diff --git a/.changelog/4434.txt b/.changelog/4434.txt
new file mode 100644
index 0000000000..e87e04cc21
--- /dev/null
+++ b/.changelog/4434.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect-inject: fix issue where the ACL policy for the connect-injector included the `acl = "write"` rule twice when namespaces were not enabled.
+```
diff --git a/control-plane/subcommand/server-acl-init/rules.go b/control-plane/subcommand/server-acl-init/rules.go
index 1f00e1019c..99581e3b5f 100644
--- a/control-plane/subcommand/server-acl-init/rules.go
+++ b/control-plane/subcommand/server-acl-init/rules.go
@@ -310,11 +310,11 @@ partition "{{ .PartitionName }}" {
   }
 {{- if .EnableNamespaces }}
   namespace_prefix "" {
+    acl = "write"
 {{- end }}
 {{- if .EnablePartitions }}
     policy = "write"
 {{- end }}
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
diff --git a/control-plane/subcommand/server-acl-init/rules_test.go b/control-plane/subcommand/server-acl-init/rules_test.go
index bb727968f3..ea61d885db 100644
--- a/control-plane/subcommand/server-acl-init/rules_test.go
+++ b/control-plane/subcommand/server-acl-init/rules_test.go
@@ -883,7 +883,6 @@ func TestInjectRules(t *testing.T) {
   node_prefix "" {
     policy = "write"
   }
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
@@ -917,7 +916,30 @@ func TestInjectRules(t *testing.T) {
   }`,
 		},
 		{
-			EnableNamespaces: true,
+			EnableNamespaces: false,
+			EnablePartitions: true,
+			EnablePeering:    false,
+			PartitionName:    "part-1",
+			Expected: `
+partition "part-1" {
+  mesh = "write"
+  acl = "write"
+  node_prefix "" {
+    policy = "write"
+  }
+    policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+}`,
+		},
+		{
+			EnableNamespaces: false,
 			EnablePartitions: false,
 			EnablePeering:    true,
 			Expected: `
@@ -928,8 +950,6 @@ func TestInjectRules(t *testing.T) {
   node_prefix "" {
     policy = "write"
   }
-  namespace_prefix "" {
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
@@ -937,8 +957,7 @@ func TestInjectRules(t *testing.T) {
     identity_prefix "" {
       policy = "write"
       intentions = "write"
-    }
-  }`,
+    }`,
 		},
 		{
 			EnableNamespaces: true,
@@ -953,7 +972,32 @@ partition "part-1" {
     policy = "write"
   }
   namespace_prefix "" {
+    acl = "write"
     policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+  }
+}`,
+		},
+		{
+			EnableNamespaces: true,
+			EnablePartitions: false,
+			EnablePeering:    true,
+			Expected: `
+  mesh = "write"
+  operator = "write"
+  acl = "write"
+  peering = "write"
+  node_prefix "" {
+    policy = "write"
+  }
+  namespace_prefix "" {
     acl = "write"
     service_prefix "" {
       policy = "write"
@@ -963,7 +1007,30 @@ partition "part-1" {
       policy = "write"
       intentions = "write"
     }
+  }`,
+		},
+		{
+			EnableNamespaces: false,
+			EnablePartitions: true,
+			EnablePeering:    true,
+			PartitionName:    "part-1",
+			Expected: `
+partition "part-1" {
+  mesh = "write"
+  acl = "write"
+  peering = "write"
+  node_prefix "" {
+    policy = "write"
   }
+    policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
 }`,
 		},
 		{
@@ -980,8 +1047,8 @@ partition "part-1" {
     policy = "write"
   }
   namespace_prefix "" {
-    policy = "write"
     acl = "write"
+    policy = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"