diff --git a/src/main/java/org/leolo/nrapi/util/RoleUtil.java b/src/main/java/org/leolo/nrapi/util/RoleUtil.java
new file mode 100644
index 0000000..c160dfb
--- /dev/null
+++ b/src/main/java/org/leolo/nrapi/util/RoleUtil.java
@@ -0,0 +1,46 @@
+package org.leolo.nrapi.util;
+
+
+import org.leolo.nrapi.manager.DatabaseManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+public class RoleUtil {
+
+    private static Logger log = LoggerFactory.getLogger(RoleUtil.class);
+
+    public static boolean hasPermission(long userId, String prem){
+        try(
+                Connection conn = DatabaseManager.getInstance().getConnection();
+                PreparedStatement pstmt = conn.prepareStatement(
+                        "SELECT 1 FROM user_perm WHERE user_id = ? AND perm_name = ? " +
+                                "UNION ALL SELECT 1 FROM user_groups ug JOIN group_perm gp on ug.group_id = gp.group_id " +
+                                "WHERE ug.user_id = ? and gp.perm_name = ?"
+                )
+        ){
+            pstmt.setLong(1, userId);
+            pstmt.setString(2, prem);
+            pstmt.setLong(3, userId);
+            pstmt.setString(4, prem);
+            try(ResultSet rs = pstmt.executeQuery()){
+                return  rs.next();
+            }
+        }catch (SQLException e){
+            log.error(e.getMessage(),e);
+        }
+        return false;
+    }
+
+    public static boolean hasPermission(String permission){
+        long userId = HttpReqRespUtils.getUserId();
+        if(userId!=-1){
+            return hasPermission(userId, permission);
+        }
+        return false;
+    }
+}