diff --git a/nomad/consul.go b/nomad/consul.go
index e5fe3fe73..a20074ab1 100644
--- a/nomad/consul.go
+++ b/nomad/consul.go
@@ -253,17 +253,6 @@ func (c *consulACLsAPI) CheckPermissions(ctx context.Context, namespace string,
 		}
 	}
 
-	// verify token has service identity permission for connect services
-	for _, kind := range usage.Kinds {
-		service := kind.Value()
-		allowable, err := c.canWriteService(namespace, service, token)
-		if err != nil {
-			return err
-		} else if !allowable {
-			return fmt.Errorf("insufficient Consul ACL permissions to write Connect service %q", service)
-		}
-	}
-
 	return nil
 }
 
diff --git a/nomad/consul_oss_test.go b/nomad/consul_oss_test.go
index c1cd375b4..6e0c266b8 100644
--- a/nomad/consul_oss_test.go
+++ b/nomad/consul_oss_test.go
@@ -91,34 +91,4 @@ func TestConsulACLsAPI_CheckPermissions_oss(t *testing.T) {
 			try(t, "", usage, "f1682bde-1e71-90b1-9204-85d35467ba61", errors.New("unable to read consul token: no such token"))
 		})
 	})
-
-	t.Run("check-permissions connect service identity write", func(t *testing.T) {
-		usage := &structs.ConsulUsage{Kinds: []structs.TaskKind{structs.NewTaskKind(structs.ConnectProxyPrefix, "service1")}}
-
-		t.Run("operator has service write", func(t *testing.T) {
-			try(t, "", usage, consul.ExampleOperatorTokenID1, nil)
-		})
-
-		t.Run("operator has service_prefix write", func(t *testing.T) {
-			u := &structs.ConsulUsage{Kinds: []structs.TaskKind{structs.NewTaskKind(structs.ConnectProxyPrefix, "foo-service1")}}
-			try(t, "", u, consul.ExampleOperatorTokenID2, nil)
-		})
-
-		t.Run("operator has service_prefix write wrong prefix", func(t *testing.T) {
-			u := &structs.ConsulUsage{Kinds: []structs.TaskKind{structs.NewTaskKind(structs.ConnectProxyPrefix, "bar-service1")}}
-			try(t, "", u, consul.ExampleOperatorTokenID2, errors.New(`insufficient Consul ACL permissions to write Connect service "bar-service1"`))
-		})
-
-		t.Run("operator permissions insufficient", func(t *testing.T) {
-			try(t, "", usage, consul.ExampleOperatorTokenID3, errors.New(`insufficient Consul ACL permissions to write Connect service "service1"`))
-		})
-
-		t.Run("operator provided no token", func(t *testing.T) {
-			try(t, "", usage, "", errors.New("missing consul token"))
-		})
-
-		t.Run("operator provided nonsense token", func(t *testing.T) {
-			try(t, "", usage, "f1682bde-1e71-90b1-9204-85d35467ba61", errors.New("unable to read consul token: no such token"))
-		})
-	})
 }
diff --git a/nomad/structs/consul.go b/nomad/structs/consul.go
index 2c988c30d..3a5db846b 100644
--- a/nomad/structs/consul.go
+++ b/nomad/structs/consul.go
@@ -34,7 +34,6 @@ func (c *Consul) Validate() error {
 // noting which connect services and normal services will be registered, and
 // whether the keystore will be read via template.
 type ConsulUsage struct {
-	Kinds    []TaskKind
 	Services []string
 	KV       bool
 }
@@ -45,8 +44,6 @@ func (cu *ConsulUsage) Used() bool {
 	switch {
 	case cu.KV:
 		return true
-	case len(cu.Kinds) > 0:
-		return true
 	case len(cu.Services) > 0:
 		return true
 	}