SysAdmin & Developer: Responsibilities [closed]
Solution 1:
I've found that in most cases, if YOU are the one responsible for the physical server its best to NOT give the devs root access.
This is a bit of a "holy war" debate as I'm sure you will find developers who disagree. I've personally been on both sides of that debate.
My MAIN reasoning for not giving the devs (even 100% trusted devs) root access is because more often than not there's some package they need in order to make XYZ work correctly. They go ahead and install it... or reconfigure something that is already in place so it works... or... well... you get the idea.
Months go by... the server needs to be reinstalled or recreated... and suddenly nobody knows why "It works on the old server but not the new one."
The answer of course is that the documentation you're looking at doesn't include all those little packages and tweaks that the developers did to make the system work the first time around.
It can be a pain in the a$$ for both sides... but if the sysadmin is responsible for the server, packages, and documentation... and the developer is responsible for the development and software... I think you'll find it was worth it in the end.
If the developer needs a custom plugin, module, configuration, tweak... no problem... do it for them... but DOCUMENT IT so you can reproduce it next time.
Solution 2:
Golden Rule: Don't let non-admins touch anything you don't want broken and for which you will be held responsible.
Devs should have access to a test environment. Once their work is ready to be put onto the production machine it should be handed over to the sys admin. If the devs have done their job and properly documented the procedure all will go well. If not, they need their backsides kicked for not adequately testing.
Solution 3:
I've been in this battle as well. My answer is that whomever is responsible for the uptime of the server is the one who should be responsible for all updates, changes, etc., etc. Nobodoy else should have the ability to perform these types of functions on the server. If it's your job to make sure the server is up and running and if the boss holds you accountable and responsible for the server then it's your responsibility to maintain and secure it.
Most developers are going to tell you that they need admin level access to the server and most of them are going to disagree with me, but I'm the one who has to reboot it at 2AM when it hangs up, has to rebuild it after a failed update, the downtime is charged against my department, etc., etc. I have to answer to the CIO for anything that impacts our SLA, so therefore I'm the only one who gets admin level access to the server and I'm responsible for all components, updates, changes, etc.