTH_STATIC_EXPRESSIONS = AREA_PREFIX + "oauth:expressions:static";
+    public static final String REGION_OAUTH_EXPRESSIONS = AREA_PREFIX + "oauth:expressions";
     public static final String REGION_OAUTH_DYNAMIC_EXPRESSIONS = AREA_PREFIX + "oauth:expressions:dynamic";
     public static final String REGION_OAUTH_IP_ADDRESSES = AREA_PREFIX + "oauth:ipaddresses";
 
@@ -82,6 +83,7 @@ public class UpmsConstants extends CacheConstants {
     private static final List<Map<String, Object>> SUPPLIER_TYPE_ENUM = SupplierType.getToJsonStruct();
     private static final List<Map<String, Object>> GENDER_ENUM = Gender.getToJsonStruct();
     private static final List<Map<String, Object>> IDENTITY_ENUM = Identity.getToJsonStruct();
+    private static final List<Map<String, Object>> EXPRESSION_ENUM = OAuth2Expression.getToJsonStruct();
 
 
     public static Map<String, Object> getAllEnums() {
@@ -93,6 +95,7 @@ public static Map<String, Object> getAllEnums() {
         map.put("supplierType", SUPPLIER_TYPE_ENUM);
         map.put("gender", GENDER_ENUM);
         map.put("identity", IDENTITY_ENUM);
+        map.put("expression", EXPRESSION_ENUM);
         return map;
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2DynamicExpressions.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2DynamicExpressions.java
deleted file mode 100644
index 64089c283..000000000
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2DynamicExpressions.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 2019-2021 Gengwei Zheng (herodotus@aliyun.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Project Name: eurynome-cloud
- * Module Name: eurynome-cloud-upms-api
- * File Name: OAuth2DynamicExpressions.java
- * Author: gengwei.zheng
- * Date: 2021/08/05 16:59:05
- */
-
-package cn.herodotus.eurynome.upms.api.entity.oauth;
-
-import cn.herodotus.eurynome.data.base.entity.BaseSysEntity;
-import cn.herodotus.eurynome.upms.api.constants.UpmsConstants;
-import com.google.common.base.MoreObjects;
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import org.hibernate.annotations.CacheConcurrencyStrategy;
-import org.hibernate.annotations.GenericGenerator;
-
-import javax.persistence.*;
-
-/**
- * <p>Description: OAuth2 动态表达式 </p>
- *
- * @author : gengwei.zheng
- * @date : 2021/8/5 16:59
- */
-@ApiModel(description = "OAuth2 动态表达式")
-@Entity
-@Table(name = "oauth_dynamic_expressions", indexes = {@Index(name = "oauth_dynamic_expressions_id_idx", columnList = "expression_id")})
-@Cacheable
-@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_DYNAMIC_EXPRESSIONS)
-public class OAuth2DynamicExpressions extends BaseSysEntity {
-
-    @ApiModelProperty(value = "表达式ID")
-    @Id
-    @GeneratedValue(generator = "system-uuid")
-    @GenericGenerator(name = "system-uuid", strategy = "uuid2")
-    @Column(name = "expression_id", length = 64)
-    private String expressionId;
-
-    @ApiModelProperty(value = "表达式内容")
-    @Column(name = "expression_content", length = 128)
-    private String expressionContent;
-
-    public String getExpressionId() {
-        return expressionId;
-    }
-
-    public void setExpressionId(String expressionId) {
-        this.expressionId = expressionId;
-    }
-
-    public String getExpressionContent() {
-        return expressionContent;
-    }
-
-    public void setExpressionContent(String expressionContent) {
-        this.expressionContent = expressionContent;
-    }
-
-    @Override
-    public String getLinkedProperty() {
-        return this.getExpressionContent();
-    }
-
-    @Override
-    public String getId() {
-        return this.getExpressionId();
-    }
-
-    @Override
-    public String toString() {
-        return MoreObjects.toStringHelper(this)
-                .add("expressionId", expressionId)
-                .add("expressionContent", expressionContent)
-                .toString();
-    }
-}
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2IpAddresses.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2IpAddresses.java
deleted file mode 100644
index 4dab7ad3f..000000000
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2IpAddresses.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 2019-2021 Gengwei Zheng (herodotus@aliyun.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Project Name: eurynome-cloud
- * Module Name: eurynome-cloud-upms-api
- * File Name: OAuth2IpAddresses.java
- * Author: gengwei.zheng
- * Date: 2021/08/05 17:02:05
- */
-
-package cn.herodotus.eurynome.upms.api.entity.oauth;
-
-import cn.herodotus.eurynome.data.base.entity.BaseSysEntity;
-import cn.herodotus.eurynome.upms.api.constants.UpmsConstants;
-import com.google.common.base.MoreObjects;
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import org.hibernate.annotations.CacheConcurrencyStrategy;
-import org.hibernate.annotations.GenericGenerator;
-
-import javax.persistence.*;
-
-/**
- * <p>Description: OAuth2 管控IP地址 </p>
- *
- * @author : gengwei.zheng
- * @date : 2021/8/5 17:02
- */
-@ApiModel(description = "OAuth2 管控IP地址")
-@Entity
-@Table(name = "oauth_ip_addresses", indexes = {@Index(name = "oauth_ip_addresses_id_idx", columnList = "ip_id")})
-@Cacheable
-@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_IP_ADDRESSES)
-public class OAuth2IpAddresses extends BaseSysEntity {
-
-    @ApiModelProperty(value = "IP地址ID")
-    @Id
-    @GeneratedValue(generator = "system-uuid")
-    @GenericGenerator(name = "system-uuid", strategy = "uuid2")
-    @Column(name = "ip_id", length = 64)
-    private String ipId;
-
-    @ApiModelProperty(value = "IP地址")
-    @Column(name = "ip_address", length = 64)
-    private String ipAddress;
-
-    public String getIpId() {
-        return ipId;
-    }
-
-    public void setIpId(String ipId) {
-        this.ipId = ipId;
-    }
-
-    public String getIpAddress() {
-        return ipAddress;
-    }
-
-    public void setIpAddress(String ipAddress) {
-        this.ipAddress = ipAddress;
-    }
-
-    @Override
-    public String getLinkedProperty() {
-        return this.getIpAddress();
-    }
-
-    @Override
-    public String getId() {
-        return this.getIpId();
-    }
-
-    @Override
-    public String toString() {
-        return MoreObjects.toStringHelper(this)
-                .add("ipId", ipId)
-                .add("ipAddress", ipAddress)
-                .toString();
-    }
-}
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2StaticExpressions.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2StaticExpressions.java
deleted file mode 100644
index 1f24e3ade..000000000
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/oauth/OAuth2StaticExpressions.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 2019-2021 Gengwei Zheng (herodotus@aliyun.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Project Name: eurynome-cloud
- * Module Name: eurynome-cloud-upms-api
- * File Name: OAuth2StaticExpressions.java
- * Author: gengwei.zheng
- * Date: 2021/08/05 17:04:05
- */
-
-package cn.herodotus.eurynome.upms.api.entity.oauth;
-
-import cn.herodotus.eurynome.data.base.entity.BaseSysEntity;
-import cn.herodotus.eurynome.upms.api.constants.UpmsConstants;
-import com.google.common.base.MoreObjects;
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import org.hibernate.annotations.CacheConcurrencyStrategy;
-import org.hibernate.annotations.GenericGenerator;
-
-import javax.persistence.*;
-
-/**
- * <p>Description: OAuth2 表达式 </p>
- *
- * @author : gengwei.zheng
- * @date : 2021/8/5 17:04
- */
-@ApiModel(description = "OAuth2 表达式")
-@Entity
-@Table(name = "oauth_static_expressions", indexes = {@Index(name = "oauth_static_expressions_id_idx", columnList = "expression_id")})
-@Cacheable
-@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_STATIC_EXPRESSIONS)
-public class OAuth2StaticExpressions extends BaseSysEntity {
-
-    @ApiModelProperty(value = "表达式ID")
-    @Id
-    @GeneratedValue(generator = "system-uuid")
-    @GenericGenerator(name = "system-uuid", strategy = "uuid2")
-    @Column(name = "expression_id", length = 64)
-    private String expressionId;
-
-    @ApiModelProperty(value = "表达式内容")
-    @Column(name = "expression_content", length = 128)
-    private String expressionContent;
-
-    public String getExpressionId() {
-        return expressionId;
-    }
-
-    public void setExpressionId(String expressionId) {
-        this.expressionId = expressionId;
-    }
-
-    public String getExpressionContent() {
-        return expressionContent;
-    }
-
-    public void setExpressionContent(String expressionContent) {
-        this.expressionContent = expressionContent;
-    }
-
-    @Override
-    public String getLinkedProperty() {
-        return this.getExpressionContent();
-    }
-
-    @Override
-    public String getId() {
-        return this.getExpressionId();
-    }
-
-    @Override
-    public String toString() {
-        return MoreObjects.toStringHelper(this)
-                .add("expressionId", expressionId)
-                .add("expressionContent", expressionContent)
-                .toString();
-    }
-}
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysMetadata.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysSecurityAttribute.java
similarity index 53%
rename from services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysMetadata.java
rename to services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysSecurityAttribute.java
index d7a5879ed..a981b0da3 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysMetadata.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/entity/system/SysSecurityAttribute.java
@@ -15,7 +15,7 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-api
- * File Name: SysMetadata.java
+ * File Name: SysSecurityAttribute.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:06:05
  */
@@ -24,11 +24,8 @@
 
 import cn.herodotus.eurynome.data.base.entity.BaseSysEntity;
 import cn.herodotus.eurynome.upms.api.constants.UpmsConstants;
-import cn.herodotus.eurynome.upms.api.entity.oauth.OAuth2DynamicExpressions;
-import cn.herodotus.eurynome.upms.api.entity.oauth.OAuth2IpAddresses;
 import cn.herodotus.eurynome.upms.api.entity.oauth.OAuth2Scopes;
-import cn.herodotus.eurynome.upms.api.entity.oauth.OAuth2StaticExpressions;
-import cn.herodotus.eurynome.upms.api.listener.entity.SysMetadataEntityListener;
+import cn.herodotus.eurynome.upms.api.listener.entity.SysSecurityAttributeEntityListener;
 import com.google.common.base.MoreObjects;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
@@ -49,18 +46,18 @@
  */
 @ApiModel(description = "系统权限元数据")
 @Entity
-@Table(name = "sys_metadata", indexes = {@Index(name = "sys_metadata_id_idx", columnList = "metadata_id")})
+@Table(name = "sys_security_attribute", indexes = {@Index(name = "sys_security_attribute_id_idx", columnList = "attribute_id")})
 @Cacheable
-@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_SYS_METADATA)
-@EntityListeners(value = {SysMetadataEntityListener.class})
-public class SysMetadata extends BaseSysEntity {
+@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_SYS_SECURITY_ATTRIBUTE)
+@EntityListeners(value = {SysSecurityAttributeEntityListener.class})
+public class SysSecurityAttribute extends BaseSysEntity {
 
     @ApiModelProperty(value = "元数据ID")
     @Id
     @GeneratedValue(generator = "metadata-uuid")
-    @GenericGenerator(name = "metadata-uuid", strategy = "cn.herodotus.cloud.upms.api.generator.SysMetadataUUIDGenerator")
-    @Column(name = "metadata_id", length = 64)
-    private String metadataId;
+    @GenericGenerator(name = "metadata-uuid", strategy = "cn.herodotus.cloud.upms.api.generator.SysSecurityAttributeUUIDGenerator")
+    @Column(name = "attribute_id", length = 64)
+    private String attributeId;
 
     @ApiModelProperty(value = "URL")
     @Column(name = "url", length = 2048)
@@ -74,38 +71,28 @@ public class SysMetadata extends BaseSysEntity {
     @Column(name = "service_id", length = 128)
     private String serviceId;
 
-    @ApiModelProperty(value = "默认表达式", notes = "该值即authority_code值，会被封装成hasAuthority('XX'), 是自动生成的默认权限")
-    @Column(name = "default_expression", length = 128)
-    private String defaultExpression;
+    @ApiModelProperty(value = "默认权限代码", notes = "该值即authority_code值，如果没有设置其它权限，该值会被封装成hasAuthority('XX')作为默认权限, 是自动生成的默认权限")
+    @Column(name = "attribute_code", length = 128)
+    private String attributeCode;
 
-    @ApiModelProperty(value = "Scope权限表达式", notes = "该表达式要符合ScopeVoter规则")
-    @Column(name = "scope_expression", length = 128)
-    private String scopeExpression;
+    @ApiModelProperty(value = "表达式", notes = "Security和OAuth2涉及的表达式字符串，通过该值设置不同的权限")
+    @Column(name = "expression", length = 128)
+    private String expression;
 
-    @ApiModelProperty(value = "静态字符串表达式", notes = "Security和OAuth2涉及的表达式字符串")
-    @org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_STATIC_EXPRESSIONS)
-    @ManyToOne(fetch = FetchType.EAGER)
-    @JoinColumn(name = "static_expression_id", referencedColumnName = "expression_id")
-    private OAuth2StaticExpressions staticExpression;
+    @ApiModelProperty(value = "IP地址", notes = "该表达式要符合WebExpressionVoter规则,根据配置的IP地址动态生成")
+    @Column(name = "ip_address", length = 64)
+    private String ipAddress;
 
-    @ApiModelProperty(value = "动态字符串表达式", notes = "通过UI界面等配置生成的合规的表达式")
-    @org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_DYNAMIC_EXPRESSIONS)
-    @ManyToOne(fetch = FetchType.EAGER)
-    @JoinColumn(name = "dynamic_expression_id", referencedColumnName = "expression_id")
-    private OAuth2DynamicExpressions dynamicExpression;
-
-    @ApiModelProperty(value = "IP地址表达式", notes = "该表达式要符合WebExpressionVoter规则,根据配置的IP地址动态生成")
-    @org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_OAUTH_IP_ADDRESSES)
-    @ManyToOne(fetch = FetchType.EAGER)
-    @JoinColumn(name = "ip_expression_id", referencedColumnName = "ip_id")
-    private OAuth2IpAddresses ipExpression;
+    @ApiModelProperty(value = "指定表达式", notes = "预留字段，该值可手动设置具体的权限表达式，而不是通过Role、Scope等关联数据自动生成")
+    @Column(name = "manual_setting", length = 256)
+    private String manualSetting;
 
     @ApiModelProperty(value = "动态权限表达式", notes = "该表达式要符合WebExpressionVoter规则,根据配置动态生成")
     @org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.READ_WRITE, region = UpmsConstants.REGION_SYS_ROLE)
     @ManyToMany(fetch = FetchType.EAGER)
     @Fetch(FetchMode.SUBSELECT)
     @JoinTable(name = "sys_role_authority",
-            joinColumns = {@JoinColumn(name = "authority_id", referencedColumnName = "metadata_id")},
+            joinColumns = {@JoinColumn(name = "authority_id", referencedColumnName = "attribute_id")},
             inverseJoinColumns = {@JoinColumn(name = "role_id", referencedColumnName = "role_id")})
     private Set<SysRole> roles = new HashSet<>();
 
@@ -114,7 +101,7 @@ public class SysMetadata extends BaseSysEntity {
     @ManyToMany(fetch = FetchType.EAGER)
     @Fetch(FetchMode.SUBSELECT)
     @JoinTable(name = "oauth_scopes_authority",
-            joinColumns = {@JoinColumn(name = "authority_id", referencedColumnName = "metadata_id")},
+            joinColumns = {@JoinColumn(name = "authority_id", referencedColumnName = "attribute_id")},
             inverseJoinColumns = {@JoinColumn(name = "scope_id", referencedColumnName = "scope_id")})
     private Set<OAuth2Scopes> scopes = new HashSet<>();
 
@@ -125,15 +112,15 @@ public String getLinkedProperty() {
 
     @Override
     public String getId() {
-        return this.getMetadataId();
+        return this.getAttributeId();
     }
 
-    public String getMetadataId() {
-        return metadataId;
+    public String getAttributeId() {
+        return attributeId;
     }
 
-    public void setMetadataId(String metadataId) {
-        this.metadataId = metadataId;
+    public void setAttributeId(String attributeId) {
+        this.attributeId = attributeId;
     }
 
     public String getUrl() {
@@ -160,44 +147,36 @@ public void setServiceId(String serviceId) {
         this.serviceId = serviceId;
     }
 
-    public String getDefaultExpression() {
-        return defaultExpression;
-    }
-
-    public void setDefaultExpression(String defaultExpression) {
-        this.defaultExpression = defaultExpression;
-    }
-
-    public String getScopeExpression() {
-        return scopeExpression;
+    public String getAttributeCode() {
+        return attributeCode;
     }
 
-    public void setScopeExpression(String scopeExpression) {
-        this.scopeExpression = scopeExpression;
+    public void setAttributeCode(String attributeCode) {
+        this.attributeCode = attributeCode;
     }
 
-    public OAuth2StaticExpressions getStaticExpression() {
-        return staticExpression;
+    public String getExpression() {
+        return expression;
     }
 
-    public void setStaticExpression(OAuth2StaticExpressions staticExpression) {
-        this.staticExpression = staticExpression;
+    public void setExpression(String expression) {
+        this.expression = expression;
     }
 
-    public OAuth2DynamicExpressions getDynamicExpression() {
-        return dynamicExpression;
+    public String getIpAddress() {
+        return ipAddress;
     }
 
-    public void setDynamicExpression(OAuth2DynamicExpressions dynamicExpression) {
-        this.dynamicExpression = dynamicExpression;
+    public void setIpAddress(String ipAddress) {
+        this.ipAddress = ipAddress;
     }
 
-    public OAuth2IpAddresses getIpExpression() {
-        return ipExpression;
+    public String getManualSetting() {
+        return manualSetting;
     }
 
-    public void setIpExpression(OAuth2IpAddresses ipExpression) {
-        this.ipExpression = ipExpression;
+    public void setManualSetting(String manualSetting) {
+        this.manualSetting = manualSetting;
     }
 
     public Set<SysRole> getRoles() {
@@ -219,15 +198,14 @@ public void setScopes(Set<OAuth2Scopes> scopes) {
     @Override
     public String toString() {
         return MoreObjects.toStringHelper(this)
-                .add("metadataId", metadataId)
+                .add("attributeId", attributeId)
                 .add("url", url)
                 .add("requestMethod", requestMethod)
                 .add("serviceId", serviceId)
-                .add("defaultExpression", defaultExpression)
-                .add("scopeExpression", scopeExpression)
-                .add("staticExpression", staticExpression)
-                .add("dynamicExpression", dynamicExpression)
-                .add("ipExpression", ipExpression)
+                .add("attributeCode", attributeCode)
+                .add("expression", expression)
+                .add("ipAddress", ipAddress)
+                .add("manualSetting", manualSetting)
                 .toString();
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysMetadataUUIDGenerator.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysSecurityAttributeUUIDGenerator.java
similarity index 79%
rename from services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysMetadataUUIDGenerator.java
rename to services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysSecurityAttributeUUIDGenerator.java
index e2ec8290c..75960c257 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysMetadataUUIDGenerator.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/generator/SysSecurityAttributeUUIDGenerator.java
@@ -15,14 +15,14 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-api
- * File Name: SysMetadataUUIDGenerator.java
+ * File Name: SysSecurityAttributeUUIDGenerator.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:17:05
  */
 
 package cn.herodotus.eurynome.upms.api.generator;
 
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.hibernate.HibernateException;
@@ -39,7 +39,7 @@
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:17
  */
-public class SysMetadataUUIDGenerator extends UUIDGenerator {
+public class SysSecurityAttributeUUIDGenerator extends UUIDGenerator {
 
     @Override
     public Serializable generate(SharedSessionContractImplementor session, Object object) throws HibernateException {
@@ -47,12 +47,12 @@ public Serializable generate(SharedSessionContractImplementor session, Object ob
             throw new HibernateException(new NullPointerException());
         }
 
-        SysMetadata sysMetadata = (SysMetadata) object;
+        SysSecurityAttribute sysSecurityAttribute = (SysSecurityAttribute) object;
 
-        if (StringUtils.isEmpty(sysMetadata.getMetadataId())) {
+        if (StringUtils.isEmpty(sysSecurityAttribute.getAttributeId())) {
             return super.generate(session, object);
         } else {
-            return sysMetadata.getMetadataId();
+            return sysSecurityAttribute.getAttributeId();
         }
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/helper/UpmsHelper.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/helper/UpmsHelper.java
index 8b6ca10f6..bada55d81 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/helper/UpmsHelper.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/helper/UpmsHelper.java
@@ -23,12 +23,9 @@
 package cn.herodotus.eurynome.upms.api.helper;
 
 
-import cn.herodotus.eurynome.constant.magic.SymbolConstants;
 import cn.herodotus.eurynome.constant.enums.StatusEnum;
-import cn.herodotus.eurynome.constant.magic.SecurityExpression;
-import cn.herodotus.eurynome.security.definition.core.HerodotusAuthority;
+import cn.herodotus.eurynome.constant.magic.SymbolConstants;
 import cn.herodotus.eurynome.security.definition.core.HerodotusClientDetails;
-import cn.herodotus.eurynome.security.definition.core.HerodotusRole;
 import cn.herodotus.eurynome.security.definition.core.HerodotusUserDetails;
 import cn.herodotus.eurynome.security.definition.domain.RequestMapping;
 import cn.herodotus.eurynome.security.utils.SecurityUtils;
@@ -36,19 +33,16 @@
 import cn.herodotus.eurynome.upms.api.entity.oauth.OauthApplications;
 import cn.herodotus.eurynome.upms.api.entity.oauth.OauthClientDetails;
 import cn.herodotus.eurynome.upms.api.entity.system.SysAuthority;
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
 import cn.herodotus.eurynome.upms.api.entity.system.SysRole;
 import cn.herodotus.eurynome.upms.api.entity.system.SysUser;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.TypeReference;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.util.StringUtils;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.stream.Collectors;
 
 /**
@@ -59,34 +53,6 @@
  */
 public class UpmsHelper {
 
-    public static HerodotusRole convertSysRoleToArtisanRole(SysRole sysRole) {
-        HerodotusRole herodotusRole = new HerodotusRole();
-        herodotusRole.setRoleId(sysRole.getRoleId());
-//        herodotusRole.setRoleName(sysRole.getRoleName());
-        herodotusRole.setRoleCode(sysRole.getRoleCode());
-        return herodotusRole;
-    }
-
-    public static List<HerodotusAuthority> convertSysAuthoritiesToHerodotusAuthorities(Collection<SysAuthority> sysAuthorities) {
-        if (CollectionUtils.isNotEmpty(sysAuthorities)) {
-            return sysAuthorities.stream().map(UpmsHelper::convertSysAuthorityToArtisanAuthority).collect(Collectors.toList());
-        }
-        return new ArrayList<>();
-    }
-
-    private static HerodotusAuthority convertSysAuthorityToArtisanAuthority(SysAuthority sysAuthority) {
-        HerodotusAuthority herodotusAuthority = new HerodotusAuthority();
-        herodotusAuthority.setAuthorityId(sysAuthority.getAuthorityId());
-        herodotusAuthority.setAuthorityCode(sysAuthority.getAuthorityCode());
-//        herodotusAuthority.setAuthorityType(sysAuthority.getAuthorityType());
-//        herodotusAuthority.setMenuClass(sysAuthority.getMenuClass());
-//        herodotusAuthority.setRanking(sysAuthority.getRanking());
-//        herodotusAuthority.setAuthorityName(sysAuthority.getAuthorityName());
-//        herodotusAuthority.setUrl(sysAuthority.getUrl());
-//        herodotusAuthority.setParentId(sysAuthority.getParentId());
-        return herodotusAuthority;
-    }
-
     public static HerodotusClientDetails convertOauthClientDetailsToHerodotusClientDetails(OauthClientDetails oauthClientDetails) {
         HerodotusClientDetails herodotusClientDetails = null;
 
@@ -134,21 +100,21 @@ public static HerodotusUserDetails convertSysUserToHerodotusUserDetails(SysUser
         herodotusUserDetails.setUsername(sysUser.getUserName());
         herodotusUserDetails.setPassword(sysUser.getPassword());
         herodotusUserDetails.setNickName(sysUser.getNickName());
-        herodotusUserDetails.setClientId(sysUser.getEmployeeId());
         herodotusUserDetails.setAccountNonExpired(sysUser.getStatus() != StatusEnum.EXPIRED);
         herodotusUserDetails.setAccountNonLocked(sysUser.getStatus() != StatusEnum.LOCKING);
         herodotusUserDetails.setEnabled(sysUser.getStatus() == StatusEnum.ENABLE);
 
-        List<HerodotusRole> herodotusRoles = new ArrayList<>();
-        List<HerodotusAuthority> herodotusAuthorities = new ArrayList<>();
+        Collection<SimpleGrantedAuthority> authorities = new LinkedHashSet<>();
 
         for (SysRole sysRole : sysUser.getRoles()) {
-            herodotusRoles.add(convertSysRoleToArtisanRole(sysRole));
-            herodotusAuthorities.addAll(convertSysAuthoritiesToHerodotusAuthorities(sysRole.getAuthorities()));
+            authorities.add(new SimpleGrantedAuthority(SecurityUtils.wellFormRolePrefix(sysRole.getRoleCode())));
+            Set<SysAuthority> sysAuthorities = sysRole.getAuthorities();
+            if (CollectionUtils.isNotEmpty(sysAuthorities)) {
+                sysAuthorities.forEach(sysAuthority -> authorities.add(new SimpleGrantedAuthority((sysAuthority.getAuthorityCode()))));
+            }
         }
 
-        herodotusUserDetails.setRoles(herodotusRoles);
-        herodotusUserDetails.setAuthorities(herodotusAuthorities);
+        herodotusUserDetails.setAuthorities(authorities);
 
         return herodotusUserDetails;
     }
@@ -174,45 +140,6 @@ private static SysAuthority convertRequestMappingToSysAuthority(RequestMapping r
         return sysAuthority;
     }
 
-    public static List<RequestMapping> convertSysAuthoritiesToRequestMappings(Collection<SysAuthority> sysAuthorities) {
-        if (CollectionUtils.isNotEmpty(sysAuthorities)) {
-            return sysAuthorities.stream().map(UpmsHelper::convertSysAuthorityToRequestMapping).collect(Collectors.toList());
-        }
-        return new ArrayList<>();
-    }
-
-    private static RequestMapping convertSysAuthorityToRequestMapping(SysAuthority sysAuthority) {
-        RequestMapping requestMapping = new RequestMapping();
-        requestMapping.setMetadataId(sysAuthority.getAuthorityId());
-        requestMapping.setMetadataCode(sysAuthority.getAuthorityCode());
-        requestMapping.setMetadataName(sysAuthority.getAuthorityName());
-        requestMapping.setRequestMethod(sysAuthority.getRequestMethod());
-        requestMapping.setServiceId(sysAuthority.getServiceId());
-        requestMapping.setClassName(sysAuthority.getClassName());
-        requestMapping.setMethodName(sysAuthority.getMethodName());
-        requestMapping.setUrl(sysAuthority.getUrl());
-        requestMapping.setParentId(sysAuthority.getParentId());
-        return requestMapping;
-    }
-
-    public static List<SysMetadata> convertSysAuthoritiesToSysMetadatas(Collection<SysAuthority> sysAuthorities) {
-        if (CollectionUtils.isNotEmpty(sysAuthorities)) {
-            return sysAuthorities.stream().map(UpmsHelper::convertSysAuthorityToSysMetadata).collect(Collectors.toList());
-        }
-        return new ArrayList<>();
-    }
-
-    private static SysMetadata convertSysAuthorityToSysMetadata(SysAuthority sysAuthority) {
-        SysMetadata sysMetadata = new SysMetadata();
-        sysMetadata.setMetadataId(sysAuthority.getAuthorityId());
-        sysMetadata.setDefaultExpression(sysAuthority.getAuthorityCode());
-        sysMetadata.setUrl(sysAuthority.getUrl());
-        sysMetadata.setRequestMethod(sysAuthority.getRequestMethod());
-        sysMetadata.setServiceId(sysAuthority.getServiceId());
-        sysMetadata.setScopeExpression(SecurityExpression.SCOPE_DENY_ACCESS);
-        return sysMetadata;
-    }
-
     public static OauthClientDetails convertOauthApplicationsToOauthClientDetails(OauthApplications oauthApplications, OauthClientDetails oauthClientDetails) {
         if (ObjectUtils.isEmpty(oauthClientDetails)) {
             oauthClientDetails = new OauthClientDetails();
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysRoleEntityListener.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysRoleEntityListener.java
index e7f2b6412..d359fe7b9 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysRoleEntityListener.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysRoleEntityListener.java
@@ -22,16 +22,12 @@
 
 package cn.herodotus.eurynome.upms.api.listener.entity;
 
-import cn.herodotus.eurynome.upms.api.entity.system.SysAuthority;
 import cn.herodotus.eurynome.upms.api.entity.system.SysRole;
-import cn.herodotus.eurynome.upms.api.listener.event.SysMetadataRelationChangeEvent;
+import cn.herodotus.eurynome.upms.api.listener.event.SysSecurityAttributeRelationChangeEvent;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
 
 import javax.persistence.PostLoad;
 import javax.persistence.PostRemove;
@@ -64,21 +60,21 @@ protected void postLoad(SysRole entity) {
 
     @PreUpdate
     protected void preUpdate(SysRole entity) {
-        log.debug("[Eurynome] |- SysRoleEntityListener @PreUpdate actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
+        log.debug("[Eurynome] |- SysRoleEntityListener @PreUpdate actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
         this.setAfter(clone(entity));
     }
 
     @PostUpdate
     protected void postUpdate(SysRole entity) {
-        log.debug("[Eurynome] |- SysRoleEntityListener @PostUpdate actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
-        this.getApplicationContext().publishEvent(new SysMetadataRelationChangeEvent(this.getChangedAuthority()));
+        log.debug("[Eurynome] |- SysRoleEntityListener @PostUpdate actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
+        this.getApplicationContext().publishEvent(new SysSecurityAttributeRelationChangeEvent(this.getChangedAuthority()));
     }
 
     @PostRemove
     protected void postRemove(SysRole entity) {
-        log.debug("[Eurynome] |- SysRoleEntityListener @PostRemove actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
+        log.debug("[Eurynome] |- SysRoleEntityListener @PostRemove actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
         if (CollectionUtils.isNotEmpty(entity.getAuthorities())) {
-            this.getApplicationContext().publishEvent(new SysMetadataRelationChangeEvent(clone(entity)));
+            this.getApplicationContext().publishEvent(new SysSecurityAttributeRelationChangeEvent(clone(entity)));
         }
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysScopeEntityListener.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysScopeEntityListener.java
index 21b067f8b..24cfc553c 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysScopeEntityListener.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysScopeEntityListener.java
@@ -23,16 +23,11 @@
 package cn.herodotus.eurynome.upms.api.listener.entity;
 
 import cn.herodotus.eurynome.upms.api.entity.oauth.OAuth2Scopes;
-import cn.herodotus.eurynome.upms.api.entity.system.SysAuthority;
-import cn.herodotus.eurynome.upms.api.entity.system.SysRole;
-import cn.herodotus.eurynome.upms.api.listener.event.SysMetadataRelationChangeEvent;
+import cn.herodotus.eurynome.upms.api.listener.event.SysSecurityAttributeRelationChangeEvent;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
 
 import javax.persistence.PostLoad;
 import javax.persistence.PostRemove;
@@ -65,21 +60,21 @@ protected void postLoad(OAuth2Scopes entity) {
 
     @PreUpdate
     protected void preUpdate(OAuth2Scopes entity) {
-        log.debug("[Eurynome] |- SysScopeEntityListener @PreUpdate actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
+        log.debug("[Eurynome] |- SysScopeEntityListener @PreUpdate actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
         this.setAfter(clone(entity));
     }
 
     @PostUpdate
     protected void postUpdate(OAuth2Scopes entity) {
-        log.debug("[Eurynome] |- SysScopeEntityListener @PostUpdate actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
-        this.getApplicationContext().publishEvent(new SysMetadataRelationChangeEvent(this.getChangedAuthority()));
+        log.debug("[Eurynome] |- SysScopeEntityListener @PostUpdate actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
+        this.getApplicationContext().publishEvent(new SysSecurityAttributeRelationChangeEvent(this.getChangedAuthority()));
     }
 
     @PostRemove
     protected void postRemove(OAuth2Scopes entity) {
-        log.debug("[Eurynome] |- SysScopeEntityListener @PostRemove actived, value is : [{}]. Trigger SysMetadata relation change event.", entity.toString());
+        log.debug("[Eurynome] |- SysScopeEntityListener @PostRemove actived, value is : [{}]. Trigger SysSecurityAttribute relation change event.", entity.toString());
         if (CollectionUtils.isNotEmpty(entity.getAuthorities())) {
-            this.getApplicationContext().publishEvent(new SysMetadataRelationChangeEvent(clone(entity)));
+            this.getApplicationContext().publishEvent(new SysSecurityAttributeRelationChangeEvent(clone(entity)));
         }
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysMetadataEntityListener.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysSecurityAttributeEntityListener.java
similarity index 68%
rename from services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysMetadataEntityListener.java
rename to services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysSecurityAttributeEntityListener.java
index 968476af8..259b3f882 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysMetadataEntityListener.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/entity/SysSecurityAttributeEntityListener.java
@@ -15,15 +15,15 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-api
- * File Name: SysMetadataEntityListener.java
+ * File Name: SysSecurityAttributeEntityListener.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:08:05
  */
 
 package cn.herodotus.eurynome.upms.api.listener.entity;
 
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
-import cn.herodotus.eurynome.upms.api.listener.event.SysMetadataChangeEvent;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
+import cn.herodotus.eurynome.upms.api.listener.event.SysSecurityAttributeChangeEvent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
@@ -33,14 +33,14 @@
 import javax.persistence.PostUpdate;
 
 /**
- * <p>Description: SysMetadata实体变更监听 </p>
+ * <p>Description: SysSecurityAttribute实体变更监听 </p>
  *
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:08
  */
-public class SysMetadataEntityListener implements ApplicationContextAware {
+public class SysSecurityAttributeEntityListener implements ApplicationContextAware {
 
-    private static final Logger log = LoggerFactory.getLogger(SysMetadataEntityListener.class);
+    private static final Logger log = LoggerFactory.getLogger(SysSecurityAttributeEntityListener.class);
 
     private ApplicationContext applicationContext;
 
@@ -50,8 +50,8 @@ public void setApplicationContext(ApplicationContext applicationContext) throws
     }
 
     @PostUpdate
-    protected void postUpdate(SysMetadata entity) {
-        log.trace("[Eurynome] |- SysMetadataEntityListener @PostUpdate : [{}]", entity.toString());
-        this.applicationContext.publishEvent(new SysMetadataChangeEvent(entity));
+    protected void postUpdate(SysSecurityAttribute entity) {
+        log.trace("[Eurynome] |- SysSecurityAttributeEntityListener @PostUpdate : [{}]", entity.toString());
+        this.applicationContext.publishEvent(new SysSecurityAttributeChangeEvent(entity));
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataChangeEvent.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeChangeEvent.java
similarity index 61%
rename from services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataChangeEvent.java
rename to services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeChangeEvent.java
index 11faf1a03..167a2d412 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataChangeEvent.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeChangeEvent.java
@@ -15,32 +15,32 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-api
- * File Name: SysMetadataChangeEvent.java
+ * File Name: SysSecurityAttributeChangeEvent.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:09:05
  */
 
 package cn.herodotus.eurynome.upms.api.listener.event;
 
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
 import org.springframework.context.ApplicationEvent;
 
 /**
- * <p>Description: SysMetadata实体数据变更事件 </p>
+ * <p>Description: SysSecurityAttribute实体数据变更事件 </p>
  *
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:09
  */
-public class SysMetadataChangeEvent extends ApplicationEvent {
+public class SysSecurityAttributeChangeEvent extends ApplicationEvent {
 
-    private final SysMetadata sysMetadata;
+    private final SysSecurityAttribute sysSecurityAttribute;
 
-    public SysMetadataChangeEvent(SysMetadata sysMetadata) {
-        super(sysMetadata);
-        this.sysMetadata = sysMetadata;
+    public SysSecurityAttributeChangeEvent(SysSecurityAttribute sysSecurityAttribute) {
+        super(sysSecurityAttribute);
+        this.sysSecurityAttribute = sysSecurityAttribute;
     }
 
-    public SysMetadata getSysMetadata() {
-        return sysMetadata;
+    public SysSecurityAttribute getSysSecurityAttribute() {
+        return sysSecurityAttribute;
     }
 }
diff --git a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataRelationChangeEvent.java b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeRelationChangeEvent.java
similarity index 81%
rename from services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataRelationChangeEvent.java
rename to services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeRelationChangeEvent.java
index a6bad0f1d..dee38c5de 100644
--- a/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysMetadataRelationChangeEvent.java
+++ b/services/eurynome-cloud-upms-api/src/main/java/cn/herodotus/eurynome/upms/api/listener/event/SysSecurityAttributeRelationChangeEvent.java
@@ -15,7 +15,7 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-api
- * File Name: SysMetadataRelationChangeEvent.java
+ * File Name: SysSecurityAttributeRelationChangeEvent.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:10:05
  */
@@ -29,16 +29,16 @@
 import java.util.List;
 
 /**
- * <p>Description: SysMetadata关联数据变更Event </p>
+ * <p>Description: SysSecurityAttribute关联数据变更Event </p>
  *
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:10
  */
-public class SysMetadataRelationChangeEvent extends ApplicationEvent {
+public class SysSecurityAttributeRelationChangeEvent extends ApplicationEvent {
 
     private final List<String> changedAuthorities;
 
-    public SysMetadataRelationChangeEvent(List<String> changedAuthorities) {
+    public SysSecurityAttributeRelationChangeEvent(List<String> changedAuthorities) {
         super(changedAuthorities);
         this.changedAuthorities = changedAuthorities;
     }
diff --git a/services/eurynome-cloud-upms-logic/pom.xml b/services/eurynome-cloud-upms-logic/pom.xml
index 0743599f4..2871bc8f5 100644
--- a/services/eurynome-cloud-upms-logic/pom.xml
+++ b/services/eurynome-cloud-upms-logic/pom.xml
@@ -7,11 +7,11 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-upms-logic</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <dependencies>
         <dependency>
diff --git a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysMetadataRepository.java b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysSecurityAttributeRepository.java
similarity index 76%
rename from services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysMetadataRepository.java
rename to services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysSecurityAttributeRepository.java
index faf995c62..5fa4d6fd4 100644
--- a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysMetadataRepository.java
+++ b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/repository/system/SysSecurityAttributeRepository.java
@@ -15,7 +15,7 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-logic
- * File Name: SysMetadataRepository.java
+ * File Name: SysSecurityAttributeRepository.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:48:05
  */
@@ -23,20 +23,20 @@
 package cn.herodotus.eurynome.upms.logic.repository.system;
 
 import cn.herodotus.eurynome.data.base.repository.BaseRepository;
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
 import org.springframework.data.jpa.repository.QueryHints;
 
 import javax.persistence.QueryHint;
 import java.util.List;
 
 /**
- * <p>Description: SysMetadataRepository </p>
+ * <p>Description: SysSecurityAttributeRepository </p>
  *
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:48
  */
-public interface SysMetadataRepository extends BaseRepository<SysMetadata, String> {
+public interface SysSecurityAttributeRepository extends BaseRepository<SysSecurityAttribute, String> {
 
     @QueryHints(@QueryHint(name = org.hibernate.annotations.QueryHints.CACHEABLE, value = "true"))
-    List<SysMetadata> findByMetadataIdIn(List<String> ids);
+    List<SysSecurityAttribute> findByAttributeIdIn(List<String> ids);
 }
diff --git a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysAuthorityService.java b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysAuthorityService.java
index 891249f66..b561f656d 100644
--- a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysAuthorityService.java
+++ b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysAuthorityService.java
@@ -28,7 +28,7 @@
 import cn.herodotus.eurynome.crud.service.BaseLayeredService;
 import cn.herodotus.eurynome.data.base.repository.BaseRepository;
 import cn.herodotus.eurynome.upms.api.entity.system.SysAuthority;
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
 import cn.herodotus.eurynome.upms.logic.repository.system.SysAuthorityRepository;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -76,7 +76,7 @@ public List<SysAuthority> findAllByAuthorityType(AuthorityType authorityType) {
     }
 
     /**
-     * 查找SysMetadata中不存在的SysAuthority
+     * 查找SysSecurityAttribute中不存在的SysAuthority
      *
      * @return SysAuthority列表
      */
@@ -86,16 +86,16 @@ public List<SysAuthority> findAllocatable() {
         Specification<SysAuthority> specification = (root, criteriaQuery, criteriaBuilder) -> {
 
             // 构造Not Exist子查询
-            Subquery<SysMetadata> subQuery = criteriaQuery.subquery(SysMetadata.class);
-            Root<SysMetadata> subRoot = subQuery.from(SysMetadata.class);
+            Subquery<SysSecurityAttribute> subQuery = criteriaQuery.subquery(SysSecurityAttribute.class);
+            Root<SysSecurityAttribute> subRoot = subQuery.from(SysSecurityAttribute.class);
 
             // 构造Not Exist 子查询的where条件
-            Predicate subPredicate = criteriaBuilder.equal(subRoot.get("metadataId"), root.get("authorityId"));
+            Predicate subPredicate = criteriaBuilder.equal(subRoot.get("attributeId"), root.get("authorityId"));
             subQuery.where(subPredicate);
 
             // 构造完整的子查询语句
             //这句话不加会报错，因为他不知道你子查询要查出什么字段。就是上面示例中的子查询中的“select *”的作用
-            subQuery.select(subRoot.get("metadataId"));
+            subQuery.select(subRoot.get("attributeId"));
 
             // 构造完整SQL
             // 正确的结构参考：SELECT * FROM sys_authority sa WHERE NOT EXISTS ( SELECT * FROM sys_metadata sm WHERE sm.metadata_id = sa.authority_id )
diff --git a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysMetadataService.java b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysSecurityAttributeService.java
similarity index 55%
rename from services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysMetadataService.java
rename to services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysSecurityAttributeService.java
index a04bc1eec..c9f7168ca 100644
--- a/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysMetadataService.java
+++ b/services/eurynome-cloud-upms-logic/src/main/java/cn/herodotus/eurynome/upms/logic/service/system/SysSecurityAttributeService.java
@@ -15,7 +15,7 @@
  *
  * Project Name: eurynome-cloud
  * Module Name: eurynome-cloud-upms-logic
- * File Name: SysMetadataService.java
+ * File Name: SysSecurityAttributeService.java
  * Author: gengwei.zheng
  * Date: 2021/08/05 17:50:05
  */
@@ -24,9 +24,9 @@
 
 import cn.herodotus.eurynome.crud.service.BaseLayeredService;
 import cn.herodotus.eurynome.data.base.repository.BaseRepository;
-import cn.herodotus.eurynome.upms.api.entity.system.SysMetadata;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
 import cn.herodotus.eurynome.upms.api.entity.system.SysRole;
-import cn.herodotus.eurynome.upms.logic.repository.system.SysMetadataRepository;
+import cn.herodotus.eurynome.upms.logic.repository.system.SysSecurityAttributeRepository;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -41,66 +41,66 @@
 import java.util.List;
 
 /**
- * <p>Description: SysMetadataService </p>
+ * <p>Description: SysSecurityAttributeService </p>
  *
  * @author : gengwei.zheng
  * @date : 2021/8/5 17:50
  */
 @Service
-public class SysMetadataService extends BaseLayeredService<SysMetadata, String> {
+public class SysSecurityAttributeService extends BaseLayeredService<SysSecurityAttribute, String> {
 
-    private static final Logger log = LoggerFactory.getLogger(SysMetadataService.class);
+    private static final Logger log = LoggerFactory.getLogger(SysSecurityAttributeService.class);
 
-    private final SysMetadataRepository sysMetadataRepository;
+    private final SysSecurityAttributeRepository sysSecurityAttributeRepository;
 
     @Autowired
-    public SysMetadataService(SysMetadataRepository sysMetadataRepository) {
-        this.sysMetadataRepository = sysMetadataRepository;
+    public SysSecurityAttributeService(SysSecurityAttributeRepository sysSecurityAttributeRepository) {
+        this.sysSecurityAttributeRepository = sysSecurityAttributeRepository;
     }
 
     @Override
-    public BaseRepository<SysMetadata, String> getRepository() {
-        return this.sysMetadataRepository;
+    public BaseRepository<SysSecurityAttribute, String> getRepository() {
+        return this.sysSecurityAttributeRepository;
     }
 
-    public List<SysMetadata> batchSaveOrUpdate(List<SysMetadata> sysMetadata) {
-        log.debug("[Eurynome] |- SysMetadata Service batchSaveOrUpdate.");
-        return sysMetadataRepository.saveAllAndFlush(sysMetadata);
+    public List<SysSecurityAttribute> batchSaveOrUpdate(List<SysSecurityAttribute> sysMetadata) {
+        log.debug("[Eurynome] |- SysSecurityAttribute Service batchSaveOrUpdate.");
+        return sysSecurityAttributeRepository.saveAllAndFlush(sysMetadata);
     }
 
-    public List<SysMetadata> findByMetadataIn(List<String> ids) {
-        log.debug("[Eurynome] |- SysMetadata Service findByMetadataIn.");
-        return sysMetadataRepository.findByMetadataIdIn(ids);
+    public List<SysSecurityAttribute> findByAttributeIdIn(List<String> ids) {
+        log.debug("[Eurynome] |- SysSecurityAttribute Service findByAttributeIdIn.");
+        return sysSecurityAttributeRepository.findByAttributeIdIn(ids);
     }
 
-    public List<SysMetadata> findByRoleId(String roleId) {
+    public List<SysSecurityAttribute> findByRoleId(String roleId) {
         return this.findByCondition(roleId, null, null);
     }
 
-    public List<SysMetadata> findByScopeId(String scopeId) {
+    public List<SysSecurityAttribute> findByScopeId(String scopeId) {
         return this.findByCondition(null, scopeId, null);
     }
 
-    public List<SysMetadata> findByIpAddressId(String ipAddressId) {
+    public List<SysSecurityAttribute> findByIpAddressId(String ipAddressId) {
         return this.findByCondition(null, null, ipAddressId);
     }
 
-    public List<SysMetadata> findByCondition(String roleId, String scopeId, String ipAddressId) {
-        Specification<SysMetadata> specification = (root, criteriaQuery, criteriaBuilder) -> {
+    public List<SysSecurityAttribute> findByCondition(String roleId, String scopeId, String ipAddressId) {
+        Specification<SysSecurityAttribute> specification = (root, criteriaQuery, criteriaBuilder) -> {
 
             List<Predicate> predicates = new ArrayList<>();
             if (StringUtils.isNotBlank(roleId)) {
-                SetJoin<SysMetadata, SysRole> join = root.joinSet("roles", JoinType.INNER);
+                SetJoin<SysSecurityAttribute, SysRole> join = root.joinSet("roles", JoinType.INNER);
                 predicates.add(criteriaBuilder.equal(join.get("roleId").as(String.class), roleId));
             }
 
             if (StringUtils.isNotBlank(scopeId)) {
-                SetJoin<SysMetadata, SysRole> join = root.joinSet("scopes", JoinType.INNER);
+                SetJoin<SysSecurityAttribute, SysRole> join = root.joinSet("scopes", JoinType.INNER);
                 predicates.add(criteriaBuilder.equal(join.get("scopeId").as(String.class), scopeId));
             }
 
             if (StringUtils.isNotBlank(ipAddressId)) {
-                SetJoin<SysMetadata, SysRole> join = root.joinSet("ipAddress", JoinType.INNER);
+                SetJoin<SysSecurityAttribute, SysRole> join = root.joinSet("ipAddress", JoinType.INNER);
                 predicates.add(criteriaBuilder.equal(join.get("ipId").as(String.class), ipAddressId));
             }
 
@@ -109,7 +109,7 @@ public List<SysMetadata> findByCondition(String roleId, String scopeId, String i
             return criteriaQuery.getRestriction();
         };
 
-        log.debug("[Eurynome] |- SysMetadata Service findByCondition.");
-        return this.sysMetadataRepository.findAll(specification);
+        log.debug("[Eurynome] |- SysSecurityAttribute Service findByCondition.");
+        return this.sysSecurityAttributeRepository.findAll(specification);
     }
 }
diff --git a/services/eurynome-cloud-upms-rest/pom.xml b/services/eurynome-cloud-upms-rest/pom.xml
index 6ef11f89e..40e815699 100644
--- a/services/eurynome-cloud-upms-rest/pom.xml
+++ b/services/eurynome-cloud-upms-rest/pom.xml
@@ -6,11 +6,11 @@
     <parent>
         <artifactId>services</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>eurynome-cloud-upms-rest</artifactId>
-    <version>2.5.4.40</version>
+    <version>2.5.4.50</version>
 
     <name>eurynome-cloud-upms-rest</name>
     <description>通用权限，人员信息服务供应商</description>
diff --git a/services/eurynome-cloud-upms-rest/src/main/java/cn/herodotus/eurynome/upms/rest/controller/system/SysSecurityAttributeController.java b/services/eurynome-cloud-upms-rest/src/main/java/cn/herodotus/eurynome/upms/rest/controller/system/SysSecurityAttributeController.java
new file mode 100644
index 000000000..9e802b48f
--- /dev/null
+++ b/services/eurynome-cloud-upms-rest/src/main/java/cn/herodotus/eurynome/upms/rest/controller/system/SysSecurityAttributeController.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2019-2021 Gengwei Zheng (herodotus@aliyun.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Project Name: eurynome-cloud
+ * Module Name: eurynome-cloud-upms-rest
+ * File Name: SysSecurityAttributeController.java
+ * Author: gengwei.zheng
+ * Date: 2021/08/14 06:54:14
+ */
+
+package cn.herodotus.eurynome.upms.rest.controller.system;
+
+import cn.herodotus.eurynome.crud.controller.BaseWriteableRestController;
+import cn.herodotus.eurynome.crud.service.WriteableService;
+import cn.herodotus.eurynome.upms.api.entity.system.SysSecurityAttribute;
+import cn.herodotus.eurynome.upms.logic.service.system.SysSecurityAttributeService;
+import io.swagger.annotations.Api;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * <p>Description: SysSecurityAttributeController </p>
+ *
+ * @author : gengwei.zheng
+ * @date : 2021/8/14 6:54
+ */
+@RestController
+@RequestMapping("/security-attribute")
+@Api(tags = {"用户中心服务", "系统元数据接口", "权限管理"})
+public class SysSecurityAttributeController extends BaseWriteableRestController<SysSecurityAttribute, String> {
+
+    private final SysSecurityAttributeService sysSecurityAttributeService;
+
+    @Autowired
+    public SysSecurityAttributeController(SysSecurityAttributeService sysSecurityAttributeService) {
+        this.sysSecurityAttributeService = sysSecurityAttributeService;
+    }
+
+    @Override
+    public WriteableService<SysSecurityAttribute, String> getWriteableService() {
+        return this.sysSecurityAttributeService;
+    }
+}
diff --git a/services/pom.xml b/services/pom.xml
index 46549ddd3..e0e09cad1 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -31,7 +31,7 @@
     <parent>
         <artifactId>eurynome-cloud</artifactId>
         <groupId>cn.herodotus.eurynome</groupId>
-        <version>2.5.4.40</version>
+        <version>2.5.4.50</version>
     </parent>
 
     <artifactId>services</artifactId>