Google, Meta, and others, famously use the monorepo architecture for storing source code.

I'm just confused how can this work at as scale when Least Privilege is a fundamental concept in security. Does this mean that devs at product X can view the code of product Y etc? Or is the IAM implemented below the repo level?

Thanks