Comment by jldugger

Yes. It's so bad where I work now that IT delegated approvals back to the managers. So now whenever you hire a new engineer, you have to click approve on all the systems they need access to do their job, because apparently RBAC doesn't scale to FAANG. And then they need to re-apply, and you need to re-approve, every year because virtually no accounts are 'forever' approved.

And since many of these are "per-seat" licensing, finance is always cajoling IT into aggressively culling unused accounts. Which makes it to these poor bastards's DMs early in the screen, and the corresponding IT ticket hell of people requesting their access back.

The punchline at the end is basically just hubris: you've solved the megacorp RBAC problem in your head, but trip over the BS logistics of it all. Probably because your application doesn't have network permissions or some other ironic problem.