diff --git a/management/server/account.go b/management/server/account.go
index dfc0cef34..553c8f884 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -805,8 +805,28 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
 		return status.Errorf(status.Internal, "failed to build user infos for account %s: %v", accountID, err)
 	}
 
-	if err := am.deleteAccountUsers(ctx, accountID, userID, account.Users, userInfosMap); err != nil {
-		return err
+	for _, otherUser := range account.Users {
+		if otherUser.Id == userID {
+			continue
+		}
+
+		if otherUser.IsServiceUser {
+			err = am.deleteServiceUser(ctx, accountID, userID, otherUser)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+
+		userInfo, ok := userInfosMap[otherUser.Id]
+		if !ok {
+			return status.Errorf(status.NotFound, "user info not found for user %s", otherUser.Id)
+		}
+
+		_, deleteUserErr := am.deleteRegularUser(ctx, accountID, userID, userInfo)
+		if deleteUserErr != nil {
+			return deleteUserErr
+		}
 	}
 
 	userInfo, ok := userInfosMap[userID]
@@ -833,31 +853,6 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
 	return nil
 }
 
-func (am *DefaultAccountManager) deleteAccountUsers(ctx context.Context, accountID, userID string, users map[string]*types.User, userInfosMap map[string]*types.UserInfo) error {
-	for _, otherUser := range users {
-		if otherUser.Id == userID {
-			continue
-		}
-
-		if otherUser.IsServiceUser {
-			if err := am.deleteServiceUser(ctx, accountID, userID, otherUser); err != nil {
-				return err
-			}
-			continue
-		}
-
-		userInfo, ok := userInfosMap[otherUser.Id]
-		if !ok {
-			return status.Errorf(status.NotFound, "user info not found for user %s", otherUser.Id)
-		}
-
-		if _, err := am.deleteRegularUser(ctx, accountID, userID, userInfo); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 // AccountExists checks if an account exists.
 func (am *DefaultAccountManager) AccountExists(ctx context.Context, accountID string) (bool, error) {
 	return am.Store.AccountExists(ctx, store.LockingStrengthNone, accountID)
diff --git a/management/server/types/networkmap_components.go b/management/server/types/networkmap_components.go
index b03941876..eb2ae9b85 100644
--- a/management/server/types/networkmap_components.go
+++ b/management/server/types/networkmap_components.go
@@ -748,55 +748,36 @@ func (c *NetworkMapComponents) getNetworkResourcesRoutesToSync(peerID string) (b
 			}
 		}
 
-		newRoutes, fwRules := c.processResourcePolicies(peerID, resource, networkRoutingPeers, isRoutingPeer, addSourcePeers, allSourcePeers)
-		routes = append(routes, newRoutes...)
-		localResourceFwRule = append(localResourceFwRule, fwRules...)
+		addedResourceRoute := false
+		for _, policy := range c.ResourcePoliciesMap[resource.ID] {
+			if isRoutingPeer && resource.OnRoutingPeer {
+				localResourceFwRule = append(localResourceFwRule, c.getLocalResourceFirewallRules(policy)...)
+			}
+			var peers []string
+			if policy.Rules[0].SourceResource.Type == ResourceTypePeer && policy.Rules[0].SourceResource.ID != "" {
+				peers = []string{policy.Rules[0].SourceResource.ID}
+			} else {
+				peers = c.getUniquePeerIDsFromGroupsIDs(policy.SourceGroups())
+			}
+			if addSourcePeers {
+				for _, pID := range c.getPostureValidPeers(peers, policy.SourcePostureChecks) {
+					allSourcePeers[pID] = struct{}{}
+				}
+			} else if slices.Contains(peers, peerID) && c.ValidatePostureChecksOnPeer(peerID, policy.SourcePostureChecks) {
+				for peerId, router := range networkRoutingPeers {
+					routes = append(routes, c.getNetworkResourcesRoutes(resource, peerId, router)...)
+				}
+				addedResourceRoute = true
+			}
+			if addedResourceRoute {
+				break
+			}
+		}
 	}
 
 	return isRoutingPeer, routes, allSourcePeers, localResourceFwRule
 }
 
-func (c *NetworkMapComponents) processResourcePolicies(
-	peerID string,
-	resource *resourceTypes.NetworkResource,
-	networkRoutingPeers map[string]*routerTypes.NetworkRouter,
-	isRoutingPeer, addSourcePeers bool,
-	allSourcePeers map[string]struct{},
-) ([]*route.Route, []*FirewallRule) {
-	var routes []*route.Route
-	var localRules []*FirewallRule
-
-	for _, policy := range c.ResourcePoliciesMap[resource.ID] {
-		if isRoutingPeer && resource.OnRoutingPeer {
-			localRules = append(localRules, c.getLocalResourceFirewallRules(policy)...)
-		}
-
-		peers := c.getResourcePolicyPeers(policy)
-		if addSourcePeers {
-			for _, pID := range c.getPostureValidPeers(peers, policy.SourcePostureChecks) {
-				allSourcePeers[pID] = struct{}{}
-			}
-			continue
-		}
-
-		if slices.Contains(peers, peerID) && c.ValidatePostureChecksOnPeer(peerID, policy.SourcePostureChecks) {
-			for peerId, router := range networkRoutingPeers {
-				routes = append(routes, c.getNetworkResourcesRoutes(resource, peerId, router)...)
-			}
-			break
-		}
-	}
-
-	return routes, localRules
-}
-
-func (c *NetworkMapComponents) getResourcePolicyPeers(policy *Policy) []string {
-	if policy.Rules[0].SourceResource.Type == ResourceTypePeer && policy.Rules[0].SourceResource.ID != "" {
-		return []string{policy.Rules[0].SourceResource.ID}
-	}
-	return c.getUniquePeerIDsFromGroupsIDs(policy.SourceGroups())
-}
-
 func (c *NetworkMapComponents) getLocalResourceFirewallRules(policy *Policy) []*FirewallRule {
 	sourcePeerIDs := c.getPoliciesSourcePeers([]*Policy{policy})
 	postureValidatedPeerIDs := c.getPostureValidPeers(slices.Collect(maps.Keys(sourcePeerIDs)), policy.SourcePostureChecks)