[ethbr0]

Salesforce's worst design principle is hiding things people don't have access to.

And it cuts to the heart of the agility you're describing -- if I can't know what I'm NOT seeing, then how can I discover I need to request it?

From this perspective, Salesforce is absolutely engineered for top down "Identify the process, create a set of permissions that allows it, then apply those permissions to the appropriate set of people" design.

As opposed to bottom-up discoverability (e.g. I can see that I don't have access to this thing, somewhere) + RBAC requests for a permission set I learn I need.

[carlmr]

>if I can't know what I'm NOT seeing, then how can I discover I need to request it?

This is so true. I feel that most of our closed source scripts are duplicates because you can't search for existing internal projects in our system. If you know it's there you can ask for it, but you usually don't, so you build your own.

[ethbr0]

One company I worked at had default org-wide GitHub visibility.

It made me realize everyone else was using source control completely wrong. Game changer to be able to look at or copy the source for {anything}.

[tilne]

Most places I’ve worked default to letting everyone read any source. Is that not the norm? Agree that it’s a game changer for those willing to use it, but I find that last qualifier to be surprisingly rare.

[ethbr0]

I think it varies according to industry culture. It's anathema to some industries to have that level of openness be the default.