diff --git a/.ci/docker-compose-file/scripts/run-emqx.sh b/.ci/docker-compose-file/scripts/run-emqx.sh
index bf99cb61f..e8cdfdf4f 100755
--- a/.ci/docker-compose-file/scripts/run-emqx.sh
+++ b/.ci/docker-compose-file/scripts/run-emqx.sh
@@ -22,6 +22,8 @@ esac
   echo "HOCON_ENV_OVERRIDE_PREFIX=EMQX_"
   echo "EMQX_ZONES__DEFAULT__MQTT__RETRY_INTERVAL=2s"
   echo "EMQX_ZONES__DEFAULT__MQTT__MAX_TOPIC_ALIAS=10"
+  echo "EMQX_AUTHORIZATION__SOURCES=[]"
+  echo "EMQX_AUTHORIZATION__NO_MATCH=allow"
 } >> .ci/docker-compose-file/conf.cluster.env
 
 is_node_up() {
diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml
index f90f3155a..d5fbc32b6 100644
--- a/.github/workflows/run_fvt_tests.yaml
+++ b/.github/workflows/run_fvt_tests.yaml
@@ -186,6 +186,8 @@ jobs:
             --set image.pullPolicy=Never \
             --set emqxConfig.EMQX_ZONES__DEFAULT__MQTT__RETRY_INTERVAL=2s \
             --set emqxConfig.EMQX_ZONES__DEFAULT__MQTT__MAX_TOPIC_ALIAS=10 \
+            --set emqxConfig.EMQX_AUTHORIZATION__SOURCES=[] \
+            --set emqxConfig.EMQX_AUTHORIZATION__NO_MATCH=allow \
             deploy/charts/emqx \
             --debug
 
diff --git a/apps/emqx_authz/etc/acl.conf b/apps/emqx_authz/etc/acl.conf
index a1cfd41d3..d39490d46 100644
--- a/apps/emqx_authz/etc/acl.conf
+++ b/apps/emqx_authz/etc/acl.conf
@@ -26,3 +26,7 @@
 {allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
 
 {allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}.
+
+{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
+
+{allow, all}.
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index b4dd180e3..e41ef71ce 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -329,7 +329,7 @@ authorize(
                 'client.check_authz_complete',
                 [Client, PubSub, Topic, deny, AuthzSource]
             ),
-            ?SLOG(info, #{
+            ?SLOG(warning, #{
                 msg => "authorization_permission_denied",
                 username => Username,
                 ipaddr => IpAddress,
diff --git a/apps/emqx_conf/i18n/emqx_conf_schema.conf b/apps/emqx_conf/i18n/emqx_conf_schema.conf
index b6d57b669..fd53e3e47 100644
--- a/apps/emqx_conf/i18n/emqx_conf_schema.conf
+++ b/apps/emqx_conf/i18n/emqx_conf_schema.conf
@@ -940,7 +940,7 @@ until the RPC connection is considered lost."""
 
   log_file_handlers {
     desc {
-      en: """file-based log handlers."""
+      en: """File-based log handlers."""
       zh: """输出到文件的日志处理进程列表"""
     }
     label {