diff --git a/server/service/staff_user.go b/server/service/staff_user.go
index a8ccc1c..92488cd 100644
--- a/server/service/staff_user.go
+++ b/server/service/staff_user.go
@@ -180,9 +180,17 @@ func (s *StaffUser) Update(sess *session.AdminSession, req *api.StaffUpdateReq)
 		if oldCfg == nil {
 			oldCfg = make(map[string]interface{})
 		}
+		isChangeRole := false
 		for k, v := range newCfg {
 			oldCfg[k] = v
+			if k == "user_role" {
+				isChangeRole = true
+			}
 		}
+		if isChangeRole && !sess.GetAdmin().GetConfig().IsAdmin() {
+			panic(config.ErrPriv.New())
+		}
+
 		staffUser.Config = goutil.EncodeJSON(oldCfg)
 	}