diff --git a/.changelog/4434.txt b/.changelog/4434.txt
new file mode 100644
index 0000000000..e87e04cc21
--- /dev/null
+++ b/.changelog/4434.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect-inject: fix issue where the ACL policy for the connect-injector included the `acl = "write"` rule twice when namespaces were not enabled.
+```
diff --git a/control-plane/subcommand/server-acl-init/rules.go b/control-plane/subcommand/server-acl-init/rules.go
index f408037157..d49897b0a0 100644
--- a/control-plane/subcommand/server-acl-init/rules.go
+++ b/control-plane/subcommand/server-acl-init/rules.go
@@ -342,11 +342,11 @@ partition "{{ .PartitionName }}" {
   }
 {{- if .EnableNamespaces }}
   namespace_prefix "" {
+    acl = "write"
 {{- end }}
 {{- if .EnablePartitions }}
     policy = "write"
 {{- end }}
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
diff --git a/control-plane/subcommand/server-acl-init/rules_test.go b/control-plane/subcommand/server-acl-init/rules_test.go
index c1a02a2218..1c9bb1be66 100644
--- a/control-plane/subcommand/server-acl-init/rules_test.go
+++ b/control-plane/subcommand/server-acl-init/rules_test.go
@@ -960,7 +960,6 @@ func TestInjectRules(t *testing.T) {
   node_prefix "" {
     policy = "write"
   }
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
@@ -994,7 +993,30 @@ func TestInjectRules(t *testing.T) {
   }`,
 		},
 		{
-			EnableNamespaces: true,
+			EnableNamespaces: false,
+			EnablePartitions: true,
+			EnablePeering:    false,
+			PartitionName:    "part-1",
+			Expected: `
+partition "part-1" {
+  mesh = "write"
+  acl = "write"
+  node_prefix "" {
+    policy = "write"
+  }
+    policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+}`,
+		},
+		{
+			EnableNamespaces: false,
 			EnablePartitions: false,
 			EnablePeering:    true,
 			Expected: `
@@ -1005,8 +1027,6 @@ func TestInjectRules(t *testing.T) {
   node_prefix "" {
     policy = "write"
   }
-  namespace_prefix "" {
-    acl = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"
@@ -1014,8 +1034,7 @@ func TestInjectRules(t *testing.T) {
     identity_prefix "" {
       policy = "write"
       intentions = "write"
-    }
-  }`,
+    }`,
 		},
 		{
 			EnableNamespaces: true,
@@ -1030,7 +1049,32 @@ partition "part-1" {
     policy = "write"
   }
   namespace_prefix "" {
+    acl = "write"
     policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+  }
+}`,
+		},
+		{
+			EnableNamespaces: true,
+			EnablePartitions: false,
+			EnablePeering:    true,
+			Expected: `
+  mesh = "write"
+  operator = "write"
+  acl = "write"
+  peering = "write"
+  node_prefix "" {
+    policy = "write"
+  }
+  namespace_prefix "" {
     acl = "write"
     service_prefix "" {
       policy = "write"
@@ -1040,7 +1084,30 @@ partition "part-1" {
       policy = "write"
       intentions = "write"
     }
+  }`,
+		},
+		{
+			EnableNamespaces: false,
+			EnablePartitions: true,
+			EnablePeering:    true,
+			PartitionName:    "part-1",
+			Expected: `
+partition "part-1" {
+  mesh = "write"
+  acl = "write"
+  peering = "write"
+  node_prefix "" {
+    policy = "write"
   }
+    policy = "write"
+    service_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
+    identity_prefix "" {
+      policy = "write"
+      intentions = "write"
+    }
 }`,
 		},
 		{
@@ -1057,8 +1124,8 @@ partition "part-1" {
     policy = "write"
   }
   namespace_prefix "" {
-    policy = "write"
     acl = "write"
+    policy = "write"
     service_prefix "" {
       policy = "write"
       intentions = "write"