diff --git a/pkg/authorization/middleware.go b/pkg/authorization/middleware.go
index 05130121e9..7789a758df 100644
--- a/pkg/authorization/middleware.go
+++ b/pkg/authorization/middleware.go
@@ -25,20 +25,12 @@ func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
 	}
 }
 
-// GetAuthzPlugins gets authorization plugins
-func (m *Middleware) GetAuthzPlugins() []Plugin {
+func (m *Middleware) getAuthzPlugins() []Plugin {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 	return m.plugins
 }
 
-// SetAuthzPlugins sets authorization plugins
-func (m *Middleware) SetAuthzPlugins(plugins []Plugin) {
-	m.mu.Lock()
-	m.plugins = plugins
-	m.mu.Unlock()
-}
-
 // SetPlugins sets the plugin used for authorization
 func (m *Middleware) SetPlugins(names []string) {
 	m.mu.Lock()
@@ -46,10 +38,23 @@ func (m *Middleware) SetPlugins(names []string) {
 	m.mu.Unlock()
 }
 
+// RemovePlugin removes a single plugin from this authz middleware chain
+func (m *Middleware) RemovePlugin(name string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	plugins := m.plugins[:0]
+	for _, authPlugin := range m.plugins {
+		if authPlugin.Name() != name {
+			plugins = append(plugins, authPlugin)
+		}
+	}
+	m.plugins = plugins
+}
+
 // WrapHandler returns a new handler function wrapping the previous one in the request chain.
 func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		plugins := m.GetAuthzPlugins()
+		plugins := m.getAuthzPlugins()
 		if len(plugins) == 0 {
 			return handler(ctx, w, r, vars)
 		}
@@ -83,7 +88,7 @@ func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.Respon
 
 		// There's a chance that the authCtx.plugins was updated. One of the reasons
 		// this can happen is when an authzplugin is disabled.
-		plugins = m.GetAuthzPlugins()
+		plugins = m.getAuthzPlugins()
 		if len(plugins) == 0 {
 			logrus.Debug("There are no authz plugins in the chain")
 			return nil
diff --git a/plugin/backend_linux.go b/plugin/backend_linux.go
index 1d7f3a838c..012f6cf22b 100644
--- a/plugin/backend_linux.go
+++ b/plugin/backend_linux.go
@@ -60,14 +60,7 @@ func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) er
 
 	for _, typ := range p.GetTypes() {
 		if typ.Capability == authorization.AuthZApiImplements {
-			authzList := pm.config.AuthzMiddleware.GetAuthzPlugins()
-			for i, authPlugin := range authzList {
-				if authPlugin.Name() == p.Name() {
-					// Remove plugin from authzmiddleware chain
-					authzList = append(authzList[:i], authzList[i+1:]...)
-					pm.config.AuthzMiddleware.SetAuthzPlugins(authzList)
-				}
-			}
+			pm.config.AuthzMiddleware.RemovePlugin(p.Name())
 		}
 	}