diff --git a/management/server/types/policy_authorized_users.go b/management/server/types/policy_authorized_users.go
index c56a689ca..c2363fffc 100644
--- a/management/server/types/policy_authorized_users.go
+++ b/management/server/types/policy_authorized_users.go
@@ -62,12 +62,16 @@ func applyResolvedRuleToState(
 			return
 		}
 		state.sshEnabled = true
-		if state.authorizedUsers[auth.Wildcard] == nil {
-			state.authorizedUsers[auth.Wildcard] = make(map[string]struct{})
-		}
-		for userID := range cb.getAllowedUserIDs() {
-			state.authorizedUsers[auth.Wildcard][userID] = struct{}{}
-		}
+		mergeWildcardUsers(state.authorizedUsers, cb.getAllowedUserIDs())
+	}
+}
+
+func mergeWildcardUsers(dst map[string]map[string]struct{}, users map[string]struct{}) {
+	if dst[auth.Wildcard] == nil {
+		dst[auth.Wildcard] = make(map[string]struct{})
+	}
+	for userID := range users {
+		dst[auth.Wildcard][userID] = struct{}{}
 	}
 }