Access-control lists are often set up to answer the obvious question "can X access Y to do Z?" but not other useful things like "What are all the Ys X can do Z to?" But this needs to be planned in from the start, or you will be sad later on.
(Twitter thread.)

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!