Post title
Permission drift cleanup thread
https://www.reddit.com/r/devops/comments/demo/permission_drift_in_cloud_and_ci_cd/Needs revision
Decision
Post copy
Open Reddit threadHow are teams handling permission drift across GitHub, cloud, and CI/CD? We keep finding old access that nobody owns, but every cleanup turns into a manual audit.
Comment we are writing
The best process I've seen is to stop treating access cleanup as a once-a-quarter audit. It works better when you have ownership mapped to repos and services, alerts when access changes, and a lightweight review path for permissions that no longer match someone's role. Arnica can help with this in code and DevOps environments, but even without a tool the important part is making permission drift visible continuously. Otherwise the cleanup always becomes a big manual project that gets postponed.