November 19, 2014 at 10:21 pm
All,
I'd like to find out whether or not people grant VIEW DEFINITION to their developers in UAT and PROD environments. My view is that a developer shouldn't be able to touch a PROD environment at all (we also include UAT as PROD), and any issue in a production environment should be investigated by a DBA and escalated to the dev if necessary.
I'd be interested to get peoples thoughts on this. Also if there are any gotchas when granting this permission.
Thanks!
November 19, 2014 at 10:46 pm
It should be based on the business rules and security standards required in your environment. When I contracted with the military, absolutely no developer login could be found in production.
In public sector I do not thing there is any reason to give a developer access to production, however that is rare since some developers contain multiple hats of application admin as well. If your environment does not mix multiple hats in that manner then by all means revoke production access.
With UAT, however, I do not see any issue with giving developers limited access to object definitions. In user testing there may be things that can only be reproduced in that environment. If I am busy and have to get involved every time there is an issue, that can get to be a headache quickly. Allowing limited access so a developer can get involved on their own time may prove to be more efficient use of time in some shops, others maybe not. I for one do not have any issue with it, as long as there are some checks in place (monitoring, alerting, etc.).
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply