diff --git a/pkg/kapis/cluster/v1alpha1/handler.go b/pkg/kapis/cluster/v1alpha1/handler.go
index d5b84aa58..5aac68bf3 100644
--- a/pkg/kapis/cluster/v1alpha1/handler.go
+++ b/pkg/kapis/cluster/v1alpha1/handler.go
@@ -49,6 +49,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/client/informers/externalversions"
 	clusterlister "kubesphere.io/kubesphere/pkg/client/listers/cluster/v1alpha1"
 	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
 	"kubesphere.io/kubesphere/pkg/utils/k8sutil"
 	"kubesphere.io/kubesphere/pkg/version"
 )
@@ -447,16 +448,17 @@ func (h *handler) validateMemberClusterConfiguration(clientSet kubernetes.Interf
 	if err != nil {
 		return err
 	}
-
 	mConfig, err := h.getMemberClusterConfig(clientSet)
 	if err != nil {
 		return err
 	}
 
+	if mConfig.MultiClusterOptions.ClusterRole != multicluster.ClusterRoleMember {
+		return fmt.Errorf("the clusterRole of the member cluster must be 'member'")
+	}
 	if hConfig.AuthenticationOptions.JwtSecret != mConfig.AuthenticationOptions.JwtSecret {
 		return fmt.Errorf("hostcluster Jwt is not equal to member cluster jwt, please edit the member cluster cluster config")
 	}
-
 	return nil
 }
 
diff --git a/pkg/kapis/cluster/v1alpha1/handler_test.go b/pkg/kapis/cluster/v1alpha1/handler_test.go
index 9211755f6..4ecc4817a 100644
--- a/pkg/kapis/cluster/v1alpha1/handler_test.go
+++ b/pkg/kapis/cluster/v1alpha1/handler_test.go
@@ -96,6 +96,8 @@ authentication:
   oauthOptions:
     accessTokenMaxAge: 0s
     accessTokenInactivityTimeout: 0s
+multicluster:
+  clusterRole: host
 `,
 }
 
@@ -104,10 +106,12 @@ var memberMap = map[string]string{
 monitoring:
   endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
 authentication:
-  jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwj
+  jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwjp
   oauthOptions:
     accessTokenMaxAge: 0s
     accessTokenInactivityTimeout: 0s
+multicluster:
+  clusterRole: member
 `,
 }
 
@@ -437,19 +441,10 @@ func TestValidateMemberClusterConfiguration(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	addMemberClusterResource(hostCm, t)
-
-	err = h.validateMemberClusterConfiguration(clientSet)
-	if err != nil {
+	addMemberClusterResource(memberCm, t)
+	if err = h.validateMemberClusterConfiguration(clientSet); err != nil {
 		t.Fatal(err)
 	}
-
-	addMemberClusterResource(memberCm, t)
-	err = h.validateMemberClusterConfiguration(clientSet)
-	if err == nil {
-		t.Fatal()
-	}
-	t.Log(err)
 }
 
 func addMemberClusterResource(targetCm *corev1.ConfigMap, t *testing.T) {
diff --git a/pkg/simple/client/multicluster/options.go b/pkg/simple/client/multicluster/options.go
index 4c45f98b0..f3396c34f 100644
--- a/pkg/simple/client/multicluster/options.go
+++ b/pkg/simple/client/multicluster/options.go
@@ -27,6 +27,9 @@ import (
 const (
 	DefaultResyncPeriod    = 120 * time.Second
 	DefaultHostClusterName = "host"
+
+	ClusterRoleHost   = "host"
+	ClusterRoleMember = "member"
 )
 
 type Options struct {