You run into this trouble-area because you are looking for two separate lists of persons but you are retrieving these from an Account entity which should only hold user-account information, but also holds person-information. Account entity has access-rules that are meant to keep useraccounts secure. Users are not allowed to see account-information. But in this microflow you want to see the person-information, stored in the same entity. So, there is no option to solve this using associations or access-rules.
My advice is to modify your domain model. Split your person-information from System.User or any specialization thereof. And if you want to store any Lieutent-specific information or Approver-specific information, they will need their own entity too, each associated to the Person entity. This will give you a more explicit and correct data-model, which always helps apps to stay maintainable.
If you choose not to do that, then there is the OQL-option. This will totally bypass any access-rule. Just download and install module OQL and copy-paste the java-action "ExecuteOQLStatement" twice to this microflow. Careful though: OQL gets you copies of the account-objects, not the actual objects themselves. With some unexpected behavior when changing and commiting the retrieved objects. But it might help you out for this microflow.
Best of luck!