Comment by jiggawatts
18 hours ago
No one needs write access, but most systems only have a read/write predefined role for tenant-wide access. If you don’t trust the department staff to give you anything but a predefined role, it’s typically the only option. Similarly if you need to fire privileged IT staff on the spot for headcount reduction you need admin-equivalent rights to lock them out. You can’t in general trust disgruntled admins to lock themselves out!
Also, in some cloud systems full read access can give you direct or indirect access to service keys / API keys which then are write equivalent permissions anyway.
> If you don’t trust the department staff
I find the argument the most absurd in relation to DOGE. There is no reason to give them more trust then to anyone else in goverment ... and multiple reasons to trust them less. Starting from personal histories of some of them and how they were selected.
As such, this "I dont trust" is just reflection of their incompetence, arrogance and a lazy excuse.