What Factorio Taught Me About Access Control at Scale
Space bugs, real bugs, and everything in between
Factorio has been quite trendy lately and is getting a lot of attention in the developer community—especially among startups. Companies have actually been buying Factorio licenses for their employees, particularly their engineers, to help them become better at their jobs.
At its core, Factorio is about solving problems, scaling up systems, and dealing with challenges as they arise—things every software engineer faces every day. The game is a fun way to learn these skills, and I think it can teach us a lot about access control, scalability, and planning in particular.
You can, of course, play the game without implementing any of these ideas - and Factorio will be sure to punish you with frustration. But if you ignore the lessons Factorio teaches us in a real-life software development setting, you're truly in for a bad time.
This week, I’ll cover some of the main things I learned from Factorio about access control - I hope you find them as helpful as I did.
Before we dive in, here’s a short intro to what the game is about, in case you’re unfamiliar -
A Short Intro to Factorio
Factorio (and its recent expansion Factorio: Space Age) is a construction and management simulation game released in 2020, developed and published by Czech studio Wube Software.
In Factorio, you’re stranded on a barren planet with nothing but your wits and a pair of hands to start mining and building. Armed with the goal of launching yourself back into space, you build everything from scratch—mining resources, constructing assembly lines, and automating production.
It’s bootstrapping in the purest sense of the word, and the goal is simple: scale up from nothing to an automated, fully functioning system.
The more you build, the more complex things get. Conveyor belts intersect, resources need to be routed to multiple locations, and bottlenecks start to show up. You’re constantly balancing the need to expand with the need to maintain control. And while it’s tempting to throw things together quickly to meet an immediate need, Factorio has a way of punishing you for short-sighted decisions.
Sound familiar? It should. It’s quite easy to draw very direct parallels between the world of Factorio **and the reality of software development.
You start small, writing a quick script or spinning up a single service. Then, before you know it, your system has grown into a sprawling network of dependencies, integrations, and user requests. The pressure to scale is constant, and without proper planning, complexity can quickly spiral out of control.
With this basic understanding, allow me to elaborate further -
Lesson 1: Managing External Threats - The (Space) Bugs
In Factorio, one of your biggest challenges is dealing with external threats: space bugs. As your factory grows and starts polluting more, the bugs multiply, attacking your factory in waves. You can’t just ignore them; they’ll destroy everything you’ve built if you’re not prepared. This is where your factory's ability to add security features like mass-producing gun turrets and munitions.
In software development, external threats aren’t so different. Hackers, malicious actors, and vulnerabilities are all “bugs” that constantly threaten your application. As your application grows and expands with more users, features, and integrations, your security needs to scale to match.
Now, starting simple isn’t the problem. In fact, it’s necessary. Early on, you might rely on basic defenses. When it comes to access control, I think most developers usually opt for some kind of simple external authentication solution and extend it a bit with some basic hard-coded authorization rules. Some might go a step further and use the authentication solution’s built-in role-based access control (RBAC) capabilities.
And that’s better than nothing! It works… for a while.
But then your system grows as well. When it does, you suddenly find yourself with an urgent need to scale your existing access control implementation to cover much more complex needs. This might include everything from making dynamic decisions based on external factors (e.g., a user paid for a feature with Stripe, and now they should have access to it immediately upon payment) to requiring multi-tenancy support, more complex authorization models such as ABAC or ReBAC, and access request interfaces. I could go on forever.
The problem is, once you start scaling, you realize the system you’ve initially built just doesn’t work - you have to start everything from scratch. And while your basic implementation saved you some time because you didn’t build it to scale, you are now having a bad time.
The lesson here? Build your defenses in a way that’s scalable and constantly evolving. Anticipate the evolution of threats in software. Think about the long-term, and automate where possible. Security is never a one-and-done task—it grows alongside everything else.
Lesson 2: Managing Internal Threats – Contaminations
External threats aren’t the only problem. You also need to manage what’s happening inside your system. In a Factorio setting, you might have set up a conveyor belt system that gets messy as you start expanding. Uranium gets mixed with rocks, or iron ore ends up on the wrong line. Suddenly, your carefully planned system is out of whack, and production slows down—or worse, grinds to a halt.
This type of contamination, while frustrating in Factorio, is downright catastrophic in software. Internal issues often arise not because of malice but because of mistakes: users exceeding their permissions, misconfigurations, or unexpected interactions between systems.
Imagine a misstep where a user accidentally gains access to resources they shouldn’t. Maybe it’s an oversight in role assignments or a hardcoded rule that works for one use case but breaks in another. These small errors snowball as your system grows - creating issues so frustrating there’s a good chance they’ll make you rage-quit.
The key to managing internal threats is visibility and control. In the game, this might mean designing your pipelines carefully, visibly, and transparently. In software, it’s kind of the same. It means thinking about access control from day one—decoupling your permission logic from your application code, maintaining clear visibility into permissions, and ensuring changes are easy to audit and adjust.
Internal threats might not seem like a big deal early on, but they can wreak just as much havoc as external ones if left unchecked. Plan ahead, focus on visibility, and design your system to prevent contamination before it happens.
Lesson 3: Proactivity vs. Reactivity
In Factorio, defending your factory against space bugs is only half the battle. Sure, you can set up walls, turrets, and laser beams to keep them out, but staying on the defensive leaves you in a constant cycle of maintenance. Bugs keep coming, your defenses need repairs, and eventually, you’ll get overwhelmed if you don’t take a more proactive approach.
The solution? Go on the offensive. Instead of waiting for the bugs to swarm your factory, you can head out, clear infestations, and reclaim some breathing room. This proactive mindset—taking control before problems escalate—is one of the most valuable lessons Factorio teaches us.
Now, I’m not saying go hack the systems of those that might hack you (Unless that’s your job?). If you’re constantly putting out fires, fixing vulnerabilities only when they’re exploited, or retrofitting access control after things go wrong, you’re always playing catch-up. It’s inefficient, and eventually, it’ll catch up to you.
Instead, think of security and access control as proactive measures. Build systems that anticipate threats, not just react to them. Don’t just monitor access points where you think problems might occur—expand your coverage to account for the unknown. Design your policies to scale as your system grows, and put auditability front and center so you’re ready when something goes wrong.
Proactivity isn’t just about protecting what you have—it’s about creating a foundation for growth. In Factorio, clearing out bugs allows you to expand your factory without constantly looking over your shoulder. In software, proactive access control lets you focus on scaling your system and building new features instead of constantly scrambling to patch vulnerabilities and put out fires.
Don’t wait for problems to come to you. Think ahead, plan for growth, and tackle potential threats before they escalate. Your future self—and your users—will thank you.
Lesson 4: The Power of Blueprints – Patterns That Scale
Blueprints in Factorio are a (literal) game-changer. They let you design a section of your factory— a perfectly optimized smelting area or a clean, scalable power grid—and reuse that design elsewhere with ease. Once you figure out a pattern that works, you don’t need to rebuild it every time. You can just copy, paste, and expand.
This concept translates directly into software development. While you’re not literally copy-pasting code (right? right?), the idea of identifying and reusing proven patterns is just as critical. It’s the foundation of scalable, maintainable systems.
Take access control, for example. At some point, you’ll encounter the same problems again and again: defining who can access what, enforcing fine-grained permissions, handling multi-tenancy, and supporting dynamic, real-time decisions. Instead of solving these issues by reinventing the wheel every time, you can apply established best practices and frameworks.
Adopting battle-tested patterns like attribute-based access control (ABAC) or relationship-based access control (ReBAC) and integrating them with the designated tools make scaling easy.
There’s still value in discovering solutions on your own—both in Factorio and in software. Solving a tricky puzzle from scratch can teach you a lot. But when the stakes are higher than just frustration, like in real-world software development, leveraging tried-and-true patterns can save time, effort, headaches, and your application's uptime.
Lesson 5: Planning for Imperfection – Build to Grow
You’ll never build the perfect factory. Moreover, it’s impossible to stop, analyze every possibility, and create an optimal system from the start. Instead, you’re forced to adapt, improve, and expand as you go—because the bugs don’t wait, and your factory can’t stop running.
You’re not going to build the perfect system on day one. And you shouldn’t try to. The key isn’t perfection; it’s planning for growth.
Think about it. In Factorio, you might start with coal power, basic assembly lines, and a few conveyor belts. It’s fine for the early game, but you know you’ll eventually need advanced materials, electricity, and more efficient designs, which will end up replacing the simpler tools you have now. The smart thing to do is set yourself up for that transition—leave space for expansion, use modular designs, and plan for the future.
Software works the same way. Early on, you might rely on quick solutions, but if you don’t plan for the point where those solutions won’t work anymore, you’ll find yourself stuck—and the cost of fixing it later will be far higher than doing it right from the start.
This definitely doesn’t mean you need to over-engineer everything from the beginning. It means building with flexibility in mind. Decouple your access control logic from your application, use tools and frameworks that let you scale without rebuilding everything, and design policies that can handle evolving requirements.
Perfect isn’t the goal—progress is. Build systems that can grow and improve over time, and don’t let the pursuit of "good enough for now" or "the ideal solution" stop you from striking the right balance.
Build, Scale, and Keep the Bugs Out
Factorio might just be a game, but it’s packed with lessons that translate directly to software development—especially when it comes to access control. Whether you’re defending against external threats, managing internal chaos, or planning for growth, the principles of scalability, proactivity, and reusability can save you from a lot of headaches down the line.
The game is a great tool that teaches us to build for the future, not just for today.
Start small, plan ahead, and use the tools and patterns that will help you scale. And when you do make mistakes—because you will—learn from them and improve.
Have you ever drawn lessons from Factorio (or another game) in your work? Leave a comment below, and share this with a fellow engineer.
Let’s keep building—and hopefully, keep the bugs (space or otherwise) out.
You forgot about all the new planets being competition and the new hotness that lures you to a new job with different infra that needs Senior designers to quickly implement that same security and access.