diff --git a/account/decorators.py b/account/decorators.py
index 36a2b44f..92f29081 100644
--- a/account/decorators.py
+++ b/account/decorators.py
@@ -1,4 +1,5 @@
 import functools
+from problem.models import Problem
 from contest.models import Contest, ContestType, ContestStatus, ContestRuleType
 from utils.api import JSONResponse, APIError
 from .models import ProblemPermission
@@ -105,5 +106,11 @@ def check_contest_permission(check_type="details"):
 
 
 def ensure_created_by(obj, user):
-    if not user.is_admin_role() or (user.is_admin() and obj.created_by != user):
-        raise APIError(msg=f"{obj.__class__.__name__} does not exist")
+    e = APIError(msg=f"{obj.__class__.__name__} does not exist")
+    if not user.is_admin_role():
+        raise e
+    if isinstance(obj, Problem):
+        if not user.can_mgmt_all_problem() and obj.created_by != user:
+            raise e
+    elif obj.created_by != user:
+        raise e
diff --git a/problem/views/admin.py b/problem/views/admin.py
index 5e8a880d..7b79ce26 100644
--- a/problem/views/admin.py
+++ b/problem/views/admin.py
@@ -181,7 +181,6 @@ class ProblemBase(APIView):
                 else:
                     total_score += item["score"]
             data["total_score"] = total_score
-        data["created_by"] = request.user
         data["languages"] = list(data["languages"])
 
     @problem_permission_required
@@ -220,6 +219,7 @@ class ProblemAPI(ProblemBase):
 
         # todo check filename and score info
         tags = data.pop("tags")
+        data["created_by"] = request.user
         problem = Problem.objects.create(**data)
 
         for item in tags:
@@ -324,6 +324,7 @@ class ContestProblemAPI(ProblemBase):
         # todo check filename and score info
         data["contest"] = contest
         tags = data.pop("tags")
+        data["created_by"] = request.user
         problem = Problem.objects.create(**data)
 
         for item in tags: