diff --git a/backend/src/main/java/com/xly/erp/module/usr/entity/PermissionCategoryEntity.java b/backend/src/main/java/com/xly/erp/module/usr/entity/PermissionCategoryEntity.java
new file mode 100644
index 0000000..4efca81
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/entity/PermissionCategoryEntity.java
@@ -0,0 +1,54 @@
+package com.xly.erp.module.usr.entity;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+/** REQ-USR-001 引入。表 tPermissionCategory（详见 docs/03 § tPermissionCategory）。 */
+@Data
+@TableName("tPermissionCategory")
+public class PermissionCategoryEntity {
+
+    @TableId(value = "iIncrement", type = IdType.AUTO)
+    private Integer iIncrement;
+
+    @TableField("sId")
+    private String sId;
+
+    @TableField("sBrandsId")
+    private String sBrandsId;
+
+    @TableField("sSubsidiaryId")
+    private String sSubsidiaryId;
+
+    @TableField("tCreateDate")
+    private LocalDateTime tCreateDate;
+
+    @TableField("sCategoryCode")
+    private String sCategoryCode;
+
+    @TableField("sCategoryName")
+    private String sCategoryName;
+
+    @TableField("iParentId")
+    private Integer iParentId;
+
+    @TableField("iSortOrder")
+    private Integer iSortOrder;
+
+    @TableField("sCreatedBy")
+    private String sCreatedBy;
+
+    @TableField("bDeleted")
+    private Boolean bDeleted;
+
+    @TableField("tDeletedDate")
+    private LocalDateTime tDeletedDate;
+
+    @TableField("sDeletedBy")
+    private String sDeletedBy;
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/entity/StaffEntity.java b/backend/src/main/java/com/xly/erp/module/usr/entity/StaffEntity.java
new file mode 100644
index 0000000..7d9489d
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/entity/StaffEntity.java
@@ -0,0 +1,51 @@
+package com.xly.erp.module.usr.entity;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+/** REQ-USR-001 引入。表 tStaff（详见 docs/03 § tStaff）。 */
+@Data
+@TableName("tStaff")
+public class StaffEntity {
+
+    @TableId(value = "iIncrement", type = IdType.AUTO)
+    private Integer iIncrement;
+
+    @TableField("sId")
+    private String sId;
+
+    @TableField("sBrandsId")
+    private String sBrandsId;
+
+    @TableField("sSubsidiaryId")
+    private String sSubsidiaryId;
+
+    @TableField("tCreateDate")
+    private LocalDateTime tCreateDate;
+
+    @TableField("sStaffNo")
+    private String sStaffNo;
+
+    @TableField("sStaffName")
+    private String sStaffName;
+
+    @TableField("sDepartment")
+    private String sDepartment;
+
+    @TableField("sCreatedBy")
+    private String sCreatedBy;
+
+    @TableField("bDeleted")
+    private Boolean bDeleted;
+
+    @TableField("tDeletedDate")
+    private LocalDateTime tDeletedDate;
+
+    @TableField("sDeletedBy")
+    private String sDeletedBy;
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/entity/UserEntity.java b/backend/src/main/java/com/xly/erp/module/usr/entity/UserEntity.java
new file mode 100644
index 0000000..2e5a092
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/entity/UserEntity.java
@@ -0,0 +1,66 @@
+package com.xly.erp.module.usr.entity;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+/** REQ-USR-001 用户主数据。表 tUser（详见 docs/03 § tUser）。 */
+@Data
+@TableName("tUser")
+public class UserEntity {
+
+    @TableId(value = "iIncrement", type = IdType.AUTO)
+    private Integer iIncrement;
+
+    @TableField("sId")
+    private String sId;
+
+    @TableField("sBrandsId")
+    private String sBrandsId;
+
+    @TableField("sSubsidiaryId")
+    private String sSubsidiaryId;
+
+    @TableField("tCreateDate")
+    private LocalDateTime tCreateDate;
+
+    @TableField("sUserNo")
+    private String sUserNo;
+
+    @TableField("sUserName")
+    private String sUserName;
+
+    @TableField("iStaffId")
+    private Integer iStaffId;
+
+    @TableField("sUserType")
+    private String sUserType;
+
+    @TableField("sLanguage")
+    private String sLanguage;
+
+    @TableField("bCanModifyDocs")
+    private Boolean bCanModifyDocs;
+
+    @TableField("sPasswordHash")
+    private String sPasswordHash;
+
+    @TableField("tLastLoginDate")
+    private LocalDateTime tLastLoginDate;
+
+    @TableField("sCreatedBy")
+    private String sCreatedBy;
+
+    @TableField("bDeleted")
+    private Boolean bDeleted;
+
+    @TableField("tDeletedDate")
+    private LocalDateTime tDeletedDate;
+
+    @TableField("sDeletedBy")
+    private String sDeletedBy;
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/entity/UserPermissionEntity.java b/backend/src/main/java/com/xly/erp/module/usr/entity/UserPermissionEntity.java
new file mode 100644
index 0000000..4f6d5ab
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/entity/UserPermissionEntity.java
@@ -0,0 +1,42 @@
+package com.xly.erp.module.usr.entity;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+/** REQ-USR-001 引入。表 tUserPermission（详见 docs/03 § tUserPermission）。 */
+@Data
+@TableName("tUserPermission")
+public class UserPermissionEntity {
+
+    @TableId(value = "iIncrement", type = IdType.AUTO)
+    private Integer iIncrement;
+
+    @TableField("sId")
+    private String sId;
+
+    @TableField("sBrandsId")
+    private String sBrandsId;
+
+    @TableField("sSubsidiaryId")
+    private String sSubsidiaryId;
+
+    @TableField("tCreateDate")
+    private LocalDateTime tCreateDate;
+
+    @TableField("iUserId")
+    private Integer iUserId;
+
+    @TableField("iCategoryId")
+    private Integer iCategoryId;
+
+    // docs/03 § tUserPermission 修订版无 bSelected 列——关联记录存在即「已选」，无需独立 flag。
+    // 早期 REQ-USR-001 spec/plan 草稿曾包含 bSelected，与 SSoT docs/03 不一致；以 docs/03 为准。
+
+    @TableField("sCreatedBy")
+    private String sCreatedBy;
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/mapper/PermissionCategoryMapper.java b/backend/src/main/java/com/xly/erp/module/usr/mapper/PermissionCategoryMapper.java
new file mode 100644
index 0000000..a361809
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/mapper/PermissionCategoryMapper.java
@@ -0,0 +1,7 @@
+package com.xly.erp.module.usr.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.xly.erp.module.usr.entity.PermissionCategoryEntity;
+
+public interface PermissionCategoryMapper extends BaseMapper<PermissionCategoryEntity> {
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/mapper/StaffMapper.java b/backend/src/main/java/com/xly/erp/module/usr/mapper/StaffMapper.java
new file mode 100644
index 0000000..ec45391
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/mapper/StaffMapper.java
@@ -0,0 +1,7 @@
+package com.xly.erp.module.usr.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.xly.erp.module.usr.entity.StaffEntity;
+
+public interface StaffMapper extends BaseMapper<StaffEntity> {
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/mapper/UserMapper.java b/backend/src/main/java/com/xly/erp/module/usr/mapper/UserMapper.java
new file mode 100644
index 0000000..2a5bcaf
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/mapper/UserMapper.java
@@ -0,0 +1,7 @@
+package com.xly.erp.module.usr.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.xly.erp.module.usr.entity.UserEntity;
+
+public interface UserMapper extends BaseMapper<UserEntity> {
+}
diff --git a/backend/src/main/java/com/xly/erp/module/usr/mapper/UserPermissionMapper.java b/backend/src/main/java/com/xly/erp/module/usr/mapper/UserPermissionMapper.java
new file mode 100644
index 0000000..2027cc1
--- /dev/null
+++ b/backend/src/main/java/com/xly/erp/module/usr/mapper/UserPermissionMapper.java
@@ -0,0 +1,7 @@
+package com.xly.erp.module.usr.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.xly.erp.module.usr.entity.UserPermissionEntity;
+
+public interface UserPermissionMapper extends BaseMapper<UserPermissionEntity> {
+}
diff --git a/backend/src/test/java/com/xly/erp/module/usr/mapper/UsrMappersIT.java b/backend/src/test/java/com/xly/erp/module/usr/mapper/UsrMappersIT.java
new file mode 100644
index 0000000..84fe8a9
--- /dev/null
+++ b/backend/src/test/java/com/xly/erp/module/usr/mapper/UsrMappersIT.java
@@ -0,0 +1,106 @@
+package com.xly.erp.module.usr.mapper;
+
+import com.xly.erp.module.usr.entity.PermissionCategoryEntity;
+import com.xly.erp.module.usr.entity.StaffEntity;
+import com.xly.erp.module.usr.entity.UserEntity;
+import com.xly.erp.module.usr.entity.UserPermissionEntity;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.annotation.Rollback;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@SpringBootTest
+@ActiveProfiles("test")
+@Transactional
+@Rollback
+class UsrMappersIT {
+
+    @Autowired UserMapper userMapper;
+    @Autowired StaffMapper staffMapper;
+    @Autowired PermissionCategoryMapper permissionCategoryMapper;
+    @Autowired UserPermissionMapper userPermissionMapper;
+
+    @Test
+    void staff_insertAndSelect() {
+        StaffEntity s = new StaffEntity();
+        s.setSStaffNo("staff_" + System.nanoTime());
+        s.setSStaffName("张三");
+        s.setSDepartment("研发部");
+        s.setBDeleted(false);
+        s.setTCreateDate(LocalDateTime.now());
+        assertThat(staffMapper.insert(s)).isEqualTo(1);
+        assertThat(s.getIIncrement()).isPositive();
+        StaffEntity loaded = staffMapper.selectById(s.getIIncrement());
+        assertThat(loaded.getSStaffName()).isEqualTo("张三");
+        assertThat(loaded.getSDepartment()).isEqualTo("研发部");
+    }
+
+    @Test
+    void permissionCategory_insertAndSelect() {
+        PermissionCategoryEntity p = new PermissionCategoryEntity();
+        p.setSCategoryCode("cat_" + System.nanoTime());
+        p.setSCategoryName("基础权限");
+        p.setISortOrder(0);
+        p.setBDeleted(false);
+        p.setTCreateDate(LocalDateTime.now());
+        assertThat(permissionCategoryMapper.insert(p)).isEqualTo(1);
+        PermissionCategoryEntity loaded = permissionCategoryMapper.selectById(p.getIIncrement());
+        assertThat(loaded.getSCategoryName()).isEqualTo("基础权限");
+    }
+
+    @Test
+    void user_insertAndSelect() {
+        UserEntity u = new UserEntity();
+        u.setSUserNo("u_" + System.nanoTime());
+        u.setSUserName("alice_" + System.nanoTime());
+        u.setSUserType("普通用户");
+        u.setSLanguage("zh");
+        u.setBCanModifyDocs(false);
+        u.setSPasswordHash("$2a$10$abcdefghijklmnopqrstuv");
+        u.setBDeleted(false);
+        u.setTCreateDate(LocalDateTime.now());
+        assertThat(userMapper.insert(u)).isEqualTo(1);
+        UserEntity loaded = userMapper.selectById(u.getIIncrement());
+        assertThat(loaded.getSUserName()).startsWith("alice_");
+        assertThat(loaded.getSUserType()).isEqualTo("普通用户");
+        assertThat(loaded.getSLanguage()).isEqualTo("zh");
+    }
+
+    @Test
+    void userPermission_insertAndSelect_requiresValidUserAndCategory() {
+        // 先建合法 user + category（FK 兜底）
+        UserEntity u = new UserEntity();
+        u.setSUserNo("upu_" + System.nanoTime());
+        u.setSUserName("upa_" + System.nanoTime());
+        u.setSUserType("普通用户");
+        u.setSLanguage("zh");
+        u.setBCanModifyDocs(false);
+        u.setSPasswordHash("$2a$10$x");
+        u.setBDeleted(false);
+        u.setTCreateDate(LocalDateTime.now());
+        userMapper.insert(u);
+
+        PermissionCategoryEntity p = new PermissionCategoryEntity();
+        p.setSCategoryCode("upc_" + System.nanoTime());
+        p.setSCategoryName("upcat");
+        p.setISortOrder(0);
+        p.setBDeleted(false);
+        p.setTCreateDate(LocalDateTime.now());
+        permissionCategoryMapper.insert(p);
+
+        UserPermissionEntity up = new UserPermissionEntity();
+        up.setIUserId(u.getIIncrement());
+        up.setICategoryId(p.getIIncrement());
+        up.setTCreateDate(LocalDateTime.now());
+        assertThat(userPermissionMapper.insert(up)).isEqualTo(1);
+        UserPermissionEntity loaded = userPermissionMapper.selectById(up.getIIncrement());
+        assertThat(loaded.getIUserId()).isEqualTo(u.getIIncrement());
+        assertThat(loaded.getICategoryId()).isEqualTo(p.getIIncrement());
+    }
+}