diff --git a/src/app/admin-panel/page.tsx b/src/app/admin-panel/page.tsx
index d50a2bc..d4e3111 100644
--- a/src/app/admin-panel/page.tsx
+++ b/src/app/admin-panel/page.tsx
@@ -830,12 +830,11 @@ function AuthManagement() {
   const onCreate = async () => {
     const r = await Swal.fire({
       title: "권한그룹 생성",
-      html: `<input id="sw_name" class="swal2-input" placeholder="권한명 (예: 영업팀 권한)">
-             <input id="sw_code" class="swal2-input" placeholder="권한CODE (예: SALES_TEAM)">`,
+      html: `<input id="sw_name" class="swal2-input" placeholder="권한명 (예: 영업팀 권한)">`,
       showCancelButton: true, confirmButtonText: "생성",
       preConfirm: () => ({
         auth_name: (document.getElementById("sw_name") as HTMLInputElement).value,
-        auth_code: (document.getElementById("sw_code") as HTMLInputElement).value,
+        // auth_code 는 서버에서 자동 생성
       }),
     });
     if (!r.isConfirmed || !r.value?.auth_name) return;
@@ -848,12 +847,11 @@ function AuthManagement() {
   const onRename = async (g: AuthGroup) => {
     const r = await Swal.fire({
       title: "권한 그룹 수정", icon: "info",
-      html: `<input id="sw_name" class="swal2-input" value="${g.AUTH_NAME}">
-             <input id="sw_code" class="swal2-input" value="${g.AUTH_CODE ?? ""}">`,
+      html: `<input id="sw_name" class="swal2-input" value="${g.AUTH_NAME}">`,
       showCancelButton: true, showDenyButton: true, denyButtonText: "삭제", confirmButtonText: "저장",
       preConfirm: () => ({
         auth_name: (document.getElementById("sw_name") as HTMLInputElement).value,
-        auth_code: (document.getElementById("sw_code") as HTMLInputElement).value,
+        auth_code: g.AUTH_CODE ?? "", // 기존 코드 유지
       }),
     });
     if (r.isDenied) {
@@ -897,7 +895,6 @@ function AuthManagement() {
                 title="더블클릭: 수정/삭제"
               >
                 <div className="text-sm font-bold text-slate-800">{g.AUTH_NAME}</div>
-                <div className="text-[10px] text-slate-400 font-mono">{g.AUTH_CODE || "-"}</div>
               </button>
             ))}
           </div>
diff --git a/src/app/api/admin/auth/save/route.ts b/src/app/api/admin/auth/save/route.ts
index bac26f0..df018d7 100644
--- a/src/app/api/admin/auth/save/route.ts
+++ b/src/app/api/admin/auth/save/route.ts
@@ -12,12 +12,18 @@ export async function POST(request: NextRequest) {
     const body = await request.json();
     const objid = body.objid || createObjectId();
 
+    // 신규 등록 시 권한CODE 자동 생성 (사용자에게 노출하지 않고 내부 식별자만 유지)
+    let authCode = (body.auth_code || "").trim();
+    if (!body.objid && !authCode) {
+      authCode = `GRP_${Date.now().toString(36).toUpperCase()}`;
+    }
+
     await execute(
       `INSERT INTO AUTHORITY_MASTER (OBJID, AUTH_NAME, AUTH_CODE, WRITER, REGDATE, STATUS)
        VALUES ($1::numeric, $2, $3, $4, now(), $5)
        ON CONFLICT (OBJID) DO UPDATE
-       SET AUTH_NAME = $2, AUTH_CODE = $3, STATUS = $5`,
-      [objid, body.auth_name || "", body.auth_code || "", user.userId, body.status || "active"]
+       SET AUTH_NAME = $2, AUTH_CODE = COALESCE(NULLIF($3, ''), AUTHORITY_MASTER.AUTH_CODE), STATUS = $5`,
+      [objid, body.auth_name || "", authCode, user.userId, body.status || "active"]
     );
 
     return NextResponse.json({ success: true, message: body.objid ? "수정되었습니다." : "등록되었습니다.", objid });