AC-7: Connection Scope Minimization
Summary
AC-7 focuses on least-privilege access for connections used by Make.com scenarios and n8n workflows. FlowBeacon highlights connections that may be shared too widely, tied to high-privilege access, or granted more reach than the automation appears to require.
Severity: Medium · Category: Access Control · Platforms: Make.com, n8n
What FlowBeacon Reviews
- Whether the same connection appears to be reused across many modules or unrelated integrations.
- Whether a connection appears tied to a higher-privilege account than the automation likely needs.
- Whether the permission footprint looks broader than the automation's actual job.
Why This Matters
- Over-scoped connections increase the impact of a single credential problem.
- Smaller permission sets are easier to review, justify, and maintain.
- Least-privilege access supports stronger governance with less operational risk.
If This Policy Is Flagged
- Review which permissions the automation actually needs.
- Replace broad credentials with narrower ones where possible.
- Separate high-risk or high-privilege access from routine automation use.
- Re-run the evaluation after the connection setup is tightened.
Why Users Care
- Users reduce blast radius without redesigning the full automation.
- Delivery partners can implement safer connection patterns from the start.
- Audit conversations are simpler when permissions match business need.