Unless they use MDM to push a profile that authorizes a specific application/developer to access system resources without prompting the user. This is a common practice for deploying security applications - e.g. crowdstrike requires full-disc access and there’s a policy thats deployable via MDM to enable it automatically during the next beacon from a host.
Edit: as an example https://pickorchard.com/deploy-crowdstrike-with-jamf/