udev + logind + uaccess can grant users access to /dev devices while they are logged in by adding user ACL to devices when they are logged in.
udev tags devices with
uaccess tag. logind sees uaccess tag and gives logged-in users access to the tagged /dev devices.
This can be convenient and perhaps securer because users don't have to add themselves to supplementary groups.