[catchnear4321]

Wait wait hang on… I’m confused. I was with you on the “everyone has prod access” but then you went and qualified it with teams owning slivers of something or other.

That doesn’t sound like full access to production.

I bet they didn’t even have cloud console admin.

[giaour]

No one has access to literally everything. I work for a cloud provider with hundreds of products, tens of regions, and multiple isolated "clouds"; the "full access to production" you allude to only exists at companies too new to have developed formal access policies and too small to have gotten the attention of regulators.

Each team that owns a service has access to the prod environment(s) for said service (including the cloud console, a shell on a prod machine with admin privileges, etc) provided they get peer approval for the access they need.