Shoot. Almost there, at least for us cybersecurity-minded folks.

A need for a default-deny-all and then select what a process needs is the better security granularity.

This default-ALLOW-all is too problematic for today's (and future) security needs.

Cuts down on the compliance paperworks too.