diff --git a/api/handler/acl.go b/api/handler/acl.go
index 0255fcf2..8539fa10 100644
--- a/api/handler/acl.go
+++ b/api/handler/acl.go
@@ -1601,21 +1601,6 @@ func isValidGrant(grant *Grant) bool {
 		(grant.Grantee.Type == granteeCanonicalUser || (grant.Grantee.Type == granteeGroup && grant.Grantee.URI == allUsersGroup))
 }
 
-func getAllowRecord(op eacl.Operation, pk *keys.PublicKey) *eacl.Record {
-	record := eacl.NewRecord()
-	record.SetOperation(op)
-	record.SetAction(eacl.ActionAllow)
-
-	t := eacl.NewTarget()
-	// Unknown role is used, because it is ignored when keys are set
-	t.SetRole(eacl.RoleUnknown)
-	t.SetAccounts([]user.ID{user.NewFromScriptHash(pk.GetScriptHash())})
-
-	record.SetTargets(*t)
-
-	return record
-}
-
 func getAllowRecordWithUser(op eacl.Operation, acc user.ID) *eacl.Record {
 	record := eacl.NewRecord()
 	record.SetOperation(op)
diff --git a/api/handler/acl_test.go b/api/handler/acl_test.go
index 67192204..a1384899 100644
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@@ -931,14 +931,14 @@ func allowedTableForPrivateObject(t *testing.T, key *keys.PrivateKey, resInfo *r
 	// Order of these loops is important for test.
 	for i := len(writeOps) - 1; i >= 0; i-- {
 		op := writeOps[i]
-		record := getAllowRecord(op, key.PublicKey())
+		record := getAllowRecordWithUser(op, user.NewFromScriptHash(key.GetScriptHash()))
 
 		applyFilters(record)
 		expectedTable.AddRecord(record)
 	}
 	for i := len(readOps) - 1; i >= 0; i-- {
 		op := readOps[i]
-		record := getAllowRecord(op, key.PublicKey())
+		record := getAllowRecordWithUser(op, user.NewFromScriptHash(key.GetScriptHash()))
 
 		applyFilters(record)
 		expectedTable.AddRecord(record)
@@ -1175,10 +1175,10 @@ func TestBucketAclToTable(t *testing.T) {
 		expectedTable.AddRecord(getOthersRecord(op, eacl.ActionAllow))
 	}
 	for _, op := range writeOps {
-		expectedTable.AddRecord(getAllowRecord(op, key2.PublicKey()))
+		expectedTable.AddRecord(getAllowRecordWithUser(op, user.NewFromScriptHash(key2.GetScriptHash())))
 	}
 	for _, op := range fullOps {
-		expectedTable.AddRecord(getAllowRecord(op, key.PublicKey()))
+		expectedTable.AddRecord(getAllowRecordWithUser(op, user.NewFromScriptHash(key.GetScriptHash())))
 	}
 	for _, op := range fullOps {
 		expectedTable.AddRecord(getOthersRecord(op, eacl.ActionDeny))