diff --git a/app/Http/Requests/User/SwitchTenantRequest.php b/app/Http/Requests/User/SwitchTenantRequest.php
index 7a6c845..4cb111e 100644
--- a/app/Http/Requests/User/SwitchTenantRequest.php
+++ b/app/Http/Requests/User/SwitchTenantRequest.php
@@ -3,6 +3,7 @@
 namespace App\Http\Requests\User;
 
 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
 
 class SwitchTenantRequest extends FormRequest
 {
@@ -13,8 +14,23 @@ public function authorize(): bool
 
     public function rules(): array
     {
+        $userId = app('api_user');
+
         return [
-            'tenant_id' => 'required|integer|exists:tenants,id',
+            'tenant_id' => [
+                'required',
+                'integer',
+                Rule::exists('user_tenants', 'tenant_id')
+                    ->where('user_id', $userId)
+                    ->where('is_active', 1),
+            ],
+        ];
+    }
+
+    public function messages(): array
+    {
+        return [
+            'tenant_id.exists' => __('error.tenant_access_denied'),
         ];
     }
 }
diff --git a/app/Services/EmployeeService.php b/app/Services/EmployeeService.php
index 8baddd9..d5d0b67 100644
--- a/app/Services/EmployeeService.php
+++ b/app/Services/EmployeeService.php
@@ -224,6 +224,15 @@ public function update(int $id, array $data): TenantUserProfile
 
             if (! empty($profileUpdates)) {
                 $profile->update($profileUpdates);
+
+                // 퇴직/복직 시 user_tenants.is_active 동기화
+                if (isset($profileUpdates['employee_status'])) {
+                    $isActive = $profileUpdates['employee_status'] !== 'resigned';
+                    DB::table('user_tenants')
+                        ->where('user_id', $profile->user_id)
+                        ->where('tenant_id', $profile->tenant_id)
+                        ->update(['is_active' => $isActive]);
+                }
             }
 
             // 3. json_extra 사원 정보 업데이트
@@ -275,6 +284,12 @@ public function destroy(int $id): array
         // 또는 employee_status를 resigned로 변경
         $profile->update(['employee_status' => 'resigned']);
 
+        // 해당 테넌트 접근 차단 (다른 테넌트는 영향 없음)
+        DB::table('user_tenants')
+            ->where('user_id', $profile->user_id)
+            ->where('tenant_id', $tenantId)
+            ->update(['is_active' => false]);
+
         return [
             'id' => $id,
             'deleted_at' => now()->toDateTimeString(),
@@ -288,11 +303,25 @@ public function bulkDelete(array $ids): array
     {
         $tenantId = $this->tenantId();
 
+        // 퇴직 처리 대상의 user_id 추출
+        $userIds = TenantUserProfile::query()
+            ->where('tenant_id', $tenantId)
+            ->whereIn('id', $ids)
+            ->pluck('user_id');
+
         $updated = TenantUserProfile::query()
             ->where('tenant_id', $tenantId)
             ->whereIn('id', $ids)
             ->update(['employee_status' => 'resigned']);
 
+        // 해당 테넌트 접근 일괄 차단
+        if ($userIds->isNotEmpty()) {
+            DB::table('user_tenants')
+                ->whereIn('user_id', $userIds)
+                ->where('tenant_id', $tenantId)
+                ->update(['is_active' => false]);
+        }
+
         return [
             'processed' => count($ids),
             'updated' => $updated,
diff --git a/lang/en/error.php b/lang/en/error.php
index 576ec04..cea9ee2 100644
--- a/lang/en/error.php
+++ b/lang/en/error.php
@@ -125,4 +125,5 @@
         'invalid_transition' => "Cannot transition status from ':from' to ':to'. Allowed statuses: :allowed",
     ],
 
+    'tenant_access_denied' => 'Access denied for this tenant.',
 ];
diff --git a/lang/ko/error.php b/lang/ko/error.php
index b9ba29a..a7ad36b 100644
--- a/lang/ko/error.php
+++ b/lang/ko/error.php
@@ -526,4 +526,5 @@
         'duplicate_code' => '이미 존재하는 계정과목 코드입니다.',
         'in_use' => '전표에서 사용 중인 계정과목은 삭제할 수 없습니다.',
     ],
+    'tenant_access_denied' => '해당 테넌트에 대한 접근 권한이 없습니다.',
 ];