Comment by lucb1e

"having access to" is not the same as having opened it, though. A server could log which files were retrieved without knowing what the contents are

By having such audit logging, we could see that we e.g. don't need to call the alarm company to change the phone password. Most people don't work in the office outside of business hours and so never need to call them, but since it's the only way of proving you're an employee if you accidentally set off the alarm, we give everyone access to that password. There's at least a dozen examples like that