Building CRD rules would just be part of the Dev/test --> QA process. So, if Carl gnashed his teeth over “_I deployed a new app to Prod and things are getting denied why or why?!”_ we could say “Carl, did you not test this app first? C’mon Carl.” 😉