diff --git a/src/rootserver/ob_ddl_service.cpp b/src/rootserver/ob_ddl_service.cpp
index bc88fd96e..9bbb76734 100644
--- a/src/rootserver/ob_ddl_service.cpp
+++ b/src/rootserver/ob_ddl_service.cpp
@@ -13070,7 +13070,12 @@ int ObDDLService::modify_tenant(const ObModifyTenantArg& arg)
     ObDDLOperator ddl_operator(*schema_service_, *sql_proxy_);
     ObDDLSQLTransaction trans(schema_service_);
     trans.set_end_tenant_id(OB_SYS_TENANT_ID);
-    if (orig_tenant_schema->get_tenant_id() <= OB_MAX_RESERVED_TENANT_ID) {
+    if (orig_tenant_schema->is_restore()) {
+      ret = OB_OP_NOT_ALLOW;
+      LOG_WARN(
+          "rename tenant while tenant is in physical restore status is not allowed", KR(ret), KPC(orig_tenant_schema));
+      LOG_USER_ERROR(OB_OP_NOT_ALLOW, "rename tenant while tenant is in physical restore status is");
+    } else if (orig_tenant_schema->get_tenant_id() <= OB_MAX_RESERVED_TENANT_ID) {
       ret = OB_NOT_SUPPORTED;
       LOG_WARN("rename special tenant not supported", K(ret), K(orig_tenant_schema->get_tenant_id()));
       LOG_USER_ERROR(OB_NOT_SUPPORTED, "rename special tenant");
diff --git a/src/rootserver/ob_root_service.cpp b/src/rootserver/ob_root_service.cpp
index 095cc64f7..576ac6e8f 100644
--- a/src/rootserver/ob_root_service.cpp
+++ b/src/rootserver/ob_root_service.cpp
@@ -8350,6 +8350,7 @@ int ObRootService::physical_restore_tenant(const obrpc::ObPhysicalRestoreTenantA
   int64_t current_timestamp = ObTimeUtility::current_time();
   const int64_t RESTORE_TIMESTAMP_DETA = 10 * 1000 * 1000L;  // prevent to recovery to a certain time in the future
   int64_t job_id = OB_INVALID_ID;
+  ObSchemaGetterGuard schema_guard;
   if (!inited_) {
     ret = OB_NOT_INIT;
     LOG_WARN("not init", K(ret));
@@ -8374,6 +8375,9 @@ int ObRootService::physical_restore_tenant(const obrpc::ObPhysicalRestoreTenantA
   } else if (arg.restore_timestamp_ + RESTORE_TIMESTAMP_DETA >= current_timestamp) {
     ret = OB_EAGAIN;
     LOG_WARN("restore_timestamp is too new", K(ret), K(current_timestamp), K(arg));
+  } else if (OB_FAIL(
+                 ddl_service_.get_tenant_schema_guard_with_version_in_inner_table(OB_SYS_TENANT_ID, schema_guard))) {
+    LOG_WARN("fail to get sys tenant's schema guard", KR(ret));
   } else {
     ObMySQLTransaction trans;
     ObPhysicalRestoreJob job_info;
@@ -8387,8 +8391,20 @@ int ObRootService::physical_restore_tenant(const obrpc::ObPhysicalRestoreTenantA
       LOG_WARN("invalid job_id", K(ret), K(job_id));
     } else if (OB_FAIL(ObRestoreUtil::fill_physical_restore_job(job_id, arg, job_info))) {
       LOG_WARN("fail to fill physical restore job", K(ret), K(job_id), K(arg));
-    } else if (FALSE_IT(job_info.restore_start_ts_ = current_timestamp)) {
-    } else if (OB_FAIL(ObRestoreUtil::record_physical_restore_job(trans, job_info))) {
+    } else {
+      job_info.restore_start_ts_ = current_timestamp;
+      // check if tenant exists
+      const ObTenantSchema* tenant_schema = NULL;
+      ObString tenant_name(job_info.tenant_name_);
+      if (OB_FAIL(schema_guard.get_tenant_info(tenant_name, tenant_schema))) {
+        LOG_WARN("fail to get tenant schema", KR(ret), K(job_info));
+      } else if (OB_NOT_NULL(tenant_schema)) {
+        ret = OB_OP_NOT_ALLOW;
+        LOG_WARN("restore tenant with existed tenant name is not allowed", KR(ret), K(tenant_name));
+        LOG_USER_ERROR(OB_OP_NOT_ALLOW, "restore tenant with existed tenant name is");
+      }
+    }
+    if (FAILEDx(ObRestoreUtil::record_physical_restore_job(trans, job_info))) {
       LOG_WARN("fail to record physical restore job", K(ret), K(job_id), K(arg));
     } else {
       restore_scheduler_.wakeup();
diff --git a/src/rootserver/restore/ob_restore_scheduler.cpp b/src/rootserver/restore/ob_restore_scheduler.cpp
index e4bf641dc..815c0aab8 100644
--- a/src/rootserver/restore/ob_restore_scheduler.cpp
+++ b/src/rootserver/restore/ob_restore_scheduler.cpp
@@ -2765,26 +2765,37 @@ int ObRestoreScheduler::drop_tenant_force_if_necessary(const ObPhysicalRestoreJo
   const bool need_force_drop = GCONF._auto_drop_tenant_if_restore_failed;
   if (!inited_) {
     ret = OB_NOT_INIT;
-    LOG_WARN("not inited", K(ret));
+    LOG_WARN("not inited", KR(ret));
   } else if (OB_FAIL(check_stop())) {
-    LOG_WARN("restore scheduler stopped", K(ret));
+    LOG_WARN("restore scheduler stopped", KR(ret));
   } else if (need_force_drop) {
-    obrpc::ObDropTenantArg arg;
-    arg.exec_tenant_id_ = OB_SYS_TENANT_ID;
-    arg.tenant_name_ = job_info.tenant_name_;
-    arg.if_exist_ = true;
-    arg.delay_to_drop_ = false;
-    ObSqlString sql;
-    const int64_t TIMEOUT_PER_RPC = GCONF.rpc_timeout;  // default 2s
-    const int64_t DEFAULT_TIMEOUT = 10 * 1000 * 1000L;  // 10s
-    int64_t rpc_timeout = max(TIMEOUT_PER_RPC, DEFAULT_TIMEOUT);
-    if (OB_FAIL(sql.append_fmt("DROP TENANT IF EXISTS %s FORCE", arg.tenant_name_.ptr()))) {
-      LOG_WARN("fail to generate sql", K(ret), K(arg));
-    } else if (FALSE_IT(arg.ddl_stmt_str_ = sql.string())) {
-    } else if (OB_FAIL(rpc_proxy_->timeout(rpc_timeout).drop_tenant(arg))) {
-      LOG_WARN("fail to drop tenant", K(ret), K(arg));
+    ObSchemaGetterGuard schema_guard;
+    ObString tenant_name(job_info.tenant_name_);
+    const ObTenantSchema* tenant_schema = NULL;
+    if (OB_FAIL(schema_service_->get_tenant_schema_guard(OB_SYS_TENANT_ID, schema_guard))) {
+      LOG_WARN("fail to get tenant schema guard", KR(ret));
+    } else if (OB_FAIL(schema_guard.get_tenant_info(tenant_name, tenant_schema))) {
+      LOG_WARN("fail to get tenant schema", KR(ret), K(tenant_name));
+    } else if (OB_ISNULL(tenant_schema) || !tenant_schema->is_restore()) {
+      LOG_INFO("tenant not exist or tenant is not in physical restore status, just skip", K(tenant_name));
     } else {
-      LOG_INFO("drop_tenant_force after restore fail", K(job_info));
+      obrpc::ObDropTenantArg arg;
+      arg.exec_tenant_id_ = OB_SYS_TENANT_ID;
+      arg.tenant_name_ = tenant_name;
+      arg.if_exist_ = true;
+      arg.delay_to_drop_ = false;
+      ObSqlString sql;
+      const int64_t TIMEOUT_PER_RPC = GCONF.rpc_timeout;  // default 2s
+      const int64_t DEFAULT_TIMEOUT = 10 * 1000 * 1000L;  // 10s
+      int64_t rpc_timeout = max(TIMEOUT_PER_RPC, DEFAULT_TIMEOUT);
+      if (OB_FAIL(sql.append_fmt("DROP TENANT IF EXISTS %s FORCE", arg.tenant_name_.ptr()))) {
+        LOG_WARN("fail to generate sql", KR(ret), K(arg));
+      } else if (FALSE_IT(arg.ddl_stmt_str_ = sql.string())) {
+      } else if (OB_FAIL(rpc_proxy_->timeout(rpc_timeout).drop_tenant(arg))) {
+        LOG_WARN("fail to drop tenant", KR(ret), K(arg));
+      } else {
+        LOG_INFO("drop_tenant_force after restore fail", K(job_info));
+      }
     }
   } else {
     LOG_INFO("no need to drop tenant after restore fail", K(job_info));