diff --git a/ui/app/abilities/variable.js b/ui/app/abilities/variable.js
index a9fb8e6fbbd1..b0cc8949fb43 100644
--- a/ui/app/abilities/variable.js
+++ b/ui/app/abilities/variable.js
@@ -82,8 +82,10 @@ export default class Variable extends AbstractAbility {
       return this.allVariablePathRules.some((rule) => {
         const ruleMatchingPath = this._nearestMatchingPath(rule.name);
         return (
-          rule.namespace === this.namespace &&
-          ruleMatchingPath === matchingPath &&
+          (rule.namespace === WILDCARD_GLOB ||
+            rule.namespace === this.namespace) &&
+          (ruleMatchingPath === WILDCARD_GLOB ||
+            ruleMatchingPath === matchingPath) &&
           rule.capabilities.includes('read')
         );
       });
@@ -91,7 +93,7 @@ export default class Variable extends AbstractAbility {
   }
 
   /**
-   * Check if the user has delete access to a specific path in a specific namespace.
+   * Check if the user has destroy access to a specific path in a specific namespace.
    * @returns {boolean}
    */
   @computed(
@@ -105,16 +107,18 @@ export default class Variable extends AbstractAbility {
     if (this.namespace === WILDCARD_GLOB) {
       return this.policyNamespacesIncludeVariablesCapabilities(
         this.token.selfTokenPolicies,
-        ['delete'],
+        ['destroy'],
         matchingPath
       );
     } else {
       return this.allVariablePathRules.some((rule) => {
         const ruleMatchingPath = this._nearestMatchingPath(rule.name);
         return (
-          rule.namespace === this.namespace &&
-          ruleMatchingPath === matchingPath &&
-          rule.capabilities.includes('delete')
+          (rule.namespace === WILDCARD_GLOB ||
+            rule.namespace === this.namespace) &&
+          (ruleMatchingPath === WILDCARD_GLOB ||
+            ruleMatchingPath === matchingPath) &&
+          rule.capabilities.includes('destroy')
         );
       });
     }
@@ -191,8 +195,10 @@ export default class Variable extends AbstractAbility {
       return this.allVariablePathRules.some((rule) => {
         const ruleMatchingPath = this._nearestMatchingPath(rule.name);
         return (
-          rule.namespace === this.namespace &&
-          ruleMatchingPath === matchingPath &&
+          (rule.namespace === WILDCARD_GLOB ||
+            rule.namespace === this.namespace) &&
+          (ruleMatchingPath === WILDCARD_GLOB ||
+            ruleMatchingPath === matchingPath) &&
           rule.capabilities.includes('write')
         );
       });
diff --git a/ui/tests/unit/abilities/variable-test.js b/ui/tests/unit/abilities/variable-test.js
index 7b80e86783fe..f74d3099bce7 100644
--- a/ui/tests/unit/abilities/variable-test.js
+++ b/ui/tests/unit/abilities/variable-test.js
@@ -807,21 +807,27 @@ module('Unit | Ability | variable', function (hooks) {
       this.owner.register('service:token', mockToken);
       this.ability.namespace = 'bar';
 
-      const allPaths = this.ability.allPaths;
+      const allPaths = this.ability.allVariablePathRules;
 
       assert.deepEqual(
         allPaths,
         [
+          {
+            capabilities: ['write'],
+            name: 'foo',
+            namespace: 'default',
+          },
           {
             capabilities: ['read', 'write'],
             name: 'foo',
+            namespace: 'bar',
           },
         ],
         'It should return the exact path match.'
       );
     });
 
-    test('it matches on default if no namespace is selected', function (assert) {
+    test('it matches if no namespace is selected', function (assert) {
       const mockToken = Service.extend({
         aclEnabled: true,
         selfToken: { type: 'client' },
@@ -854,7 +860,7 @@ module('Unit | Ability | variable', function (hooks) {
       this.owner.register('service:token', mockToken);
       this.ability.namespace = undefined;
 
-      const allPaths = this.ability.allPaths;
+      const allPaths = this.ability.allVariablePathRules;
 
       assert.deepEqual(
         allPaths,
@@ -862,9 +868,15 @@ module('Unit | Ability | variable', function (hooks) {
           {
             capabilities: ['write'],
             name: 'foo',
+            namespace: 'default',
+          },
+          {
+            capabilities: ['read', 'write'],
+            name: 'foo',
+            namespace: 'bar',
           },
         ],
-        'It should return the exact path match.'
+        'It should return both matches separated by namespace.'
       );
     });
 
@@ -925,7 +937,7 @@ module('Unit | Ability | variable', function (hooks) {
       this.owner.register('service:token', mockToken);
       this.ability.namespace = 'pablo';
 
-      const allPaths = this.ability.allPaths;
+      const allPaths = this.ability.allVariablePathRules;
 
       assert.deepEqual(
         allPaths,
@@ -933,6 +945,22 @@ module('Unit | Ability | variable', function (hooks) {
           {
             capabilities: ['list'],
             name: '*',
+            namespace: '*',
+          },
+          {
+            capabilities: ['list', 'read', 'destroy', 'create'],
+            name: '*',
+            namespace: 'namespace-1',
+          },
+          {
+            capabilities: ['list', 'read', 'destroy', 'create'],
+            name: 'blue/*',
+            namespace: 'namespace-2',
+          },
+          {
+            capabilities: ['list', 'read', 'create'],
+            name: 'nomad/jobs/*',
+            namespace: 'namespace-2',
           },
         ],
         'It should return the glob matching namespace match.'