Comment by ytoawwhra92

It _is_ a source of friction.

I can think of _one_ product that allows you to set up low-friction access management, and AFAIK most users of that product don't set it up that way.

Software engineers _should_ be able to request access to dev resources JIT during their day-to-day work, have that access auto-approve in >99% of cases, have it auto-expire if they don't actually use the resources, and have all of that be subject to anomaly detection/approval escalations and other auditing.

Instead in most orgs it's like fill out a form, get your manager (who's always in meetings) to approve and then wait some number of days for a human to click-ops your request. At best you can open a PR and have the changes applied in an hour or two.

You _should_ be able to get access to things pretty much immediately if you need them and they're not sensitive. Then we could deny by default without cratering productivity.