diff --git a/src/internal/controller/machineuser_controller.go b/src/internal/controller/machineuser_controller.go
index d8838a8..514b104 100644
--- a/src/internal/controller/machineuser_controller.go
+++ b/src/internal/controller/machineuser_controller.go
@@ -321,6 +321,7 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 	if err != nil {
 		return err
 	}
+	ctx = middleware.SetOrgID(ctx, org.Status.OrgId)
 	existingUserGrants, err := ztdClient.ListUserGrants(ctx, &pb.ListUserGrantRequest{
 		Queries: []*user.UserGrantQuery{
 			{
@@ -335,7 +336,6 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 	if err != nil {
 		return fmt.Errorf("Error listing MachineUser grants: %v", err)
 	}
-	ctx = middleware.SetOrgID(ctx, org.Status.OrgId)
 	for _, userGrant := range wr.MachineUser.DeepCopy().Spec.UserGrants {
 		userGrantedProject, err := wr.refResolver.ProjectRef(ctx, &userGrant.ProjectRef, wr.MachineUser.Namespace)
 		if err != nil {
@@ -373,7 +373,7 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 				}
 			}
 			if existingProjectGrant == nil {
-				return fmt.Errorf("Error no project granted to user organization: %v", err)
+				return fmt.Errorf("Error no project granted to user organization")
 			}
 
 			if err = wr.PatchStatus(ctx, condition.SetPatOutOfDate); err != nil {
@@ -389,7 +389,6 @@ func (wr *wrappedMachineUserReconciler) reconcileUserGrants(ctx context.Context,
 			if err != nil {
 				return fmt.Errorf("Error Adding MachineUser grant: %v", err)
 			}
-
 		} else {
 			sort.Strings(existingUserGrant.RoleKeys)
 			sort.Strings(userGrant.RoleKeys)