Some 90% of my Linux experience is on servers where I have root or root-equivalent access (i.e. I can sudo anything). In those cases, ‘what can I run under sudo’ was never a question. And I’d use something like “sudo less /etc/sudoers” to inspect what someone else was able to run when they questioned their access. In my new position, we have a lot of servers that we own too — the Engineering IT support group lets us spin up our own VMs, do whatever we want (within reason). But we have a few IT-managed servers with very restricted rights. And the commands I would use to perform functions (think systemctl restart httpd) aren’t in my sudoers access list. Luckily you can list out what you can run under sudo:
$ sudo -l [sudo] password for useraccount: Matching Defaults entries for useraccount on this host: syslog=auth, loglinelen=0, syslog_goodpri=info, syslog_badpri=err, logfile=/var/log/sudo.log User useraccount may run the following commands on this host: (ALL) /opt/lampp/lampp start, (ALL) /opt/lampp/lampp stop, (ALL) /opt/lampp/lampp restart, (ALL) /usr/sbin/apachectl
And that is how I know to use apachectl instead of systemctl.