Coming at this from a different angle: I always found many security issues are actually data retention issues. The root cause is a system that is bleeding logs, context, and valuable traces; so, all of these safe guards like specialized access, elevated access, bespoke roles, etc. act not as remedies to the bleeding, but as tourniquets.
When data isn't being lost to the void, undo-ability grows. And, having perfect undo-ability is genuine "bulletproof" security. Security, in the traditional practice, then becomes needless undo prevention. That's a lot simpler to tackle than disaster averting prevention.
When data isn't being lost to the void, undo-ability grows. And, having perfect undo-ability is genuine "bulletproof" security. Security, in the traditional practice, then becomes needless undo prevention. That's a lot simpler to tackle than disaster averting prevention.