diff --git a/src/satellite/src/rules/assert_stores.rs b/src/satellite/src/rules/assert_stores.rs
index 541f5d20d..f942b30c2 100644
--- a/src/satellite/src/rules/assert_stores.rs
+++ b/src/satellite/src/rules/assert_stores.rs
@@ -14,9 +14,11 @@ pub fn assert_permission(
 ) -> bool {
     match permission {
         Permission::Public => true,
-        Permission::Private => assert_caller(owner, caller),
-        Permission::Managed => assert_caller(owner, caller) || is_controller(caller, controllers),
-        Permission::Controllers => is_controller(caller, controllers),
+        Permission::Private => assert_caller(caller, owner),
+        Permission::Managed => {
+            assert_caller(caller, owner) || assert_controller(caller, controllers)
+        }
+        Permission::Controllers => assert_controller(caller, controllers),
     }
 }
 
@@ -31,14 +33,16 @@ pub fn assert_create_permission(
         Permission::Public => true,
         Permission::Private => assert_not_anonymous(caller),
         Permission::Managed => assert_not_anonymous(caller),
-        Permission::Controllers => {
-            assert_not_anonymous(caller) && is_controller(caller, controllers)
-        }
+        Permission::Controllers => assert_controller(caller, controllers),
     }
 }
 
-fn assert_caller(owner: Principal, caller: Principal) -> bool {
-    principal_equal(owner, caller) && assert_not_anonymous(caller)
+fn assert_caller(caller: Principal, owner: Principal) -> bool {
+    assert_not_anonymous(caller) && principal_equal(owner, caller)
+}
+
+fn assert_controller(caller: Principal, controllers: &Controllers) -> bool {
+    assert_not_anonymous(caller) && is_controller(caller, controllers)
 }
 
 fn assert_not_anonymous(caller: Principal) -> bool {