diff --git a/itbaima-monitor-server/src/main/java/com/example/filter/JwtAuthenticationFilter.java b/itbaima-monitor-server/src/main/java/com/example/filter/JwtAuthenticationFilter.java
index 3c1f9b6..652ab39 100644
--- a/itbaima-monitor-server/src/main/java/com/example/filter/JwtAuthenticationFilter.java
+++ b/itbaima-monitor-server/src/main/java/com/example/filter/JwtAuthenticationFilter.java
@@ -2,7 +2,9 @@ package com.example.filter;
 
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.example.entity.RestBean;
+import com.example.entity.dto.Account;
 import com.example.entity.dto.Client;
+import com.example.service.AccountService;
 import com.example.service.ClientService;
 import com.example.utils.Const;
 import com.example.utils.JwtUtils;
@@ -62,8 +64,30 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
                 SecurityContextHolder.getContext().setAuthentication(authentication);
                 request.setAttribute(Const.ATTR_USER_ID, utils.toId(jwt));
                 request.setAttribute(Const.ATTR_USER_ROLE, new ArrayList<>(user.getAuthorities()).get(0).getAuthority());
+
+                if(request.getRequestURI().startsWith("/terminal/") && !accessShell(
+                        (int) request.getAttribute(Const.ATTR_USER_ID),
+                        (String) request.getAttribute(Const.ATTR_USER_ROLE),
+                        Integer.parseInt(request.getRequestURI().substring(10)))) {
+                    response.setStatus(401);
+                    response.setCharacterEncoding("utf-8");
+                    response.getWriter().write(RestBean.failure(401, "无权访问").asJsonString());
+                    return;
+                }
             }
         }
         filterChain.doFilter(request, response);
     }
+
+    @Resource
+    AccountService accountService;
+
+    private boolean accessShell(int userId, String userRole, int clientId) {
+        if(Const.ROLE_ADMIN.equals(userRole.substring(5))) {
+            return true;
+        } else {
+            Account account = accountService.getById(userId);
+            return account.getClientList().contains(clientId);
+        }
+    }
 }
diff --git a/monitor.sql b/monitor.sql
new file mode 100644
index 0000000..b039ba4
--- /dev/null
+++ b/monitor.sql
@@ -0,0 +1,81 @@
+/*
+ Navicat Premium Data Transfer
+
+ Source Server         : 本地数据库
+ Source Server Type    : MySQL
+ Source Server Version : 80200 (8.2.0)
+ Source Host           : localhost:3306
+ Source Schema         : monitor
+
+ Target Server Type    : MySQL
+ Target Server Version : 80200 (8.2.0)
+ File Encoding         : 65001
+
+ Date: 14/12/2023 18:44:11
+*/
+
+SET NAMES utf8mb4;
+SET FOREIGN_KEY_CHECKS = 0;
+
+-- ----------------------------
+-- Table structure for db_account
+-- ----------------------------
+DROP TABLE IF EXISTS `db_account`;
+CREATE TABLE `db_account` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `username` varchar(255) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `password` varchar(255) DEFAULT NULL,
+  `role` varchar(255) DEFAULT NULL,
+  `clients` json DEFAULT NULL,
+  `register_time` datetime DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `unique_email` (`email`),
+  UNIQUE KEY `unique_username` (`username`)
+) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+-- ----------------------------
+-- Table structure for db_client
+-- ----------------------------
+DROP TABLE IF EXISTS `db_client`;
+CREATE TABLE `db_client` (
+  `id` int NOT NULL,
+  `name` varchar(255) DEFAULT NULL,
+  `token` varchar(255) DEFAULT NULL,
+  `location` varchar(255) DEFAULT NULL,
+  `node` varchar(255) DEFAULT NULL,
+  `register_time` datetime DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+-- ----------------------------
+-- Table structure for db_client_detail
+-- ----------------------------
+DROP TABLE IF EXISTS `db_client_detail`;
+CREATE TABLE `db_client_detail` (
+  `id` int NOT NULL,
+  `os_arch` varchar(255) DEFAULT NULL,
+  `os_name` varchar(255) DEFAULT NULL,
+  `os_version` varchar(255) DEFAULT NULL,
+  `os_bit` int DEFAULT NULL,
+  `cpu_name` varchar(255) DEFAULT NULL,
+  `cpu_core` int DEFAULT NULL,
+  `memory` double DEFAULT NULL,
+  `disk` double DEFAULT NULL,
+  `ip` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+-- ----------------------------
+-- Table structure for db_client_ssh
+-- ----------------------------
+DROP TABLE IF EXISTS `db_client_ssh`;
+CREATE TABLE `db_client_ssh` (
+  `id` int NOT NULL,
+  `port` int DEFAULT NULL,
+  `username` varchar(255) DEFAULT NULL,
+  `password` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+SET FOREIGN_KEY_CHECKS = 1;