[alex_young]

What about setting up a staging environment mirroring production?

Most security experts recommend restricting prod access away from your dev team because doing so alleviates risks from a compliance perspective, and prevents bugs and regressions from being introduced inadvertently.

I’m not providing links here because I do think it’s worth googling and discovering more of the nuanced points many others have made. Sure, you’ll find some shops that use another model, but for most use cases separate environments exist for a reason.

[Agingcoder]

In my experience ( as a developer) this doesn't work in practice, since mirroring an actual, complete bunch of production systems in a large company is a difficult task unto itself! More often than not, you end up with a staging environment as per the security guys recommendations, but which is unfortunately barely usable.

It also makes investigating difficult bugs extremely difficult (staging tends to be slightly different from prod, smaller as well, different hardware, network, etc) since you can't reproduce them, and your prod team can't help you much, since what you need is actual full box access to poke around.

I agree with you on the compliance point.