diff --git a/internal/api/grpc/management/project_grant.go b/internal/api/grpc/management/project_grant.go
index c4d24ba3a4..b58e6e6208 100644
--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -2,19 +2,17 @@ package management
 
 import (
 	"context"
+	"github.com/caos/zitadel/internal/api/authz"
 
 	"github.com/golang/protobuf/ptypes/empty"
 
-	grpc_util "github.com/caos/zitadel/internal/api/grpc"
-	"github.com/caos/zitadel/internal/api/http"
 	"github.com/caos/zitadel/pkg/grpc/management"
 )
 
 func (s *Server) SearchProjectGrants(ctx context.Context, in *management.ProjectGrantSearchRequest) (*management.ProjectGrantSearchResponse, error) {
 	request := projectGrantSearchRequestsToModel(in)
-	orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
-	request.AppendMyResourceOwnerQuery(orgID)
-	request.AppendNotMyOrgQuery(orgID)
+	ctxData := authz.GetCtxData(ctx)
+	request.AppendMyResourceOwnerQuery(ctxData.OrgID)
 	response, err := s.project.SearchProjectGrants(ctx, request)
 	if err != nil {
 		return nil, err
diff --git a/internal/project/repository/eventsourcing/eventstore.go b/internal/project/repository/eventsourcing/eventstore.go
index 3b33fdc445..c1fc97b366 100644
--- a/internal/project/repository/eventsourcing/eventstore.go
+++ b/internal/project/repository/eventsourcing/eventstore.go
@@ -340,13 +340,16 @@ func (es *ProjectEventstore) PrepareRemoveProjectRole(ctx context.Context, role
 }
 
 func (es *ProjectEventstore) RemoveRoleFromGrants(existing *model.Project, roleKey string) []*model.ProjectGrant {
-	grants := make([]*model.ProjectGrant, 0)
-	for _, grant := range existing.Grants {
+	grants := make([]*model.ProjectGrant, len(existing.Grants))
+	for i, grant := range existing.Grants {
+		roles := make([]string, 0)
 		for _, role := range grant.RoleKeys {
 			if role != roleKey {
-				grants = append(grants, grant)
+				roles = append(roles, role)
 			}
 		}
+		grant.RoleKeys = roles
+		grants[i] = grant
 	}
 	return grants
 }