diff --git a/management/server/account.go b/management/server/account.go
index 553c8f884..dfc0cef34 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -805,28 +805,8 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
 		return status.Errorf(status.Internal, "failed to build user infos for account %s: %v", accountID, err)
 	}
 
-	for _, otherUser := range account.Users {
-		if otherUser.Id == userID {
-			continue
-		}
-
-		if otherUser.IsServiceUser {
-			err = am.deleteServiceUser(ctx, accountID, userID, otherUser)
-			if err != nil {
-				return err
-			}
-			continue
-		}
-
-		userInfo, ok := userInfosMap[otherUser.Id]
-		if !ok {
-			return status.Errorf(status.NotFound, "user info not found for user %s", otherUser.Id)
-		}
-
-		_, deleteUserErr := am.deleteRegularUser(ctx, accountID, userID, userInfo)
-		if deleteUserErr != nil {
-			return deleteUserErr
-		}
+	if err := am.deleteAccountUsers(ctx, accountID, userID, account.Users, userInfosMap); err != nil {
+		return err
 	}
 
 	userInfo, ok := userInfosMap[userID]
@@ -853,6 +833,31 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
 	return nil
 }
 
+func (am *DefaultAccountManager) deleteAccountUsers(ctx context.Context, accountID, userID string, users map[string]*types.User, userInfosMap map[string]*types.UserInfo) error {
+	for _, otherUser := range users {
+		if otherUser.Id == userID {
+			continue
+		}
+
+		if otherUser.IsServiceUser {
+			if err := am.deleteServiceUser(ctx, accountID, userID, otherUser); err != nil {
+				return err
+			}
+			continue
+		}
+
+		userInfo, ok := userInfosMap[otherUser.Id]
+		if !ok {
+			return status.Errorf(status.NotFound, "user info not found for user %s", otherUser.Id)
+		}
+
+		if _, err := am.deleteRegularUser(ctx, accountID, userID, userInfo); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // AccountExists checks if an account exists.
 func (am *DefaultAccountManager) AccountExists(ctx context.Context, accountID string) (bool, error) {
 	return am.Store.AccountExists(ctx, store.LockingStrengthNone, accountID)
diff --git a/management/server/types/networkmap_components.go b/management/server/types/networkmap_components.go
index eb2ae9b85..b03941876 100644
--- a/management/server/types/networkmap_components.go
+++ b/management/server/types/networkmap_components.go
@@ -748,36 +748,55 @@ func (c *NetworkMapComponents) getNetworkResourcesRoutesToSync(peerID string) (b
 			}
 		}
 
-		addedResourceRoute := false
-		for _, policy := range c.ResourcePoliciesMap[resource.ID] {
-			if isRoutingPeer && resource.OnRoutingPeer {
-				localResourceFwRule = append(localResourceFwRule, c.getLocalResourceFirewallRules(policy)...)
-			}
-			var peers []string
-			if policy.Rules[0].SourceResource.Type == ResourceTypePeer && policy.Rules[0].SourceResource.ID != "" {
-				peers = []string{policy.Rules[0].SourceResource.ID}
-			} else {
-				peers = c.getUniquePeerIDsFromGroupsIDs(policy.SourceGroups())
-			}
-			if addSourcePeers {
-				for _, pID := range c.getPostureValidPeers(peers, policy.SourcePostureChecks) {
-					allSourcePeers[pID] = struct{}{}
-				}
-			} else if slices.Contains(peers, peerID) && c.ValidatePostureChecksOnPeer(peerID, policy.SourcePostureChecks) {
-				for peerId, router := range networkRoutingPeers {
-					routes = append(routes, c.getNetworkResourcesRoutes(resource, peerId, router)...)
-				}
-				addedResourceRoute = true
-			}
-			if addedResourceRoute {
-				break
-			}
-		}
+		newRoutes, fwRules := c.processResourcePolicies(peerID, resource, networkRoutingPeers, isRoutingPeer, addSourcePeers, allSourcePeers)
+		routes = append(routes, newRoutes...)
+		localResourceFwRule = append(localResourceFwRule, fwRules...)
 	}
 
 	return isRoutingPeer, routes, allSourcePeers, localResourceFwRule
 }
 
+func (c *NetworkMapComponents) processResourcePolicies(
+	peerID string,
+	resource *resourceTypes.NetworkResource,
+	networkRoutingPeers map[string]*routerTypes.NetworkRouter,
+	isRoutingPeer, addSourcePeers bool,
+	allSourcePeers map[string]struct{},
+) ([]*route.Route, []*FirewallRule) {
+	var routes []*route.Route
+	var localRules []*FirewallRule
+
+	for _, policy := range c.ResourcePoliciesMap[resource.ID] {
+		if isRoutingPeer && resource.OnRoutingPeer {
+			localRules = append(localRules, c.getLocalResourceFirewallRules(policy)...)
+		}
+
+		peers := c.getResourcePolicyPeers(policy)
+		if addSourcePeers {
+			for _, pID := range c.getPostureValidPeers(peers, policy.SourcePostureChecks) {
+				allSourcePeers[pID] = struct{}{}
+			}
+			continue
+		}
+
+		if slices.Contains(peers, peerID) && c.ValidatePostureChecksOnPeer(peerID, policy.SourcePostureChecks) {
+			for peerId, router := range networkRoutingPeers {
+				routes = append(routes, c.getNetworkResourcesRoutes(resource, peerId, router)...)
+			}
+			break
+		}
+	}
+
+	return routes, localRules
+}
+
+func (c *NetworkMapComponents) getResourcePolicyPeers(policy *Policy) []string {
+	if policy.Rules[0].SourceResource.Type == ResourceTypePeer && policy.Rules[0].SourceResource.ID != "" {
+		return []string{policy.Rules[0].SourceResource.ID}
+	}
+	return c.getUniquePeerIDsFromGroupsIDs(policy.SourceGroups())
+}
+
 func (c *NetworkMapComponents) getLocalResourceFirewallRules(policy *Policy) []*FirewallRule {
 	sourcePeerIDs := c.getPoliciesSourcePeers([]*Policy{policy})
 	postureValidatedPeerIDs := c.getPostureValidPeers(slices.Collect(maps.Keys(sourcePeerIDs)), policy.SourcePostureChecks)