diff --git a/src/backend/src/clients/redis/deleteRedisKeys.ts b/src/backend/src/clients/redis/deleteRedisKeys.ts
index a6ec8a63e..fc33a2a8e 100644
--- a/src/backend/src/clients/redis/deleteRedisKeys.ts
+++ b/src/backend/src/clients/redis/deleteRedisKeys.ts
@@ -65,10 +65,8 @@ export const deleteRedisKeys = async (...inputs: (DeleteRedisKeysInput | DeleteR
 
     const uniqueKeys = [...new Set(keys)];
 
-    let deleted = 0;
-    for ( const key of uniqueKeys ) {
-        deleted += await redisClient.del(key);
-    }
+    const deleteResults = await Promise.allSettled(uniqueKeys.map(key => redisClient.del(key)));
+    const deleted = deleteResults.reduce((sum, promiseCount) => sum + (promiseCount.status === 'fulfilled' ? promiseCount.value : 0), 0);
 
     return deleted;
 };
diff --git a/src/backend/src/routers/open_item.js b/src/backend/src/routers/open_item.js
index ea7f93ea0..aa44807ba 100644
--- a/src/backend/src/routers/open_item.js
+++ b/src/backend/src/routers/open_item.js
@@ -78,12 +78,10 @@ module.exports = eggspress('/open_item', {
     // Note: We always grant write permission here. If the user only
     //       has read permission this is still safe; user permissions
     //       are always checked during an app access.
-    const PERMS = action === 'write' ? ['read', 'write'] : ['read'];
-    for ( const perm of PERMS ) {
-        const permission = `fs:${subject.uid}:${perm}`;
-        const svc_permission = Context.get('services').get('permission');
-        await svc_permission.grant_user_app_permission(actor, app.uid, permission, {}, { reason: 'open_item' });
-    }
+    const perm = action === 'write' ? 'write' : 'read';
+    const permission = `fs:${subject.uid}:${perm}`;
+    const svc_permission = Context.get('services').get('permission');
+    await svc_permission.grant_user_app_permission(actor, app.uid, permission, {}, { reason: 'open_item' });
 
     // Generate user-app token
     const svc_auth = Context.get('services').get('auth');