https://ferkakta.dev/tags/team/Recent content in Team on ferkakta.devHugoen-USCopyright fizz.Fri, 27 Feb 2026 00:00:00 +0000https://ferkakta.dev/access-control-docs-as-respect/Fri, 27 Feb 2026 00:00:00 +0000https://ferkakta.dev/access-control-docs-as-respect/<p>I tightened a teammate&rsquo;s AWS permissions last night. Added an inline deny policy to block three categories of CloudWatch log groups — WorkSpaces OS logs, VPC flow logs, WAF request data. Five minutes of IAM work. Then I spent twenty minutes writing a document explaining every boundary, what&rsquo;s accessible, what&rsquo;s denied, what&rsquo;s coming next, and what I haven&rsquo;t designed yet.</p> <p>The document mattered more than the policy.</p> <h2 id="the-default-is-silence">The default is silence</h2> <p>Most companies handle access control the same way. Someone asks for access. An admin creates a policy. The requester gets a login link. Nobody explains what they can and can&rsquo;t do, or why.</p>