diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go
index 057c9f9cb..566a932f2 100644
--- a/agent/consul/config_endpoint.go
+++ b/agent/consul/config_endpoint.go
@@ -36,7 +36,7 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *struct{}) e
 	if err != nil {
 		return err
 	}
-	if rule != nil && !args.Entry.VerifyWriteACL(rule) {
+	if rule != nil && !args.Entry.CanWrite(rule) {
 		return acl.ErrPermissionDenied
 	}
 
@@ -69,7 +69,7 @@ func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.Indexed
 	if err != nil {
 		return err
 	}
-	if rule != nil && !lookupEntry.VerifyReadACL(rule) {
+	if rule != nil && !lookupEntry.CanRead(rule) {
 		return acl.ErrPermissionDenied
 	}
 
@@ -119,7 +119,7 @@ func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.Indexe
 			// Filter the entries returned by ACL permissions.
 			filteredEntries := make([]structs.ConfigEntry, 0, len(entries))
 			for _, entry := range entries {
-				if rule != nil && !entry.VerifyReadACL(rule) {
+				if rule != nil && !entry.CanRead(rule) {
 					continue
 				}
 				filteredEntries = append(filteredEntries, entry)
@@ -149,7 +149,7 @@ func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{})
 	if err != nil {
 		return err
 	}
-	if rule != nil && !args.Entry.VerifyWriteACL(rule) {
+	if rule != nil && !args.Entry.CanWrite(rule) {
 		return acl.ErrPermissionDenied
 	}
 
diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go
index a20432a6a..7f571109d 100644
--- a/agent/structs/config_entry.go
+++ b/agent/structs/config_entry.go
@@ -26,10 +26,10 @@ type ConfigEntry interface {
 	Normalize() error
 	Validate() error
 
-	// VerifyReadACL and VerifyWriteACL return whether or not the given Authorizer
+	// CanRead and CanWrite return whether or not the given Authorizer
 	// has permission to read or write to the config entry, respectively.
-	VerifyReadACL(acl.Authorizer) bool
-	VerifyWriteACL(acl.Authorizer) bool
+	CanRead(acl.Authorizer) bool
+	CanWrite(acl.Authorizer) bool
 
 	GetRaftIndex() *RaftIndex
 }
@@ -76,11 +76,11 @@ func (e *ServiceConfigEntry) Validate() error {
 	return nil
 }
 
-func (e *ServiceConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
+func (e *ServiceConfigEntry) CanRead(rule acl.Authorizer) bool {
 	return rule.ServiceRead(e.Name)
 }
 
-func (e *ServiceConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
+func (e *ServiceConfigEntry) CanWrite(rule acl.Authorizer) bool {
 	return rule.ServiceWrite(e.Name, nil)
 }
 
@@ -140,11 +140,11 @@ func (e *ProxyConfigEntry) Validate() error {
 	return nil
 }
 
-func (e *ProxyConfigEntry) VerifyReadACL(rule acl.Authorizer) bool {
+func (e *ProxyConfigEntry) CanRead(rule acl.Authorizer) bool {
 	return true
 }
 
-func (e *ProxyConfigEntry) VerifyWriteACL(rule acl.Authorizer) bool {
+func (e *ProxyConfigEntry) CanWrite(rule acl.Authorizer) bool {
 	return rule.OperatorWrite()
 }