diff --git a/src/rgw/rgw_acl_swift.cc b/src/rgw/rgw_acl_swift.cc
index a6c23f99720..4bf0ba92517 100644
--- a/src/rgw/rgw_acl_swift.cc
+++ b/src/rgw/rgw_acl_swift.cc
@@ -194,10 +194,8 @@ int create_container_policy(const DoutPrefixProvider *dpp,
   return 0;
 }
 
-} // namespace rgw::swift
-
-void RGWAccessControlPolicy_SWIFT::filter_merge(uint32_t rw_mask,
-                                                RGWAccessControlPolicy_SWIFT *old)
+void merge_policy(uint32_t rw_mask, const RGWAccessControlPolicy& src,
+                  RGWAccessControlPolicy& dest)
 {
   /* rw_mask&SWIFT_PERM_READ => setting read acl,
    * rw_mask&SWIFT_PERM_WRITE => setting write acl
@@ -207,15 +205,13 @@ void RGWAccessControlPolicy_SWIFT::filter_merge(uint32_t rw_mask,
     return;
   }
   rw_mask ^= (SWIFT_PERM_READ|SWIFT_PERM_WRITE);
-  for (auto &iter: old->acl.get_grant_map()) {
-    ACLGrant& grant = iter.second;
+  for (const auto &iter: src.get_acl().get_grant_map()) {
+    const ACLGrant& grant = iter.second;
     uint32_t perm = grant.get_permission().get_permissions();
     rgw_user id;
-    string url_spec;
     if (!grant.get_id(id)) {
       if (grant.get_group() != ACL_GROUP_ALL_USERS) {
-        url_spec = grant.get_referer();
-        if (url_spec.empty()) {
+        if (string url_spec = grant.get_referer(); url_spec.empty()) {
           continue;
         }
         if (perm == 0) {
@@ -225,11 +221,13 @@ void RGWAccessControlPolicy_SWIFT::filter_merge(uint32_t rw_mask,
       }
     }
     if (perm & rw_mask) {
-      acl.add_grant(grant);
+      dest.get_acl().add_grant(grant);
     }
   }
 }
 
+} // namespace rgw::swift
+
 void RGWAccessControlPolicy_SWIFT::to_str(string& read, string& write)
 {
   multimap<string, ACLGrant>& m = acl.get_grant_map();
diff --git a/src/rgw/rgw_acl_swift.h b/src/rgw/rgw_acl_swift.h
index e1c51884945..bf983ba2b8c 100644
--- a/src/rgw/rgw_acl_swift.h
+++ b/src/rgw/rgw_acl_swift.h
@@ -27,12 +27,16 @@ int create_container_policy(const DoutPrefixProvider *dpp,
                             uint32_t& rw_mask,
                             RGWAccessControlPolicy& policy);
 
+/// Copy grants matching the permission mask (SWIFT_PERM_READ/WRITE) from
+/// one policy to another.
+void merge_policy(uint32_t rw_mask, const RGWAccessControlPolicy& src,
+                  RGWAccessControlPolicy& dest);
+
 } // namespace rgw::swift
 
 class RGWAccessControlPolicy_SWIFT : public RGWAccessControlPolicy
 {
 public:
-  void filter_merge(uint32_t mask, RGWAccessControlPolicy_SWIFT *policy);
   void to_str(std::string& read, std::string& write);
 };
 
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 39e12a5ab09..593d1598aef 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -4988,11 +4988,7 @@ void RGWPutMetadataBucket::execute(optional_yield y)
        * contain such keys yet. */
       if (has_policy) {
 	if (s->dialect.compare("swift") == 0) {
-	  auto old_policy =						\
-	    static_cast<RGWAccessControlPolicy_SWIFT*>(s->bucket_acl.get());
-	  auto new_policy = static_cast<RGWAccessControlPolicy_SWIFT*>(&policy);
-	  new_policy->filter_merge(policy_rw_mask, old_policy);
-	  policy = *new_policy;
+	  rgw::swift::merge_policy(policy_rw_mask, *s->bucket_acl, policy);
 	}
 	buffer::list bl;
 	policy.encode(bl);