diff --git a/src/main/java/cokr/xit/fims/base/web/UserController.java b/src/main/java/cokr/xit/fims/base/web/UserController.java
index 6d9d6dbc..094774b8 100644
--- a/src/main/java/cokr/xit/fims/base/web/UserController.java
+++ b/src/main/java/cokr/xit/fims/base/web/UserController.java
@@ -17,6 +17,7 @@ import cokr.xit.base.code.service.bean.CodeBean;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.SecuredUserInfo;
 import cokr.xit.base.security.access.service.AuthorityService;
+import cokr.xit.base.security.access.service.bean.AuthorityBean;
 import cokr.xit.base.user.UserQuery;
 import cokr.xit.base.user.service.UserService;
 import cokr.xit.fims.base.FimsUser;
@@ -45,6 +46,9 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 	@Resource(name = "stngBean")
 	private StngBean stngBean;
 
+	@Resource(name = "authorityBean")
+	private AuthorityBean authorityBean;
+
 	@Override
 	public ModelAndView main() {
 		ModelAndView mav = super.main();
@@ -87,6 +91,37 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 		return super.create(user);
 	}
 
+	@Override
+	public ModelAndView update(FimsUser user) {
+
+		int myGrade = getUserGrade(currentUser());
+		int targetGrade = getUserGrade(user.getId());
+
+		if(myGrade <= targetGrade) {
+			return super.update(user);
+		} else {
+			return new ModelAndView("jsonView")
+					.addObject("failed", true)
+					.addObject("description", "해당 계정보다 권한이 낮아 계정을 수정할 수 없습니다.");
+		}
+	}
+
+	@Override
+	public ModelAndView remove(String... userIDs) {
+
+		int myGrade = getUserGrade(currentUser());
+		for(String userID : userIDs) {
+			int targetGrade = getUserGrade(userID);
+			if(myGrade > targetGrade) {
+				return new ModelAndView("jsonView")
+						.addObject("failed", true)
+						.addObject("description", "삭제 대상 중 현재 계정보다 권한이 높아 삭제할 수 없는 계정이 있습니다.");
+			}
+		}
+
+		return super.remove(userIDs);
+	}
+
 	@Override
 	public ModelAndView isDuplicate(String account, String institute) {
 		account = account.toUpperCase();
@@ -249,4 +284,25 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 			.addObject("affected", affected)
 			.addObject("saved", affected > 0);
 	}
+
+	private int getUserGrade(SecuredUserInfo userInfo) {
+		if(userInfo.isAdmin()) {
+			return 0;
+		}
+		if(userInfo.hasAuthorities("ROLE_TASK_ADMIN")) {
+			return 1;
+		}
+		return 99;
+	}
+
+	private int getUserGrade(String userId) {
+		List<String> auths = authorityBean.getUserAuths(userId);
+		if(auths.contains("ROLE_ADMIN")) {
+			return 0;
+		}
+		if(auths.contains("ROLE_TASK_ADMIN")) {
+			return 1;
+		}
+		return 99;
+	}
 }