diff --git a/api/v1alpha1/stardoginstance_types.go b/api/v1alpha1/stardoginstance_types.go
index bc32ee2..05387e7 100644
--- a/api/v1alpha1/stardoginstance_types.go
+++ b/api/v1alpha1/stardoginstance_types.go
@@ -13,6 +13,8 @@ type StardogInstanceSpec struct {
 	// This is used by the Operator to make changes in the roles, permissions and users.
 	// +kubebuilder:validation:Required
 	AdminCredentials StardogUserCredentialsSpec `json:"adminCredentials,omitempty"`
+	// Disabled whether this instance is disabled or enabled for operator to recycle resources
+	Disabled bool `json:"disabled,omitempty"`
 }
 
 // StardogInstanceStatus defines the observed state of StardogInstance
diff --git a/config/crd/bases/stardog.vshn.ch_stardoginstances.yaml b/config/crd/bases/stardog.vshn.ch_stardoginstances.yaml
index 1c76203..596c294 100644
--- a/config/crd/bases/stardog.vshn.ch_stardoginstances.yaml
+++ b/config/crd/bases/stardog.vshn.ch_stardoginstances.yaml
@@ -50,6 +50,10 @@ spec:
                       the "username" and "password" keys.
                     type: string
                 type: object
+              disabled:
+                description: Disabled whether this instance is disabled or enabled
+                  for operator to recycle resources
+                type: boolean
               serverUrl:
                 description: ServerUrl describes the url of the Stardog Instance
                 type: string
diff --git a/controllers/database_controller.go b/controllers/database_controller.go
index f105e8b..fca747d 100644
--- a/controllers/database_controller.go
+++ b/controllers/database_controller.go
@@ -190,9 +190,13 @@ func (r *DatabaseReconciler) deleteDatabase(dr *DatabaseReconciliation, instance
 	database := dr.resource
 
 	r.Log.V(1).Info("setup Stardog Client from ", "ref", instance)
-	auth, err := dr.reconciliationContext.initStardogClientFromRef(r.Client, instance)
-	if err != nil {
-		return err
+	auth, disabled, err := dr.reconciliationContext.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", dr.resource.Name)
+		return nil
 	}
 
 	stardogClient := dr.reconciliationContext.stardogClient
@@ -333,9 +337,13 @@ func (r *DatabaseReconciler) sync(dr *DatabaseReconciliation, instance stardogv1
 	customUser := database.Spec.AddUserForNonHiddenGraphs
 	customUserEnabled := customUser != ""
 
-	auth, err := rc.initStardogClientFromRef(r.Client, instance)
-	if err != nil {
-		return fmt.Errorf("cannot initialize stardog client: %v", err)
+	auth, disabled, err := rc.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", dr.resource.Name)
+		return nil
 	}
 
 	// Generate and save credentials in k8s
diff --git a/controllers/organization_controller.go b/controllers/organization_controller.go
index bf5f2c3..6e00fc9 100644
--- a/controllers/organization_controller.go
+++ b/controllers/organization_controller.go
@@ -207,9 +207,13 @@ func (r *OrganizationReconciler) sync(or *OrganizationReconciliation, instance s
 	orgName := org.Spec.Name
 	stardogClient := or.reconciliationContext.stardogClient
 
-	auth, err := rc.initStardogClientFromRef(r.Client, instance)
-	if err != nil {
-		return fmt.Errorf("cannot initialize stardog client: %v", err)
+	auth, disabled, err := rc.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", or.resource.Name)
+		return nil
 	}
 
 	// Generate and save credentials in k8s
@@ -418,9 +422,13 @@ func (r *OrganizationReconciler) deleteOrganization(or *OrganizationReconciliati
 	orgName := org.Spec.Name
 
 	r.Log.V(1).Info("setup Stardog Client from ", "ref", instance)
-	auth, err := or.reconciliationContext.initStardogClientFromRef(r.Client, instance)
-	if err != nil {
-		return err
+	auth, disabled, err := or.reconciliationContext.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", or.resource.Name)
+		return nil
 	}
 
 	stardogClient := or.reconciliationContext.stardogClient
diff --git a/controllers/reconciliation_types.go b/controllers/reconciliation_types.go
index c38fdaa..4acb09b 100644
--- a/controllers/reconciliation_types.go
+++ b/controllers/reconciliation_types.go
@@ -80,14 +80,22 @@ func (rc *ReconciliationContext) initStardogClient(kubeClient client.Client, sta
 	return auth.BasicAuth(adminUsername, adminPassword), nil
 }
 
-func (rc *ReconciliationContext) initStardogClientFromRef(kubeClient client.Client, instance v1beta1.StardogInstanceRef) (runtime.ClientAuthInfoWriter, error) {
+func (rc *ReconciliationContext) initStardogClientFromRef(kubeClient client.Client, instance v1beta1.StardogInstanceRef) (runtime.ClientAuthInfoWriter, bool, error) {
 	stardogInstance := &StardogInstance{}
 	err := kubeClient.Get(rc.context, types.NamespacedName{Namespace: instance.Namespace, Name: instance.Name}, stardogInstance)
 	if err != nil {
-		return nil, fmt.Errorf("cannot retrieve stardogInstanceRef %s/%s: %v", instance.Namespace, instance.Name, err)
+		return nil, true, fmt.Errorf("cannot retrieve stardogInstanceRef %s/%s: %v", instance.Namespace, instance.Name, err)
+	}
+	if stardogInstance.Spec.Disabled {
+		return nil, true, nil
 	}
 	rc.namespace = stardogInstance.Namespace
-	return rc.initStardogClient(kubeClient, *stardogInstance)
+	stardogClient, err := rc.initStardogClient(kubeClient, *stardogInstance)
+	if err != nil {
+		return nil, true, err
+	}
+
+	return stardogClient, false, nil
 }
 
 func (rc *ReconciliationContext) getCredentials(kubeClient client.Client, credentials StardogUserCredentialsSpec, alternativeNamespace string) (username, password string, err error) {
diff --git a/controllers/reconciliation_types_test.go b/controllers/reconciliation_types_test.go
index 3da607d..f60c26b 100644
--- a/controllers/reconciliation_types_test.go
+++ b/controllers/reconciliation_types_test.go
@@ -79,7 +79,7 @@ func Test_initStardogClientFromRef(t *testing.T) {
 
 			base64.StdEncoding.EncodeToString([]byte(username))
 
-			_, err = rc.initStardogClientFromRef(fakeKubeClient, stardogInstanceRef)
+			_, _, err = rc.initStardogClientFromRef(fakeKubeClient, stardogInstanceRef)
 
 			assert.Equal(t, tt.err, err)
 		})
diff --git a/controllers/stardoginstance_controller.go b/controllers/stardoginstance_controller.go
index 1a326c3..dd2f675 100644
--- a/controllers/stardoginstance_controller.go
+++ b/controllers/stardoginstance_controller.go
@@ -221,6 +221,10 @@ func (r *StardogInstanceReconciler) validateConnection(sir *StardogInstanceRecon
 	spec := sir.resource.Spec
 	credentials := spec.AdminCredentials
 
+	if spec.Disabled {
+		return nil
+	}
+
 	r.Log.V(1).Info("retrieving admin credentials from Secret", "secret", credentials.Namespace+"/"+credentials.SecretRef)
 	auth, err := rc.initStardogClient(r.Client, *sir.resource)
 	if err != nil {
diff --git a/controllers/stardogrole_controller.go b/controllers/stardogrole_controller.go
index 9681de7..ff9ba38 100644
--- a/controllers/stardogrole_controller.go
+++ b/controllers/stardogrole_controller.go
@@ -117,16 +117,20 @@ func (r *StardogRoleReconciler) syncRole(srr *StardogRoleReconciliation) error {
 	spec := srr.resource.Spec
 	namespace := srr.reconciliationContext.namespace
 	roleName := spec.RoleName
+	instance := v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace)
 	if roleName == "" {
 		roleName = srr.resource.Name
 	}
 
 	r.Log.V(1).Info("init Stardog Client from ", "ref", spec.StardogInstanceRef)
-	auth, err := srr.reconciliationContext.initStardogClientFromRef(r.Client, v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace))
-	if err != nil {
-		return err
+	auth, disabled, err := srr.reconciliationContext.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", srr.resource.Name)
+		return nil
 	}
-
 	stardogClient := srr.reconciliationContext.stardogClient
 
 	r.Log.Info("synchronizing role", "role", roleName)
@@ -251,11 +255,15 @@ func (r *StardogRoleReconciler) deleteStardogRole(srr *StardogRoleReconciliation
 func (r *StardogRoleReconciler) finalize(srr *StardogRoleReconciliation) error {
 	spec := srr.resource.Spec
 	namespace := srr.reconciliationContext.namespace
-
+	instance := v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace)
 	r.Log.V(1).Info("setup Stardog Client from ", "ref", spec.StardogInstanceRef)
-	auth, err := srr.reconciliationContext.initStardogClientFromRef(r.Client, v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace))
-	if err != nil {
-		return err
+	auth, disabled, err := srr.reconciliationContext.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", srr.resource.Name)
+		return nil
 	}
 
 	stardogClient := srr.reconciliationContext.stardogClient
diff --git a/controllers/stardoguser_controller.go b/controllers/stardoguser_controller.go
index 283daf0..91baeb5 100644
--- a/controllers/stardoguser_controller.go
+++ b/controllers/stardoguser_controller.go
@@ -137,11 +137,16 @@ func (r *StardogUserReconciler) finalize(sur *StardogUserReconciliation) error {
 	rc := sur.reconciliationContext
 	spec := sur.resource.Spec
 	namespace := rc.namespace
+	instance := v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace)
 
 	r.Log.V(1).Info("setup Stardog Client from ", "ref", spec.StardogInstanceRef)
-	auth, err := rc.initStardogClientFromRef(r.Client, v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace))
-	if err != nil {
-		return err
+	auth, disabled, err := rc.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", sur.resource.Name)
+		return nil
 	}
 
 	_, err = rc.stardogClient.Users.RemoveUser(model_users.NewRemoveUserParams().WithUser(sur.resource.Name), auth)
@@ -167,11 +172,16 @@ func (r *StardogUserReconciler) syncUser(sur *StardogUserReconciliation) error {
 	spec := sur.resource.Spec
 	userCredentials := spec.Credentials
 	namespace := rc.namespace
+	instance := v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace)
 
 	r.Log.V(1).Info("init Stardog Client from ", "ref", spec.StardogInstanceRef)
-	auth, err := rc.initStardogClientFromRef(r.Client, v1beta1.NewStardogInstanceRef(spec.StardogInstanceRef, namespace))
-	if err != nil {
-		return err
+	auth, disabled, err := rc.initStardogClientFromRef(r.Client, instance)
+	if err != nil || disabled {
+		if err != nil {
+			return fmt.Errorf("cannot initialize stardog client: %v", err)
+		}
+		r.Log.Info("skipping resource from reconciliation", "instance", instance.Name, "resource", sur.resource.Name)
+		return nil
 	}
 
 	r.Log.V(1).Info("retrieving user credentials from Secret", "secret", userCredentials.Namespace+"/"+userCredentials.SecretRef)