In both ACL examples, if I send in a user that has the role “adnim” it’ll quietly and happily treat that as the same as “guest”.<p>You can certainly make that design decision, but I think my take of “explicit is better than implicit” is to let the server logs complain about invalid roles (and then rejecting access, even if a guest would’ve had access).