Skip to main content

Connector policy change

We recommend tightening policies for the roles/connector role. We've changed our default policy regarding the connector. This only applies if you're updating from before 25.7.2 - newer installs already use this policy.

Please run the following CSL script (this may be done safely before 25.7.2).

# Replace connector-transactions rule to instead permit specific actions
delete access-rule connector-transactions
create allow access-rule connector-transactions { action = ["update", "custom/recheck", "custom/abort"], resource = "Transaction", initiate = "roles/connector" }
# Permit automatic retrying of transfers
create allow access-rule connector-transfers { action = ["custom/retry", "custom/recheck", "custom/abort"], resource = "Transfer", initiate = "roles/connector" }
# Deny anyone from deleting transactions
create deny access-rule deny-delete-transactions { action = "delete", resource = "Transaction", initiate = "any/user" }