diff --git a/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java b/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java
index 6b110ba196..3c74fe4ecc 100644
--- a/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java
+++ b/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java
@@ -40,7 +40,7 @@ public class PrisonQuestionController {
 
     @PostMapping("/create")
     @Operation(summary = "创建问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:create')")
+    @PreAuthorize("@ss.hasPermission('prison:question:create') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = CREATE)
     public CommonResult<Long> createQuestion(@Valid @RequestBody QuestionSaveReqVO createReqVO) {
         return success(questionService.createQuestion(createReqVO));
@@ -48,7 +48,7 @@ public class PrisonQuestionController {
 
     @PutMapping("/update")
     @Operation(summary = "更新问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:update')")
+    @PreAuthorize("@ss.hasPermission('prison:question:update') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = UPDATE)
     public CommonResult<Boolean> updateQuestion(@Valid @RequestBody QuestionSaveReqVO updateReqVO) {
         questionService.updateQuestion(updateReqVO);
@@ -58,7 +58,7 @@ public class PrisonQuestionController {
     @DeleteMapping("/delete")
     @Operation(summary = "删除问卷问题")
     @Parameter(name = "id", description = "编号", required = true)
-    @PreAuthorize("@ss.hasPermission('prison:question:delete')")
+    @PreAuthorize("@ss.hasPermission('prison:question:delete') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = DELETE)
     public CommonResult<Boolean> deleteQuestion(@NotNull(message = "编号不能为空") @RequestParam("id") Long id) {
         questionService.deleteQuestion(id);
@@ -68,7 +68,7 @@ public class PrisonQuestionController {
     @DeleteMapping("/delete-list")
     @Parameter(name = "ids", description = "编号", required = true)
     @Operation(summary = "批量删除问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:delete')")
+    @PreAuthorize("@ss.hasPermission('prison:question:delete') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = DELETE)
     public CommonResult<Boolean> deleteQuestionList(@NotEmpty(message = "编号列表不能为空") @RequestParam("ids") List<Long> ids) {
         questionService.deleteQuestionListByIds(ids);
@@ -78,7 +78,7 @@ public class PrisonQuestionController {
     @GetMapping("/get")
     @Operation(summary = "获得问卷问题")
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthorize("@ss.hasPermission('prison:question:query')")
+    @PreAuthorize("@ss.hasPermission('prison:question:query') or @ss.hasPermission('prison:questionnaire:query') or @ss.hasPermission('prison:questionnaire:update')")
     public CommonResult<QuestionRespVO> getQuestion(@RequestParam("id") Long id) {
         QuestionDO question = questionService.getQuestion(id);
         return success(QuestionConvert.INSTANCE.convert(question));
@@ -86,7 +86,7 @@ public class PrisonQuestionController {
 
     @GetMapping("/page")
     @Operation(summary = "获得问卷问题分页")
-    @PreAuthorize("@ss.hasPermission('prison:question:query')")
+    @PreAuthorize("@ss.hasPermission('prison:question:query') or @ss.hasPermission('prison:questionnaire:query') or @ss.hasPermission('prison:questionnaire:update')")
     public CommonResult<PageResult<QuestionRespVO>> getQuestionPage(@Valid QuestionPageReqVO pageReqVO) {
         PageResult<QuestionDO> pageResult = questionService.getQuestionPage(pageReqVO);
         return success(QuestionConvert.INSTANCE.convertPage(pageResult));
@@ -94,7 +94,7 @@ public class PrisonQuestionController {
 
     @PostMapping("/batch-update")
     @Operation(summary = "批量更新问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:update')")
+    @PreAuthorize("@ss.hasPermission('prison:question:update') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = UPDATE)
     public CommonResult<Boolean> batchUpdateQuestion(@Valid @RequestBody QuestionBatchUpdateReqVO reqVO) {
         // 转换为 Service 需要的格式
@@ -113,7 +113,7 @@ public class PrisonQuestionController {
 
     @GetMapping("/export-excel")
     @Operation(summary = "导出问卷问题 Excel")
-    @PreAuthorize("@ss.hasPermission('prison:question:export')")
+    @PreAuthorize("@ss.hasPermission('prison:question:export') or @ss.hasPermission('prison:questionnaire:export') or @ss.hasPermission('prison:questionnaire:update')")
     @ApiAccessLog(operateType = EXPORT)
     public void exportQuestionExcel(@Valid QuestionPageReqVO pageReqVO,
               HttpServletResponse response) throws IOException {