diff --git a/hbs2-peer/app/RefChan.hs b/hbs2-peer/app/RefChan.hs
index eb19d8e9..05f4adb2 100644
--- a/hbs2-peer/app/RefChan.hs
+++ b/hbs2-peer/app/RefChan.hs
@@ -945,7 +945,7 @@ logMergeProcess penv env q = withPeerM penv do
                     hd <- MaybeT $ lift $ getHead menv headRef
 
                     let quo = view refChanHeadQuorum hd & fromIntegral
-                    guard $ checkACL hd (Just pk) ak
+                    guard $ checkACL ACLUpdate hd (Just pk) ak
                     pure [(href, (quo,mempty))]
 
                   Accept  _ box -> do
diff --git a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanNotify.hs b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanNotify.hs
index e43145c7..97a00541 100644
--- a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanNotify.hs
+++ b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanNotify.hs
@@ -79,7 +79,7 @@ refChanNotifyProto self adapter msg@(Notify rchan box) = do
       let refchanKey = RefChanHeadKey @s rchan
       headBlock <- MaybeT $ getActualRefChanHead @e refchanKey
 
-      guard $ checkACL headBlock Nothing authorKey
+      guard $ checkACL ACLNotify headBlock Nothing authorKey
 
       -- FIXME: garbage-collection-required
       liftIO $ putBlock sto (serialise msg)
diff --git a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanUpdate.hs b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanUpdate.hs
index 2773c2b9..8caab382 100644
--- a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanUpdate.hs
+++ b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/RefChanUpdate.hs
@@ -295,7 +295,7 @@ refChanUpdateProto self pc adapter msg = do
 
         let pips = view refChanHeadPeers headBlock
 
-        guard $ checkACL headBlock (Just peerKey) authorKey
+        guard $ checkACL ACLUpdate headBlock (Just peerKey) authorKey
 
         debug $ "OMG!!! TRANS AUTHORIZED" <+> pretty (AsBase58 peerKey)  <+> pretty (AsBase58 authorKey)
 
@@ -453,7 +453,7 @@ refChanUpdateProto self pc adapter msg = do
              (authorKey, _) <- MaybeT $ pure $ unboxSignedBox0 pbox
 
              -- может, и не надо второй раз проверять
-             guard $ checkACL headBlock (Just peerKey) authorKey
+             guard $ checkACL ACLUpdate headBlock (Just peerKey) authorKey
 
              debug $ "JUST GOT TRANSACTION FROM STORAGE! ABOUT TO CHECK IT" <+> pretty hashRef
 
diff --git a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/Types.hs b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/Types.hs
index e06c9488..ff0e972f 100644
--- a/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/Types.hs
+++ b/hbs2-peer/lib/HBS2/Peer/Proto/RefChan/Types.hs
@@ -46,6 +46,9 @@ type RefChanAuthor e = PubKey 'Sign (Encryption e)
 
 type Weight = Integer
 
+data ACLType = ACLUpdate | ACLNotify
+              deriving stock (Eq,Ord,Generic,Data,Show)
+
 data RefChanHeadBlock e =
   RefChanHeadBlockSmall
    { _refChanHeadVersion     :: Integer
@@ -363,15 +366,19 @@ getRefChanHead sto k = runMaybeT do
 
 
 checkACL :: forall e s . (Encryption e ~ s, ForRefChans e)
-         => RefChanHeadBlock e
+         => ACLType
+         -> RefChanHeadBlock e
          -> Maybe (PubKey 'Sign s)
          -> PubKey 'Sign s
          -> Bool
 
-checkACL theHead mbPeerKey authorKey = match
+checkACL acl theHead mbPeerKey authorKey = match
   where
     pips = view refChanHeadPeers theHead
     aus  = view refChanHeadAuthors theHead
+    notifiers = view refChanHeadNotifiers theHead
     match = maybe True (`HashMap.member` pips) mbPeerKey
-           && authorKey `HashSet.member` aus
+           && ( authorKey `HashSet.member` aus
+              || acl == ACLNotify && authorKey `HashSet.member` notifiers
+              )