As one of the devops/sysadmin types, if we give access to prod data to preprod systems, they are now in audit scope and you have to harden them or we lose our insurance and compliance certs.
Obviously the solution is to build some system where everything works out, but it’s not as easy as “just give root to devs”.
Yup. Regulatory and audit requirements are a motherfucker.
Also, I don’t mean to speak down to devs, but as a rule of thumb you tend to think far higher of your skills just because you know the building blocks. Being able to build a boat doesn’t mean you know how to sail.
I know multiple people who are prodigous developers but know jack shit about basic computer usage and security. People who had to be guided to the control panel in Windows. Yes, even after they added the search bar. People hired to work in an exclusively Windows enterprise environment.
Now add that amount of potential that lack of basic operational skill carries for fucking things up to the least competent (or at minimum the least careful) co-worker on your dev team.
You (any dev reading this) as an individual would probably never fuck up that badly. You (any dev reading this) would probably do everything right, correct, and wouldn’t cause problems with root. But the rules aren’t written to protect against the competent, or against people never making mistakes.
As one of the devops/sysadmin types, if we give access to prod data to preprod systems, they are now in audit scope and you have to harden them or we lose our insurance and compliance certs.
Obviously the solution is to build some system where everything works out, but it’s not as easy as “just give root to devs”.
Yup. Regulatory and audit requirements are a motherfucker.
Also, I don’t mean to speak down to devs, but as a rule of thumb you tend to think far higher of your skills just because you know the building blocks. Being able to build a boat doesn’t mean you know how to sail.
I know multiple people who are prodigous developers but know jack shit about basic computer usage and security. People who had to be guided to the control panel in Windows. Yes, even after they added the search bar. People hired to work in an exclusively Windows enterprise environment.
Now add that amount of potential that lack of basic operational skill carries for fucking things up to the least competent (or at minimum the least careful) co-worker on your dev team.
You (any dev reading this) as an individual would probably never fuck up that badly. You (any dev reading this) would probably do everything right, correct, and wouldn’t cause problems with root. But the rules aren’t written to protect against the competent, or against people never making mistakes.