diff --git a/acl/acl.go b/acl/acl.go
index 8f5cac34..9f008e1b 100644
--- a/acl/acl.go
+++ b/acl/acl.go
@@ -96,11 +96,14 @@ func (as *aclService) AddRecord(ctx context.Context, spaceId string, rec *consen
 	acl.RLock()
 	defer acl.RUnlock()
 
-	var beforeReaders int
+	var beforeReaders, beforeWriters int
 	for _, acc := range acl.AclState().CurrentAccounts() {
 		if !acc.Permissions.NoPermissions() {
 			beforeReaders++
 		}
+		if acc.Permissions.CanWrite() {
+			beforeWriters++
+		}
 	}
 
 	err = acl.ValidateRawRecord(rec, func(state *list.AclState) error {
@@ -114,13 +117,11 @@ func (as *aclService) AddRecord(ctx context.Context, spaceId string, rec *consen
 				writers++
 			}
 		}
-		if readers >= beforeReaders {
-			if readers > beforeReaders && uint32(readers) > limits.ReadMembers {
-				return ErrLimitExceed
-			}
-			if uint32(writers) > limits.WriteMembers {
-				return ErrLimitExceed
-			}
+		if readers > beforeReaders && uint32(readers) > limits.ReadMembers {
+			return ErrLimitExceed
+		}
+		if writers > beforeWriters && uint32(writers) > limits.WriteMembers {
+			return ErrLimitExceed
 		}
 		return nil
 	})