diff --git a/server/integration-test/src/test/java/com/oceanbase/odc/service/flow/FlowInstanceServiceTest.java b/server/integration-test/src/test/java/com/oceanbase/odc/service/flow/FlowInstanceServiceTest.java
index fb8859a163..8c9468e2a0 100644
--- a/server/integration-test/src/test/java/com/oceanbase/odc/service/flow/FlowInstanceServiceTest.java
+++ b/server/integration-test/src/test/java/com/oceanbase/odc/service/flow/FlowInstanceServiceTest.java
@@ -15,6 +15,7 @@
  */
 package com.oceanbase.odc.service.flow;
 
+import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.when;
 
@@ -70,6 +71,7 @@
 import com.oceanbase.odc.metadb.flow.ServiceTaskInstanceRepository;
 import com.oceanbase.odc.metadb.flow.UserTaskInstanceCandidateRepository;
 import com.oceanbase.odc.metadb.flow.UserTaskInstanceRepository;
+import com.oceanbase.odc.metadb.iam.UserEntity;
 import com.oceanbase.odc.metadb.task.TaskEntity;
 import com.oceanbase.odc.metadb.task.TaskRepository;
 import com.oceanbase.odc.plugin.task.api.datatransfer.model.DataTransferConfig;
@@ -201,6 +203,9 @@ public void setUp() {
         when(riskLevelService.findDefaultRiskLevel()).thenReturn(getRiskLevel());
         when(riskLevelService.list()).thenReturn(Arrays.asList(getRiskLevel(), getRiskLevel()));
         doNothing().when(databasePermissionHelper).checkPermissions(Mockito.anyCollection(), Mockito.anyCollection());
+        UserEntity user = new UserEntity();
+        user.setEnabled(true);
+        when(userService.nullSafeGet(anyLong())).thenReturn(user);
     }
 
     @Test
diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/ProjectService.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/ProjectService.java
index 635a856f77..01b7aeaa5d 100644
--- a/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/ProjectService.java
+++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/ProjectService.java
@@ -461,6 +461,7 @@ private ProjectMember fromUserResourceRole(UserResourceRole userResourceRole) {
         member.setId(userResourceRole.getUserId());
         member.setName(user.getName());
         member.setAccountName(user.getAccountName());
+        member.setUserEnabled(user.isEnabled());
         return member;
     }
 
diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/model/Project.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/model/Project.java
index 912d9458dd..4551a9fc4c 100644
--- a/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/model/Project.java
+++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/collaboration/project/model/Project.java
@@ -122,6 +122,9 @@ public static class ProjectMember {
         @JsonProperty(access = Access.READ_ONLY)
         private String accountName;
 
+        @JsonProperty(access = Access.READ_ONLY)
+        private Boolean userEnabled;
+
         @JsonProperty(access = Access.READ_ONLY)
         private String name;
 
diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/flow/ApprovalPermissionService.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/flow/ApprovalPermissionService.java
index debb764c0e..070c3bb365 100644
--- a/server/odc-service/src/main/java/com/oceanbase/odc/service/flow/ApprovalPermissionService.java
+++ b/server/odc-service/src/main/java/com/oceanbase/odc/service/flow/ApprovalPermissionService.java
@@ -22,6 +22,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -97,6 +98,9 @@ public boolean isApprovable(@NonNull Long approvalInstanceId) {
 
     public List<UserTaskInstanceEntity> getApprovableApprovalInstances() {
         long userId = authenticationFacade.currentUserId();
+        if (!userService.nullSafeGet(userId).isEnabled()) {
+            return new ArrayList<>();
+        }
         Set<Long> roleIds = userService.getCurrentUserRoleIds();
         Set<String> resourceRoleIdentifiers = userService.getCurrentUserResourceRoleIdentifiers();
         Set<FlowNodeStatus> unViewableStatuses = Collections.singleton(FlowNodeStatus.CREATED);
@@ -180,12 +184,12 @@ private Map<Long, Set<UserEntity>> getUsersByFlowInstanceIdsAndStatus(@NonNull C
         if (approvalUserIds.isEmpty()) {
             return new HashMap<>();
         }
-        Map<Long, UserEntity> userId2User = userRepository.findByUserIds(approvalUserIds).stream()
+        Map<Long, UserEntity> userId2User = userRepository.findByUserIdsAndEnabled(approvalUserIds, true).stream()
                 .collect(Collectors.toMap(UserEntity::getId, userEntity -> userEntity));
 
         Map<Long, Set<UserEntity>> instanceId2Candidates = instanceId2UserIds.entrySet().stream().collect(
-                Collectors.toMap(Entry::getKey, entry -> entry.getValue().stream().map(userId2User::get).collect(
-                        Collectors.toSet())));
+                Collectors.toMap(Entry::getKey, entry -> entry.getValue().stream().map(userId2User::get)
+                        .filter(Objects::nonNull).collect(Collectors.toSet())));
         // map flow instance ids to users entity
         return instanceId2UserIds.entrySet().stream().collect(
                 Collectors.toMap(entry -> approvalInstanceId2FlowInstanceId.get(entry.getKey()),