## Problem Developers ship a default access policy and users can customize it. At some point later developers will need to adjust the default policy, but this should only happen if a user has not already customized it. Right now it would be difficult to determine if the user customized it or not. ## Solution Add a field to AccessPolicy called `modified` which defaults to False. Any user change to the policy will set this to True.