diff --git a/acl/authorizer.go b/acl/authorizer.go
index 427eb1a16..43d50544b 100644
--- a/acl/authorizer.go
+++ b/acl/authorizer.go
@@ -149,9 +149,6 @@ type Authorizer interface {
 	// service
 	ServiceWrite(string, *AuthorizerContext) EnforcementDecision
 
-	// ServiceWriteAny checks for permission to read any service
-	ServiceWriteAny(*AuthorizerContext) EnforcementDecision
-
 	// SessionRead checks for permission to read sessions for a given node.
 	SessionRead(string, *AuthorizerContext) EnforcementDecision
 
diff --git a/acl/authorizer_test.go b/acl/authorizer_test.go
index 7d32a78bf..d74029f23 100644
--- a/acl/authorizer_test.go
+++ b/acl/authorizer_test.go
@@ -185,11 +185,6 @@ func (m *mockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) En
 	return ret.Get(0).(EnforcementDecision)
 }
 
-func (m *mockAuthorizer) ServiceWriteAny(ctx *AuthorizerContext) EnforcementDecision {
-	ret := m.Called(ctx)
-	return ret.Get(0).(EnforcementDecision)
-}
-
 // SessionRead checks for permission to read sessions for a given node.
 func (m *mockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
diff --git a/acl/chained_authorizer.go b/acl/chained_authorizer.go
index 33a05f9f1..1b3aed497 100644
--- a/acl/chained_authorizer.go
+++ b/acl/chained_authorizer.go
@@ -235,12 +235,6 @@ func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext)
 	})
 }
 
-func (c *ChainedAuthorizer) ServiceWriteAny(entCtx *AuthorizerContext) EnforcementDecision {
-	return c.executeChain(func(authz Authorizer) EnforcementDecision {
-		return authz.ServiceWriteAny(entCtx)
-	})
-}
-
 // SessionRead checks for permission to read sessions for a given node.
 func (c *ChainedAuthorizer) SessionRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
diff --git a/acl/chained_authorizer_test.go b/acl/chained_authorizer_test.go
index ac4880ba0..7a1aba239 100644
--- a/acl/chained_authorizer_test.go
+++ b/acl/chained_authorizer_test.go
@@ -89,9 +89,6 @@ func (authz testAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecisi
 func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
-	return EnforcementDecision(authz)
-}
 func (authz testAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
diff --git a/acl/policy_authorizer.go b/acl/policy_authorizer.go
index 0e9496bf7..f5ef33e23 100644
--- a/acl/policy_authorizer.go
+++ b/acl/policy_authorizer.go
@@ -325,13 +325,13 @@ func (p *policyAuthorizer) loadRules(policy *PolicyRules) error {
 	return nil
 }
 
-func newPolicyAuthorizer(policies []*Policy, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizer(policies []*Policy, ent *Config) (*policyAuthorizer, error) {
 	policy := MergePolicies(policies)
 
 	return newPolicyAuthorizerFromRules(&policy.PolicyRules, ent)
 }
 
-func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (*policyAuthorizer, error) {
 	p := &policyAuthorizer{
 		agentRules:         radix.New(),
 		intentionRules:     radix.New(),
@@ -767,7 +767,7 @@ func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) Enfor
 	return Default
 }
 
-func (p *policyAuthorizer) ServiceWriteAny(_ *AuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) serviceWriteAny(_ *AuthorizerContext) EnforcementDecision {
 	return p.anyAllowed(p.serviceRules, AccessWrite)
 }
 
diff --git a/acl/static_authorizer.go b/acl/static_authorizer.go
index 2837b8f0a..f257d6b68 100644
--- a/acl/static_authorizer.go
+++ b/acl/static_authorizer.go
@@ -219,13 +219,6 @@ func (s *staticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementD
 	return Deny
 }
 
-func (s *staticAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
-	if s.defaultAllow {
-		return Allow
-	}
-	return Deny
-}
-
 func (s *staticAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow