[Torgo]

I don't know how to fulfill this that makes every auditor happy, but so far what we're doing is, we have a restricted-access role on the db that denies access to certain sensitive tables, create a time-restricted temporary user for the developer, and then give them access to the read-replica.

[orf]

This sounds like the right approach, and it’s similar to other companies I’ve worked at. The time limited nature is nice and presumably there is a audit log of some kind tied to that.