Anyone having this issue about people asking for a written policy?

The company I work for is a "grown up startup", which means we reached a size and complexity to have to standardise our environment and set up some rules to make sure the company's data is secure etc., stuff I don't think I need to explain you guys.

Users still are in the olden days, where it was wild west and everyone pretty much could set up their devices, use tools, and generally do whatever. We mostly have developers with admin rights on MacBook's anyway.

Every time I use the good old "it's policy to use this" or "you are not allowed to do it, it's against policy" they ask to see the written policy.I don't have written policies; I also don't see the need to write down in some corner of our knowledge base that "you are not allowed to be an idiot". And what would that even change anyway?

I am this close to create a space in there called "POLICIES!!!" where, whenever someone asks for some shit and then ask for a policy, I create a specific policy which just says "UserXY is now allowed to do StupidThingYX - signed: IT"

Am I wrong in this? Do you have written policies for basically everything a user could come up with?

EDIT: I see that I wrote this a little bit unclear, we do have written Policies in place, but they are broad and as one user below said use "you are allowed the approved hardware in the approved config" style language. That doesn't stop people from saying these don't apply to the specific case they have (e.g. running Linux on Mac, "Mac's are allowed, Linux is allowed, I want Linux on Mac!, and that I don't have written in a policy)