diff --git a/backend/middlewares/flow/src/dto/flow_transition_dto.rs b/backend/middlewares/flow/src/dto/flow_transition_dto.rs
index 86eb4136..c58a9196 100644
--- a/backend/middlewares/flow/src/dto/flow_transition_dto.rs
+++ b/backend/middlewares/flow/src/dto/flow_transition_dto.rs
@@ -291,7 +291,7 @@ pub struct FlowTransitionSortStateInfoReq {
 }
 
 /// 后置动作配置信息
-#[derive(Serialize, Deserialize, Clone, PartialEq, Debug, poem_openapi::Object, sea_orm::FromJsonQueryResult)]
+#[derive(Serialize, Deserialize, Clone, PartialEq, Default, Debug, poem_openapi::Object, sea_orm::FromJsonQueryResult)]
 pub struct FlowTransitionPostActionInfo {
     /// 后置动作类型，目前有状态修改和字段修改两种。
     pub kind: FlowTransitionActionChangeKind,
@@ -318,6 +318,9 @@ pub struct FlowTransitionPostActionInfo {
     pub changed_val: Option<Value>,
     /// 修改方式（清空，更改内容，更改为其他字段的值，加减值等）
     pub changed_kind: Option<FlowTransitionActionByVarChangeInfoChangedKind>,
+
+    /// 是否可修改（前端用于判断当前配置是否可编辑）
+    pub is_edit: Option<bool>,
 }
 
 impl From<FlowTransitionPostActionInfo> for FlowTransitionActionChangeAgg {
@@ -364,10 +367,11 @@ pub struct FlowTransitionActionChangeAgg {
 }
 
 /// 后置动作类型，目前有状态修改和字段修改两种。
-#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize, poem_openapi::Enum, EnumIter, sea_orm::DeriveActiveEnum)]
+#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Default, Serialize, poem_openapi::Enum, EnumIter, sea_orm::DeriveActiveEnum)]
 #[sea_orm(rs_type = "String", db_type = "String(Some(255))")]
 pub enum FlowTransitionActionChangeKind {
     /// 字段修改
+    #[default]
     #[sea_orm(string_value = "var")]
     Var,
     /// 状态变更
@@ -543,7 +547,6 @@ impl TryFrom<FlowTransitionInitInfo> for FlowTransitionAddReq {
             action_by_post_changes: Some(value.action_by_post_changes),
             action_by_front_changes: Some(value.action_by_front_changes),
             double_check: value.double_check,
-
             sort: value.sort,
         })
     }
diff --git a/backend/middlewares/flow/src/serv/flow_model_serv.rs b/backend/middlewares/flow/src/serv/flow_model_serv.rs
index 76c8e6b5..126bb67e 100644
--- a/backend/middlewares/flow/src/serv/flow_model_serv.rs
+++ b/backend/middlewares/flow/src/serv/flow_model_serv.rs
@@ -36,7 +36,7 @@ use crate::{
             FlowModelModifyReq, FlowModelSummaryResp,
         },
         flow_state_dto::{FlowStateAggResp, FlowStateDetailResp, FlowStateFilterReq, FlowStateRelModelExt, FlowStateRelModelModifyReq},
-        flow_transition_dto::{FlowTransitionActionChangeKind, FlowTransitionAddReq, FlowTransitionDetailResp, FlowTransitionInitInfo, FlowTransitionModifyReq},
+        flow_transition_dto::{FlowTransitionActionChangeKind, FlowTransitionAddReq, FlowTransitionDetailResp, FlowTransitionInitInfo, FlowTransitionModifyReq, FlowTransitionPostActionInfo},
     },
     flow_config::FlowBasicInfoManager,
     flow_constants,
@@ -327,6 +327,15 @@ impl RbumItemCrudOperation<flow_model::ActiveModel, FlowModelAddReq, FlowModelMo
                 };
                 let child_model_transitions = child_model.transitions();
                 let mut modify_req_clone = modify_req.clone();
+                if let Some(ref mut add_transitions) = &mut modify_req_clone.add_transitions {
+                    for add_transition in add_transitions.iter_mut() {
+                        if let Some(ref mut action_by_post_changes) = &mut add_transition.action_by_post_changes {
+                            for action_by_post_change in action_by_post_changes.iter_mut() {
+                                action_by_post_change.is_edit = Some(false); // 引用复制时，置为不可编辑
+                            }
+                        }
+                    }
+                }
                 if let Some(ref mut modify_transitions) = &mut modify_req_clone.modify_transitions {
                     for modify_transition in modify_transitions.iter_mut() {
                         let parent_model_transition = parent_model_transitions.iter().find(|trans| trans.id == modify_transition.id.to_string()).unwrap();
@@ -954,7 +963,19 @@ impl FlowModelServ {
                     name: state_name,
                     ext,
                     is_init: model_detail.init_state_id == state_id,
-                    transitions: model_detail.transitions().into_iter().filter(|transition| transition.from_flow_state_id == state_id.clone()).collect_vec(),
+                    transitions: model_detail.transitions().into_iter().filter(|transition| transition.from_flow_state_id == state_id.clone()).map(|transition| {
+                        let mut action_by_post_changes = vec![];
+                        for action_by_post_change in transition.action_by_post_changes() {
+                            action_by_post_changes.push(FlowTransitionPostActionInfo  {
+                                is_edit: Some(false), // 引用复制时，置为不可编辑
+                                ..action_by_post_change.clone()
+                            });
+                        }
+                        FlowTransitionDetailResp {
+                            action_by_post_changes: TardisFuns::json.obj_to_json(&action_by_post_changes).unwrap_or_default(),
+                            ..transition.clone()
+                        }
+                    }).collect_vec(),
                 };
                 states.push(state_detail);
             }
@@ -1097,10 +1118,19 @@ impl FlowModelServ {
         let result = match op {
             FlowModelAssociativeOperationKind::Reference => {
                 if is_create_copy.unwrap_or(false) {
+                    let mut add_transitions = rel_model.transitions().into_iter().map(FlowTransitionAddReq::from).collect_vec();
+                    for add_transition in add_transitions.iter_mut() {
+                        if let Some(ref mut action_by_post_changes) = &mut add_transition.action_by_post_changes {
+                            for action_by_post_change in action_by_post_changes.iter_mut() {
+                                action_by_post_change.is_edit = Some(false); // 引用复制时，置为不可编辑
+                            }
+                        }
+                    }
                     Self::add_item(
                         &mut FlowModelAddReq {
                             rel_model_id: Some(rel_model_id.to_string()),
                             rel_template_ids: None,
+                            transitions: Some(add_transitions),
                             ..rel_model.clone().into()
                         },
                         funs,
@@ -1290,12 +1320,12 @@ impl FlowModelServ {
         Ok(())
     }
 
-    pub async fn bind_state(flow_model_id: &str, req: &FlowModelBindStateReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
+    async fn bind_state(flow_model_id: &str, req: &FlowModelBindStateReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         let global_ctx = TardisContext {
             own_paths: "".to_string(),
             ..ctx.clone()
         };
-        if FlowStateServ::get_item(
+        if let Ok(state) = FlowStateServ::get_item(
             &req.state_id,
             &FlowStateFilterReq {
                 basic: RbumBasicFilterReq {
@@ -1307,9 +1337,12 @@ impl FlowModelServ {
             funs,
             &global_ctx,
         )
-        .await
-        .is_err()
-        {
+        .await {
+            let model_detail = Self::get_item(flow_model_id, &FlowModelFilterReq::default(), funs, ctx).await?;
+            if !state.tags.is_empty() && !state.tags.split(',').collect_vec().contains(&model_detail.tag.as_str()) {
+                return Err(funs.err().internal_error("flow_model_serv", "bind_state", "The flow state is not found", "404-flow-state-not-found"));
+            }
+        } else {
             return Err(funs.err().internal_error("flow_model_serv", "bind_state", "The flow state is not found", "404-flow-state-not-found"));
         }
         FlowRelServ::add_simple_rel(
diff --git a/backend/middlewares/flow/tests/test_flow_scenes_fsm.rs b/backend/middlewares/flow/tests/test_flow_scenes_fsm.rs
index 4a380da3..98e68bd2 100644
--- a/backend/middlewares/flow/tests/test_flow_scenes_fsm.rs
+++ b/backend/middlewares/flow/tests/test_flow_scenes_fsm.rs
@@ -195,17 +195,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                     FlowTransitionModifyReq {
                         id: trans_start.id.clone().into(),
                         name: Some(format!("{}-modify", &trans_start.name).into()),
-                        from_flow_state_id: None,
-                        to_flow_state_id: None,
                         transfer_by_auto: Some(true),
-                        transfer_by_timer: None,
-                        guard_by_creator: None,
-                        guard_by_his_operators: None,
-                        guard_by_assigned: None,
-                        guard_by_spec_account_ids: None,
-                        guard_by_spec_role_ids: None,
-                        guard_by_spec_org_ids: None,
-                        guard_by_other_conds: None,
                         vars_collect: Some(vec![
                             FlowVarInfo {
                                 name: "assigned_to".to_string(),
@@ -223,8 +213,6 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                                 ..Default::default()
                             },
                         ]),
-                        action_by_pre_callback: None,
-                        action_by_post_callback: None,
                         action_by_post_changes: Some(vec![FlowTransitionPostActionInfo {
                             kind: FlowTransitionActionChangeKind::State,
                             describe: "".to_string(),
@@ -245,35 +233,19 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                             var_name: "".to_string(),
                             changed_val: None,
                             changed_kind: None,
+                            ..Default::default()
                         }]),
-                        action_by_post_var_changes: None,
-                        action_by_post_state_changes: None,
                         double_check: Some(FlowTransitionDoubleCheckInfo {
                             is_open: true,
                             content: Some("再次确认该操作生效".to_string()),
                         }),
-                        is_notify: None,
-                        action_by_front_changes: None,
-                        sort: None,
+                        ..Default::default()
                     },
                     FlowTransitionModifyReq {
                         id: trans_complate.id.clone().into(),
                         name: Some(format!("{}-modify", &trans_complate.name).into()),
-                        from_flow_state_id: None,
-                        to_flow_state_id: None,
                         transfer_by_auto: Some(true),
-                        transfer_by_timer: None,
-                        guard_by_creator: None,
-                        guard_by_his_operators: None,
-                        guard_by_assigned: None,
-                        guard_by_spec_account_ids: None,
                         guard_by_spec_role_ids: Some(vec!["admin".to_string()]),
-                        guard_by_spec_org_ids: None,
-                        guard_by_other_conds: None,
-                        vars_collect: None,
-                        action_by_pre_callback: None,
-                        action_by_post_callback: None,
-                        action_by_front_changes: None,
                         action_by_post_changes: Some(vec![
                             FlowTransitionPostActionInfo {
                                 kind: FlowTransitionActionChangeKind::Var,
@@ -287,6 +259,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                                 var_name: "id".to_string(),
                                 changed_val: None,
                                 changed_kind: Some(FlowTransitionActionByVarChangeInfoChangedKind::AutoGetOperateTime),
+                                ..Default::default()
                             },
                             FlowTransitionPostActionInfo {
                                 kind: FlowTransitionActionChangeKind::Var,
@@ -300,38 +273,15 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                                 var_name: "id1".to_string(),
                                 changed_val: Some(json!("status")),
                                 changed_kind: Some(FlowTransitionActionByVarChangeInfoChangedKind::SelectField),
+                                ..Default::default()
                             },
                         ]),
-                        action_by_post_var_changes: None,
-                        action_by_post_state_changes: None,
-                        double_check: None,
-                        is_notify: None,
-                        sort: None,
+                        ..Default::default()
                     },
                     FlowTransitionModifyReq {
                         id: trans_close.id.clone().into(),
-                        name: None,
-                        from_flow_state_id: None,
-                        to_flow_state_id: None,
-                        transfer_by_auto: None,
-                        transfer_by_timer: None,
-                        guard_by_creator: None,
-                        guard_by_his_operators: None,
                         guard_by_assigned: Some(true),
-                        guard_by_spec_account_ids: None,
-                        guard_by_spec_role_ids: None,
-                        guard_by_spec_org_ids: None,
-                        guard_by_other_conds: None,
-                        vars_collect: None,
-                        action_by_pre_callback: None,
-                        action_by_post_callback: None,
-                        action_by_post_changes: None,
-                        action_by_post_var_changes: None,
-                        action_by_post_state_changes: None,
-                        action_by_front_changes: None,
-                        double_check: None,
-                        is_notify: None,
-                        sort: None,
+                        ..Default::default()
                     },
                 ]),
                 ..Default::default()
@@ -363,22 +313,6 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
             &FlowModelModifyReq {
                 modify_transitions: Some(vec![FlowTransitionModifyReq {
                     id: proj_trans.id.clone().into(),
-                    name: None,
-                    from_flow_state_id: None,
-                    to_flow_state_id: None,
-                    transfer_by_auto: None,
-                    transfer_by_timer: None,
-                    guard_by_creator: None,
-                    guard_by_his_operators: None,
-                    guard_by_assigned: None,
-                    guard_by_spec_account_ids: None,
-                    guard_by_spec_role_ids: None,
-                    guard_by_spec_org_ids: None,
-                    guard_by_other_conds: None,
-                    vars_collect: None,
-                    action_by_pre_callback: None,
-                    action_by_post_callback: None,
-                    action_by_front_changes: None,
                     action_by_post_changes: Some(vec![FlowTransitionPostActionInfo {
                         kind: FlowTransitionActionChangeKind::State,
                         describe: "".to_string(),
@@ -391,12 +325,9 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                         var_name: "".to_string(),
                         changed_val: None,
                         changed_kind: None,
+                        ..Default::default()
                     }]),
-                    action_by_post_var_changes: None,
-                    action_by_post_state_changes: None,
-                    double_check: None,
-                    is_notify: None,
-                    sort: None,
+                    ..Default::default()
                 }]),
                 ..Default::default()
             },
@@ -410,22 +341,6 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
             &FlowModelModifyReq {
                 modify_transitions: Some(vec![FlowTransitionModifyReq {
                     id: ticket_trans.id.clone().into(),
-                    name: None,
-                    from_flow_state_id: None,
-                    to_flow_state_id: None,
-                    transfer_by_auto: None,
-                    transfer_by_timer: None,
-                    guard_by_creator: None,
-                    guard_by_his_operators: None,
-                    guard_by_assigned: None,
-                    guard_by_spec_account_ids: None,
-                    guard_by_spec_role_ids: None,
-                    guard_by_spec_org_ids: None,
-                    guard_by_other_conds: None,
-                    vars_collect: None,
-                    action_by_pre_callback: None,
-                    action_by_post_callback: None,
-                    action_by_front_changes: None,
                     action_by_post_changes: Some(vec![FlowTransitionPostActionInfo {
                         kind: FlowTransitionActionChangeKind::State,
                         describe: "".to_string(),
@@ -438,12 +353,9 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> {
                         var_name: "".to_string(),
                         changed_val: None,
                         changed_kind: None,
+                        ..Default::default()
                     }]),
-                    action_by_post_var_changes: None,
-                    action_by_post_state_changes: None,
-                    double_check: None,
-                    is_notify: None,
-                    sort: None,
+                    ..Default::default()
                 }]),
                 ..Default::default()
             },
diff --git a/backend/middlewares/flow/tests/test_flow_scenes_fsm1.rs b/backend/middlewares/flow/tests/test_flow_scenes_fsm1.rs
index a751b537..d0760596 100644
--- a/backend/middlewares/flow/tests/test_flow_scenes_fsm1.rs
+++ b/backend/middlewares/flow/tests/test_flow_scenes_fsm1.rs
@@ -320,5 +320,17 @@ pub async fn test(flow_client: &mut TestHttpClient, search_client: &mut TestHttp
     assert!(req_models.iter().any(|mdoel| mdoel.id == req_model_template_id));
     assert!(req_models.iter().all(|mdoel| mdoel.id != req_model_uninit_template_id));
 
+    let req_models: Vec<FlowModelSummaryResp> = flow_client.get("/cc/model/find_by_rel_template_id?tag=REQ&template=true").await;
+    assert_eq!(req_models.len(), 2);
+    assert!(req_models.iter().any(|mdoel| mdoel.id == req_default_model_template_id));
+    assert!(req_models.iter().all(|mdoel| mdoel.id != req_model_template_id));
+    ctx.owner = "u001".to_string();
+    ctx.own_paths = "t2".to_string();
+    flow_client.set_auth(&ctx)?;
+    search_client.set_auth(&ctx)?;
+    let req_models: Vec<FlowModelSummaryResp> = flow_client.get("/cc/model/find_by_rel_template_id?tag=REQ&template=true").await;
+    assert_eq!(req_models.len(), 2);
+    assert!(req_models.iter().any(|mdoel| mdoel.id == req_default_model_template_id));
+    assert!(req_models.iter().all(|mdoel| mdoel.id != req_model_template_id));
     Ok(())
 }
diff --git a/backend/supports/iam/src/basic/dto/iam_account_dto.rs b/backend/supports/iam/src/basic/dto/iam_account_dto.rs
index 22c3c599..ce15321e 100644
--- a/backend/supports/iam/src/basic/dto/iam_account_dto.rs
+++ b/backend/supports/iam/src/basic/dto/iam_account_dto.rs
@@ -121,7 +121,7 @@ pub struct IamAccountBoneResp {
     pub icon: String,
 }
 
-#[derive(poem_openapi::Object, sea_orm::FromQueryResult, Serialize, Deserialize, Debug)]
+#[derive(poem_openapi::Object, sea_orm::FromQueryResult, Serialize, Deserialize, Debug, Clone)]
 pub struct IamAccountSummaryResp {
     pub id: String,
     pub name: String,
diff --git a/backend/supports/iam/src/basic/serv/iam_account_serv.rs b/backend/supports/iam/src/basic/serv/iam_account_serv.rs
index 80672d89..12f23cc4 100644
--- a/backend/supports/iam/src/basic/serv/iam_account_serv.rs
+++ b/backend/supports/iam/src/basic/serv/iam_account_serv.rs
@@ -29,7 +29,7 @@ use crate::basic::dto::iam_account_dto::{
     IamAccountDetailResp, IamAccountModifyReq, IamAccountSelfModifyReq, IamAccountSummaryAggResp, IamAccountSummaryResp,
 };
 use crate::basic::dto::iam_cert_dto::{IamCertMailVCodeAddReq, IamCertPhoneVCodeAddReq, IamCertUserPwdAddReq};
-use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamAppFilterReq, IamTenantFilterReq};
+use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamAppFilterReq, IamRoleFilterReq, IamTenantFilterReq};
 use crate::basic::dto::iam_set_dto::IamSetItemAddReq;
 use crate::basic::serv::iam_attr_serv::IamAttrServ;
 use crate::basic::serv::iam_cert_mail_vcode_serv::IamCertMailVCodeServ;
@@ -471,13 +471,24 @@ impl IamAccountServ {
             IamSetServ::get_set_id_by_code(&IamSetServ::get_default_code(&IamSetKind::Org, &IamTenantServ::get_id_by_ctx(ctx, funs)?), true, funs, ctx).await?
             // IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Org, funs, ctx).await?
         };
-        let raw_roles = Self::find_simple_rel_roles(&account.id, true, Some(true), None, funs, ctx).await?;
-        let mut roles: Vec<RbumRelBoneResp> = vec![];
-        for role in raw_roles {
-            if !IamRoleServ::is_disabled(&role.rel_id, funs).await? {
-                roles.push(role)
-            }
-        }
+        let roles = IamRoleServ::find_items(&IamRoleFilterReq {
+            basic: RbumBasicFilterReq {
+                ignore_scope: false,
+                rel_ctx_owner: false,
+                with_sub_own_paths: true,
+                enabled: Some(true),
+                ..Default::default()
+            },
+            rel: Some(RbumItemRelFilterReq {
+                rel_by_from: false,
+                optional: false,
+                tag: Some(IamRelKind::IamAccountRole.to_string()),
+                from_rbum_kind: Some(RbumRelFromKind::Item),
+                rel_item_id: Some(account.id.clone()),
+                ..Default::default()
+            }),
+            ..Default::default()
+        }, None, None, funs, ctx).await?;
 
         let enabled_apps = IamAppServ::find_items(
             &IamAppFilterReq {
@@ -506,16 +517,16 @@ impl IamAccountServ {
         .await?;
         let mut apps: Vec<IamAccountAppInfoResp> = vec![];
         for app in enabled_apps {
-            let mut mock_app_ctx = ctx.clone();
-            mock_app_ctx.own_paths.clone_from(&app.own_paths);
-            let set_id = IamSetServ::get_set_id_by_code(&IamSetServ::get_default_code(&IamSetKind::Org, &app.own_paths), true, funs, &mock_app_ctx).await?;
-            let groups = IamSetServ::find_flat_set_items(&set_id, account_id, true, funs, &mock_app_ctx).await?;
+            // let mut mock_app_ctx = ctx.clone();
+            // mock_app_ctx.own_paths.clone_from(&app.own_paths);
+            // let set_id = IamSetServ::get_set_id_by_code(&IamSetServ::get_default_code(&IamSetKind::Org, &app.own_paths), true, funs, &mock_app_ctx).await?;
+            // let groups = IamSetServ::find_flat_set_items(&set_id, account_id, true, funs, &mock_app_ctx).await?;
             apps.push(IamAccountAppInfoResp {
                 app_id: app.id,
                 app_name: app.name,
                 app_icon: app.icon,
-                roles: roles.iter().filter(|r| r.rel_own_paths == app.own_paths).map(|r| (r.rel_id.to_string(), r.rel_name.to_string())).collect(),
-                groups,
+                roles: roles.iter().filter(|r| r.own_paths == app.own_paths).map(|r| (r.id.to_string(), r.name.to_string())).collect(),
+                groups: HashMap::default(),
             });
         }
         let account_attrs = IamAttrServ::find_account_attrs(funs, ctx).await?;
@@ -543,7 +554,7 @@ impl IamAccountServ {
             temporary: account.temporary,
             lock_status: account.lock_status,
             icon: account.icon,
-            roles: roles.iter().filter(|r| r.rel_own_paths == ctx.own_paths).map(|r| (r.rel_id.to_string(), r.rel_name.to_string())).collect(),
+            roles: roles.iter().filter(|r| r.own_paths == ctx.own_paths).map(|r| (r.id.to_string(), r.name.to_string())).collect(),
             apps,
             groups,
             certs: IamCertServ::find_certs(
diff --git a/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs
index 9accc4f4..53445d79 100644
--- a/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs
+++ b/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs
@@ -757,15 +757,13 @@ impl IamCertLdapServ {
         .await?;
         for cert in certs {
             let mut funs = iam_constants::get_tardis_inst();
-            funs.begin().await?;
             let local_ldap_id = cert.ak;
             if let Some(iam_account_ext_sys_resp) = ldap_id_to_account_map.get(&local_ldap_id) {
                 //并集 两边都有相同的账号
-
-                if let Ok(Some(local_account)) = IamAccountServ::find_one_item(
+                let local_account_result = IamAccountServ::find_one_item(
                     &IamAccountFilterReq {
                         basic: RbumBasicFilterReq {
-                            ids: Some(vec![]),
+                            ids: Some(vec![cert.rel_rbum_id.clone()]),
                             ..Default::default()
                         },
                         ..Default::default()
@@ -773,66 +771,96 @@ impl IamCertLdapServ {
                     &funs,
                     ctx,
                 )
-                .await
-                {
-                    //判断是否需要更新labor_type、status等
-                    //如果需要更新其他信息，比如用户名也写在这里面
-                    if (!iam_account_ext_sys_resp.labor_type.is_empty() && iam_account_ext_sys_resp.labor_type != local_account.labor_type)
-                        || local_account.disabled
-                        || local_account.status == IamAccountStatusKind::Logout
-                    {
-                        let mut account_modify_req = IamAccountAggModifyReq {
-                            labor_type: Some(iam_account_ext_sys_resp.labor_type.clone()),
-                            ..Default::default()
-                        };
-                        if !iam_account_ext_sys_resp.labor_type.is_empty() && iam_account_ext_sys_resp.labor_type != local_account.labor_type {
-                            account_modify_req.labor_type = Some(iam_account_ext_sys_resp.labor_type.clone());
-                        }
-                        if local_account.disabled || local_account.status == IamAccountStatusKind::Logout {
-                            account_modify_req.status = Some(IamAccountStatusKind::Active);
-                            account_modify_req.logout_type = Some(IamAccountLogoutTypeKind::NotLogout);
-                            account_modify_req.disabled = Some(false);
-                        }
-                        let modify_result = IamAccountServ::modify_account_agg(&cert.rel_rbum_id, &account_modify_req, &funs, ctx).await;
-                        if modify_result.is_err() {
-                            let err_msg = format!("modify account info id:{} failed:{}", cert.rel_rbum_id, modify_result.err().unwrap());
-                            tardis::log::error!("{}", err_msg);
-                            msg = format!("{msg}{err_msg}\n");
-                            funs.rollback().await?;
-                            ldap_id_to_account_map.remove(&local_ldap_id);
-                            continue;
-                        }
-                        IamSearchClient::add_or_modify_account_search(
-                            IamAccountServ::get_account_detail_aggs(
-                                &cert.rel_rbum_id,
-                                &IamAccountFilterReq {
-                                    basic: RbumBasicFilterReq {
-                                        ignore_scope: true,
-                                        own_paths: Some("".to_string()),
-                                        with_sub_own_paths: true,
-                                        ..Default::default()
-                                    },
+                .await;
+                if local_account_result.is_err() || local_account_result.clone()?.is_none() {
+                    let err_msg = format!("get user info failed, id:{} ", cert.rel_rbum_id);
+                    msg = format!("{msg}{err_msg}\n");
+                    ldap_id_to_account_map.remove(&local_ldap_id);
+                    continue;
+                }
+                let local_account = local_account_result.unwrap_or_default().unwrap();
+                // 在事务外单独更新用工性质字段
+                if !iam_account_ext_sys_resp.labor_type.is_empty() && iam_account_ext_sys_resp.labor_type != local_account.labor_type {
+                    let account_modify_req = IamAccountAggModifyReq {
+                        labor_type: Some(iam_account_ext_sys_resp.labor_type.clone()),
+                        ..Default::default()
+                    };
+                    let modify_result = IamAccountServ::modify_account_agg(&cert.rel_rbum_id, &account_modify_req, &funs, ctx).await;
+                    if modify_result.is_err() {
+                        let err_msg = format!("modify account labor_type id:{} failed:{}", cert.rel_rbum_id, modify_result.err().unwrap());
+                        tardis::log::error!("{}", err_msg);
+                        msg = format!("{msg}{err_msg}\n");
+                        ldap_id_to_account_map.remove(&local_ldap_id);
+                        continue;
+                    }
+                    IamSearchClient::add_or_modify_account_search(
+                        IamAccountServ::get_account_detail_aggs(
+                            &cert.rel_rbum_id,
+                            &IamAccountFilterReq {
+                                basic: RbumBasicFilterReq {
+                                    ignore_scope: true,
+                                    own_paths: Some("".to_string()),
+                                    with_sub_own_paths: true,
                                     ..Default::default()
                                 },
-                                true,
-                                true,
-                                &funs,
-                                ctx,
-                            )
-                            .await?,
-                            Box::new(true),
-                            "",
+                                ..Default::default()
+                            },
+                            true,
+                            true,
                             &funs,
                             ctx,
                         )
-                        .await?;
+                        .await?,
+                        Box::new(true),
+                        "",
+                        &funs,
+                        ctx,
+                    )
+                    .await?;
+                }
+                funs.begin().await?;
+                //判断是否需要更新status等
+                //如果需要更新其他信息，比如用户名也写在这里面
+                if local_account.disabled || local_account.status == IamAccountStatusKind::Logout {
+                    let mut account_modify_req = IamAccountAggModifyReq::default();
+                    if local_account.disabled || local_account.status == IamAccountStatusKind::Logout {
+                        account_modify_req.status = Some(IamAccountStatusKind::Active);
+                        account_modify_req.logout_type = Some(IamAccountLogoutTypeKind::NotLogout);
+                        account_modify_req.disabled = Some(false);
                     }
-                } else {
-                    let err_msg = format!("get user info failed, id:{} ", cert.rel_rbum_id);
-                    msg = format!("{msg}{err_msg}\n");
-                    funs.rollback().await?;
-                    ldap_id_to_account_map.remove(&local_ldap_id);
-                    continue;
+                    let modify_result = IamAccountServ::modify_account_agg(&cert.rel_rbum_id, &account_modify_req, &funs, ctx).await;
+                    if modify_result.is_err() {
+                        let err_msg = format!("modify account info id:{} failed:{}", cert.rel_rbum_id, modify_result.err().unwrap());
+                        tardis::log::error!("{}", err_msg);
+                        msg = format!("{msg}{err_msg}\n");
+                        funs.rollback().await?;
+                        ldap_id_to_account_map.remove(&local_ldap_id);
+                        continue;
+                    }
+                    IamSearchClient::add_or_modify_account_search(
+                        IamAccountServ::get_account_detail_aggs(
+                            &cert.rel_rbum_id,
+                            &IamAccountFilterReq {
+                                basic: RbumBasicFilterReq {
+                                    ignore_scope: true,
+                                    own_paths: Some("".to_string()),
+                                    with_sub_own_paths: true,
+                                    ..Default::default()
+                                },
+                                ..Default::default()
+                            },
+                            true,
+                            true,
+                            &funs,
+                            ctx,
+                        )
+                        .await?,
+                        Box::new(true),
+                        "",
+                        &funs,
+                        ctx,
+                    )
+                    .await?;
                 }
 
                 if !iam_account_ext_sys_resp.mobile.is_empty() {
@@ -982,8 +1010,10 @@ impl IamCertLdapServ {
                         &TardisFuns::json.obj_to_string(&IamThirdIntegrationSyncStatusDto { total, success, failed })?,
                     )
                     .await;
+                funs.commit().await?;
             } else {
                 total += 1;
+                funs.begin().await?;
                 //ldap没有 iam有的 需要同步删除
                 let delete_result = match sync_config.account_way_to_delete {
                     WayToDelete::DoNotDelete => Ok(()),
@@ -1039,8 +1069,8 @@ impl IamCertLdapServ {
                         &TardisFuns::json.obj_to_string(&IamThirdIntegrationSyncStatusDto { total, success, failed })?,
                     )
                     .await;
+                funs.commit().await?;
             };
-            funs.commit().await?;
         }
         //ldap有的 但是iam没有的 需要添加
         for ldap_id in ldap_id_to_account_map.keys() {