For 2 years, I had to set up production environments on RHEL, mostly Apache and Keycloak servers. I had a limited, very specific list of sudo permissions, and I had to ask very specifically what I else needed, which was then granted by people who neither knew nor cared what I was working on.
SELinux permission problems were always the fallback reason when nothing else made sense. With my permissions, I could not just straight up check for it. E. g. Apache would not server a folder, cryptic error -> check file permissions -> check general Apache config problems -> assume SELinux permission is missing and request it, supplying the exact command they need to type.
When you are German and they read you the ORIGINAL Grim tales at bedtime, you know what’s up sooner than you’d wish.