Dear community

I have been trying to understand the login in ACL however it is still unclear to me. My setup is security firewall which does not have internet access, all I need is explicitly allow minimum traffic, only what is needed needed.

A sample of my rules looks like this (ASA code 9.8):

access-list dev_access_in extended permit tcp object sysadmin object dev eq ssh
access-list dev_access_in extended deny ip any any
access-list dev_access_out extended permit tcp object dev object sysadmin eq 8086 (influxdb port)
access-list dev_access_out extended deny ip any any
access-list prod_access_in extended permit tcp object sysadmin object dev eq ssh
access-list prod_access_in extended deny ip any any
access-list prod_access_out extended permit tcp object dev object sysadmin eq 8086 (influxdb port)
access-list prod_access_out extended deny ip any any
access-list sysadmin_access_in extended permit tcp object dev object sysadmin eq 8086
access-list sysadmin_access_in extended permit tcp object prod object sysadmin eq 8086
access-list sysadmin_access_in extended deny ip any any
access-list sysadmin_access_out extended permit tcp object sysadmin object dev eq ssh
access-list sysadmin_access_out extended permit tcp object sysadmin object prod eq ssh
access-list sysadmin_access_out extended deny ip any any

i will omit all the access-group settings here, will only show one example:

access-group sysadmin_access_out in interface sysadmin
access-group sysadmin_access_in out interface sysadmin

My example works perfectly, I can explicitly and clearly allow and disallow traffic, however there is a lot of duplicate rules.

Looking at other examples I found online and in my infrastructure, those rules are different and look simpler. I had an impression that Cisco device would be clever and if you tell it once, it will work out itself how to deliver the allowed traffic. Am I doing something bizarre with these ACL rules?