diff --git a/api/org/create.go b/api/org/create.go
index 8b94830..0816970 100644
--- a/api/org/create.go
+++ b/api/org/create.go
@@ -72,6 +72,21 @@ func create(x *vigo.X, req *CreateRequest) (*models.Org, error) {
 		return nil, vigo.ErrInternalServer.WithError(err)
 	}
 
+	// 为组织 admin 角色添加权限 (vb:*:* 表示该组织下的所有权限)
+	adminPerms := []models.RolePermission{
+		{RoleID: adminRole.ID, PermissionID: "vb:*:*", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:read", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:update", Condition: "none"},
+		{RoleID: adminRole.ID, PermissionID: "vb:org:delete", Condition: "none"},
+	}
+	for _, perm := range adminPerms {
+		if err := cfg.DB().Create(&perm).Error; err != nil {
+			cfg.DB().Delete(&models.Role{}).Where("org_id = ?", org.ID)
+			cfg.DB().Delete(org)
+			return nil, vigo.ErrInternalServer.WithError(err)
+		}
+	}
+
 	// 授予创建者 admin 角色
 	if err := auth.VBaseAuth.GrantRole(x.Context(), ownerID, org.ID, "admin"); err != nil {
 		// 回滚