Re: Broken security model
There are some strange habits in it security.
Some places insist on two accounts for admins, I,e. A user account and an admin account - mind you that isn’t perfect but it stops giving rights to user level to log into servers.
Others don’t th8nk it is necessary.
As you say logging denies proves if someone is trying to hack a system, but you need to know what they are doing when they are logged in, mind you going through those audit logs can be a problem in itself, unless you have some very good analysis tools.
I spend my time as a firewall admin and have seen a busy server generate 100s of logs per second trying to find the anomaly in there is hard - although I do read wireshark logs and can spot telltale signs of problems very quickly.