diff --git a/apps/emqx_authz/src/emqx_authz_api_sources.erl b/apps/emqx_authz/src/emqx_authz_api_sources.erl
index b1384b2f2..dca6bf455 100644
--- a/apps/emqx_authz/src/emqx_authz_api_sources.erl
+++ b/apps/emqx_authz/src/emqx_authz_api_sources.erl
@@ -80,16 +80,6 @@ schema("/authorization/sources") ->
                                                                <<"Bad Request">>)
                    }
             }
-     , put =>
-           #{ description => <<"Update all sources">>
-            , 'requestBody' => mk( array(hoconsc:union(authz_sources_type_refs()))
-                                 , #{desc => <<"Sources">>})
-            , responses =>
-                  #{ 204 => <<"Authorization source updated successfully">>
-                   , 400 => emqx_dashboard_swagger:error_codes([?BAD_REQUEST],
-                              <<"Bad Request">>)
-                   }
-            }
      };
 schema("/authorization/sources/:type") ->
     #{ 'operationId' => source
@@ -183,17 +173,7 @@ sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules}}) ->
     update_config(?CMD_PREPEND, [#{<<"type">> => <<"file">>,
                                    <<"enable">> => true, <<"path">> => Filename}]);
 sources(post, #{body := Body}) when is_map(Body) ->
-    update_config(?CMD_PREPEND, [maybe_write_certs(Body)]);
-sources(put, #{body := Body}) when is_list(Body) ->
-    NBody = [ begin
-                case Source of
-                    #{<<"type">> := <<"file">>, <<"rules">> := Rules, <<"enable">> := Enable} ->
-                        {ok, Filename} = write_file(acl_conf_file(), Rules),
-                        #{<<"type">> => <<"file">>, <<"enable">> => Enable, <<"path">> => Filename};
-                    _ -> maybe_write_certs(Source)
-                end
-              end || Source <- Body],
-    update_config(?CMD_REPLACE, NBody).
+    update_config(?CMD_PREPEND, [maybe_write_certs(Body)]).
 
 source(Method, #{bindings := #{type := Type} = Bindings } = Req)
   when is_atom(Type) ->
diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
index 835d8ab48..cd07b2435 100644
--- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
@@ -98,6 +98,7 @@ groups() ->
     [].
 
 init_per_suite(Config) ->
+    ok = stop_apps([emqx_resource, emqx_connector]),
     meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_resource, create_local, fun(_, _, _, _) -> {ok, meck_data} end),
     meck:expect(emqx_resource, create_dry_run_local,
@@ -111,6 +112,7 @@ init_per_suite(Config) ->
     ok = emqx_common_test_helpers:start_apps(
            [emqx_conf, emqx_authz, emqx_dashboard],
            fun set_special_configs/1),
+    ok = start_apps([emqx_resource, emqx_connector]),
     Config.
 
 end_per_suite(_Config) ->
@@ -172,8 +174,8 @@ t_api(_) ->
     {ok, 200, Result1} = request(get, uri(["authorization", "sources"]), []),
     ?assertEqual([], get_sources(Result1)),
 
-    {ok, 204, _} = request(put, uri(["authorization", "sources"]),
-                           [?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5, ?SOURCE6]),
+    [ begin {ok, 204, _} = request(post, uri(["authorization", "sources"]), Source) end
+      || Source <- lists:reverse([?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5, ?SOURCE6])],
     {ok, 204, _} = request(post, uri(["authorization", "sources"]), ?SOURCE1),
 
     Snd = fun ({_, Val}) -> Val end,
@@ -392,5 +394,8 @@ auth_header_() ->
 
 data_dir() -> emqx:data_dir().
 
+start_apps(Apps) ->
+    lists:foreach(fun application:ensure_all_started/1, Apps).
+
 stop_apps(Apps) ->
     lists:foreach(fun application:stop/1, Apps).