diff --git a/api/middleware/policy.go b/api/middleware/policy.go
index a74a479..cde6af5 100644
--- a/api/middleware/policy.go
+++ b/api/middleware/policy.go
@@ -74,25 +74,19 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
 	}
 
 	reqInfo := GetReqInfo(r.Context())
-	targets := []engine.RequestTarget{
-		engine.NewRequestTargetWithNamespace(reqInfo.Namespace),
-	}
+	target := engine.NewRequestTargetWithNamespace(reqInfo.Namespace)
 	if bktInfo != nil {
-		targets = append(targets, engine.NewRequestTargetWithContainer(bktInfo.CID.EncodeToString()))
+		cnrTarget := engine.ContainerTarget(bktInfo.CID.EncodeToString())
+		target.Container = &cnrTarget
 	}
 
-	st := chain.NoRuleFound
-	for _, target := range targets {
-		status, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
-		if err != nil {
-			return err
-		}
-		if found {
-			st = status
-			if status != chain.Allow {
-				break
-			}
-		}
+	st, found, err := cfg.Storage.IsAllowed(chain.S3, target, req)
+	if err != nil {
+		return err
+	}
+
+	if !found {
+		st = chain.NoRuleFound
 	}
 
 	switch {