When creating or modifying a Cloud Datum Stream, the given node ID for the stream must be allowed by the actor’s security policy. At the moment this is not enforced, so if using a token with a node ID security policy restriction, it is possible to create a Cloud Integration using a node ID excluded from the policy.

For example, if an actor has a security policy like

{"nodeIds":[1,2,3]}

and they attempt to create a Cloud Datum Stream with node ID 4, it should be denied. Only node IDs 1, 2, or 3 should be allowed.