diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
index d0b93044e714..2ceef896da26 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
@@ -20,6 +20,7 @@
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shenyu.admin.mapper.DashboardUserMapper;
+import org.apache.shenyu.admin.model.custom.UserInfo;
 import org.apache.shenyu.admin.model.dto.DashboardUserDTO;
 import org.apache.shenyu.admin.model.page.CommonPager;
 import org.apache.shenyu.admin.model.page.PageParameter;
@@ -32,6 +33,7 @@
 import org.apache.shenyu.admin.utils.ShenyuResultMessage;
 import org.apache.shenyu.admin.validation.annotation.Existed;
 import org.apache.shenyu.common.utils.ShaUtils;
+import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -50,6 +52,7 @@
 import javax.validation.constraints.NotNull;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Optional;
 
 /**
@@ -158,6 +161,13 @@ public ShenyuAdminResult modifyPassword(@PathVariable("id")
                                             @Existed(provider = DashboardUserMapper.class,
                                                     message = "user is not found") final String id,
                                             @Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
+        UserInfo userInfo = (UserInfo) SecurityUtils.getSubject().getPrincipal();
+        if (Objects.isNull(userInfo)) {
+            return ShenyuAdminResult.error(ShenyuResultMessage.DASHBOARD_USER_LOGIN_ERROR);
+        }
+        if (!userInfo.getUserId().equals(id) && !userInfo.getUserName().equals(dashboardUserDTO.getUserName())) {
+            return ShenyuAdminResult.error(ShenyuResultMessage.DASHBOARD_MODIFY_PASSWORD_ERROR);
+        }
         return updateDashboardUser(id, dashboardUserDTO);
     }
     
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
index 760cec15b434..6fa38871c08d 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
@@ -46,8 +46,12 @@ public final class ShenyuResultMessage {
 
     public static final String ROLE_CREATE_ERROR = "can not create super role";
 
+    public static final String DASHBOARD_USER_LOGIN_ERROR = "user not login please login first";
+
     public static final String DASHBOARD_QUERY_ERROR = "user info is empty";
 
+    public static final String DASHBOARD_MODIFY_PASSWORD_ERROR = "can not modify other user password";
+
     public static final String DASHBOARD_CREATE_USER_ERROR = "empty user info, please confirm";
 
     public static final String PLATFORM_LOGIN_SUCCESS = "login dashboard user success";