diff --git a/backend/utils/iam_service.py b/backend/utils/iam_service.py
index ae17a00..a2be71c 100644
--- a/backend/utils/iam_service.py
+++ b/backend/utils/iam_service.py
@@ -92,12 +92,13 @@ class IAMService:
 
     def attach_policy_in_project(self, username: str, policy_name: str,
                                   project_name: str, policy_type: str = "System") -> dict:
-        """在项目范围内授权"""
+        """在项目范围内授权（限定到指定项目）"""
         return self.client.call("AttachUserPolicy", {
             "UserName": username,
             "PolicyName": policy_name,
             "PolicyType": policy_type,
             "ProjectName": project_name,
+            "Scope": "Project",
         })
 
     def detach_policy_in_project(self, username: str, policy_name: str,
@@ -108,6 +109,7 @@ class IAMService:
             "PolicyName": policy_name,
             "PolicyType": policy_type,
             "ProjectName": project_name,
+            "Scope": "Project",
         })
 
     # === Deny Policy (project isolation) ===