diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index e9b6b4443..399d75b28 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -25,8 +25,8 @@ class ApiUserProfileResponse(ResultSerializer):
 class RoleSettingRequestSerializer(serializers.Serializer):
     role_id = serializers.CharField(required=True, label=_('Role ID'))
     workspace_ids = serializers.ListField(
-        child=serializers.CharField(required=True),
-        required=True,
+        child=serializers.CharField(required=False),
+        required=False,
         label=_('Workspace IDs')
     )
 
diff --git a/apps/users/serializers/login.py b/apps/users/serializers/login.py
index b3bddf490..f3e57885d 100644
--- a/apps/users/serializers/login.py
+++ b/apps/users/serializers/login.py
@@ -106,7 +106,7 @@ class LoginSerializer(serializers.Serializer):
 
         if is_license_valid:
             # 检查账户是否被锁定
-            if LoginSerializer._is_account_locked(username):
+            if LoginSerializer._is_account_locked(username, failed_attempts):
                 raise AppApiException(
                     1005,
                     _("This account has been locked for %s minutes, please try again later") % lock_time
@@ -146,8 +146,10 @@ class LoginSerializer(serializers.Serializer):
         return {'token': token}
 
     @staticmethod
-    def _is_account_locked(username: str) -> bool:
+    def _is_account_locked(username: str, failed_attempts: int) -> bool:
         """检查账户是否被锁定"""
+        if failed_attempts == -1:
+            return False
         lock_cache = cache.get(system_get_key(f'system_{username}_lock'), version=system_version)
         return bool(lock_cache)