There’s an unwritten rule that no one will get fired for opening up access - especially when it’s tied to the bottom line. Slow down the process in the name of security, and it may be your job on the line.
Each new access request creates an opportunity for risk, but without the time or resources to assess each one for the impact to security, you’re stuck opening up “ANY” policies left and right.