diff --git a/jsowell-admin/src/main/java/com/jsowell/web/controller/pile/MemberBasicInfoController.java b/jsowell-admin/src/main/java/com/jsowell/web/controller/pile/MemberBasicInfoController.java
index 69c18cdea..b1e71aa94 100644
--- a/jsowell-admin/src/main/java/com/jsowell/web/controller/pile/MemberBasicInfoController.java
+++ b/jsowell-admin/src/main/java/com/jsowell/web/controller/pile/MemberBasicInfoController.java
@@ -154,8 +154,15 @@ public class MemberBasicInfoController extends BaseController {
     public AjaxResult updateMemberBalance(@RequestBody UpdateMemberBalanceDTO dto) {
     	logger.info("后管充值/扣款余额 param:{}", dto.toString());
         AjaxResult ajaxResult;
-    	// 判断入参
         try {
+            // 判断入参
+            if (dto == null || StringUtils.isBlank(dto.getMemberId()) || StringUtils.isBlank(dto.getTargetMerchantId())
+                || dto.getUpdateGiftBalance() == null) {
+                throw new BusinessException(ReturnCodeEnum.CODE_PARAM_NOT_NULL_ERROR);
+            }
+
+
+
             int i = memberBasicInfoService.updateMemberBalance(dto);
             if (i > 0) {
                 ajaxResult = AjaxResult.success(ReturnCodeEnum.CODE_SUCCESS.getLabel());
diff --git a/jsowell-common/src/main/java/com/jsowell/common/enums/ykc/ReturnCodeEnum.java b/jsowell-common/src/main/java/com/jsowell/common/enums/ykc/ReturnCodeEnum.java
index a896c6e2a..720ba5eb5 100644
--- a/jsowell-common/src/main/java/com/jsowell/common/enums/ykc/ReturnCodeEnum.java
+++ b/jsowell-common/src/main/java/com/jsowell/common/enums/ykc/ReturnCodeEnum.java
@@ -6,6 +6,8 @@ public enum ReturnCodeEnum {
 	 */
 	CODE_SUCCESS("00100000", "操作成功"),
 
+	CODE_PERMISSION_DENIED("00100001", "没有操作权限"),
+
 	CODE_TOKEN_ERROR("00100002", "身份验证失败，请重新登录"),
 
 	CODE_PARAM_NOT_NULL_ERROR("00100003", "参数不能为空"),
diff --git a/jsowell-pile/src/main/java/com/jsowell/pile/service/impl/MemberBasicInfoServiceImpl.java b/jsowell-pile/src/main/java/com/jsowell/pile/service/impl/MemberBasicInfoServiceImpl.java
index dba14a12d..89df09dd3 100644
--- a/jsowell-pile/src/main/java/com/jsowell/pile/service/impl/MemberBasicInfoServiceImpl.java
+++ b/jsowell-pile/src/main/java/com/jsowell/pile/service/impl/MemberBasicInfoServiceImpl.java
@@ -7,6 +7,7 @@ import com.jsowell.common.constant.CacheConstants;
 import com.jsowell.common.constant.Constants;
 import com.jsowell.common.core.redis.RedisCache;
 import com.jsowell.common.enums.MemberWalletEnum;
+import com.jsowell.common.enums.ykc.ReturnCodeEnum;
 import com.jsowell.common.exception.BusinessException;
 import com.jsowell.common.util.DateUtils;
 import com.jsowell.common.util.SecurityUtils;
@@ -25,6 +26,7 @@ import com.jsowell.pile.mapper.MemberWalletLogMapper;
 import com.jsowell.pile.service.*;
 import com.jsowell.pile.util.UserUtils;
 import com.jsowell.pile.vo.base.LoginUserDetailVO;
+import com.jsowell.pile.vo.base.MerchantInfoVO;
 import com.jsowell.pile.vo.uniapp.MemberBalanceVO;
 import com.jsowell.pile.vo.uniapp.MemberVO;
 import com.jsowell.pile.vo.uniapp.MemberWalletLogVO;
@@ -40,6 +42,7 @@ import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * 会员基础信息Service业务层处理
@@ -180,19 +183,29 @@ public class MemberBasicInfoServiceImpl implements IMemberBasicInfoService {
 	 */
 	@Override
 	public int updateMemberBalance(UpdateMemberBalanceDTO dto) {
-		String memberId = dto.getMemberId();
-		BigDecimal updateGiftBalance = dto.getUpdateGiftBalance();
-		BigDecimal updatePrincipalBalance = dto.getUpdatePrincipalBalance();
-		log.info("修改用户余额 memberId:{}, updatePrincipalBalance:{}, updateGiftBalance:{}", memberId, updatePrincipalBalance, updateGiftBalance);
+		String memberId = dto.getMemberId(); // 会员id
+		BigDecimal updateGiftBalance = dto.getUpdateGiftBalance(); // 更新赠送金额
+		BigDecimal updatePrincipalBalance = dto.getUpdatePrincipalBalance(); // 更新本金金额
+		String targetMerchantId = dto.getTargetMerchantId(); // 目标运营商id
+		log.info("修改用户余额 memberId:{}, updatePrincipalBalance:{}, targetMerchantId:{}", memberId, updatePrincipalBalance, targetMerchantId);
+
+		// 校验权限
+		LoginUserDetailVO loginUserDetail = UserUtils.getLoginUserDetail();
+		List<MerchantInfoVO> merchantInfoVOList = loginUserDetail.getMerchantInfoVOList();
+		List<String> collect = merchantInfoVOList.stream().map(MerchantInfoVO::getMerchantId).collect(Collectors.toList());
+		if (!collect.contains(targetMerchantId)) {
+			throw new BusinessException(ReturnCodeEnum.CODE_PERMISSION_DENIED);
+		}
+
 		// 查询用户余额
-		MemberWalletInfo walletInfo = memberWalletInfoService.selectByMemberId(memberId, dto.getTargetMerchantId());
+		MemberWalletInfo walletInfo = memberWalletInfoService.selectByMemberId(memberId, targetMerchantId);
 		if (walletInfo == null) {
-			log.warn("根据会员id:{}, 目标运营商id:{}, 查询会员信息为空, 新建会员钱包", memberId, dto.getTargetMerchantId());
+			log.warn("根据会员id:{}, 目标运营商id:{}, 查询会员信息为空, 新建会员钱包", memberId, targetMerchantId);
 			// 如果查询到钱包为空，就新建一个该运营商的钱包
 			walletInfo = MemberWalletInfo.builder()
 					.walletCode(IdUtils.get16UUID())
 					.memberId(memberId)
-					.merchantId(dto.getTargetMerchantId())
+					.merchantId(targetMerchantId)
 					.giftBalance(BigDecimal.ZERO)
 					.principalBalance(BigDecimal.ZERO)
 					.version(0)