https://katzir.xyz/tags/permissions/Recent content in Permissions on katzir.xyzHugoenThu, 25 Jun 2026 09:16:56 -0400https://katzir.xyz/posts/identity/Thu, 25 Jun 2026 09:16:56 -0400https://katzir.xyz/posts/identity/<p>Most places treat identity and access management like paperwork. Someone needs access, a ticket gets filed, a permission gets granted, and everybody moves on. It&rsquo;s the path of least resistance, but it&rsquo;s also how you end up with an environment where nobody really knows who (or what) has access to what, and auditing anything becomes an archaeology project.</p> <p>Really, we should think about IAM as part of how a system is designed, not something that happens after the design is done. Who can touch what, how services authenticate to each other, what happens when someone leaves, these are all load-bearing decisions, not afterthoughts. Of course, many of us actually <!-- raw HTML omitted -->inherit<!-- raw HTML omitted --> systems that are pre-designed, which actually does seem like an archeaology project whether we want it to or not. I&rsquo;ve taught courses on Windows Server and Active Directory, and I try to give my students realistic (read messy) environments to inherit, since they&rsquo;re not going to get a clean forest when they walk into a Windows shop that&rsquo;s been using AD for 25 years.</p>