Production Access Denied! Who caused this rule anyways?

One of the biggest challenges for developers is getting access to production servers. In smaller dev teams of 5 or less people everyone usually has access. Then you hire developer #6, he messes something up in production... and now nobody has access. That is how it always starts. Just about every rule in life gets created this way. One person messes it up for the rest of us. Rules are then put in place to try and prevent it from happening again.

!

Breaking the rules is in our nature. In this example it is for good cause and a necessity to support our applications and troubleshoot problems as they arise. So how do developers typically break the rules? Some create their own method to collect log files off servers so they can see them. Expensive log management programs can collect log files, but log files alone are not enough. Centralizing where important errors are logged to is common. 

Some lucky developers are given production server access by the IT operations team out of necessity. Wait. That's not fair to all developers and knowingly breaks the company rule!  When customers complain or the system is down, the rules go out the window. Commonly lead developers get production access because they are ultimately responsible for supporting the application and may be the only person who knows how to fix it. 

Production database access is also important for solving application problems, but presents a lot of risk if developers are given access. They could see data they shouldn't.  They could write queries on accident to update data, delete data, or merely select every record from every table and bring your database to its knees. Since most of the application we create are data driven, it can be very difficult to track down application bugs without access to the production databases.

Besides it being against the rule, why don't all developers have access? Most of the time it comes down to security, change of control, lack of training, and other valid reasons. Developers have been known to tinker with different settings to try and solve a problem and in the process forget what they changed and made the problem worse. So it is a double edge sword. Don't give them access and fixing bugs is more difficult, or give them access and risk having more bugs or major outages being created!

At your company who caused this rule to be put in place? How do you get around it?

Matt Watson

Founder, CEO

Agile Support for Agile Developers

Matt Watson

Matt Watson

CEO of Full Scale, 4x Founder, Author of Product Driven

Matt Watson is a serial software entrepreneur based in Kansas City and the founder and CEO of Full Scale, which helps companies build offshore development teams fast. He previously founded Stackify, a developer-tools startup, and was an early CTO at VinSolutions. He's the author of Product Driven and hosts the Startup Hustle podcast.

LinkedInXTikTokWikipedia

New on Geeks with Blogs