Access to the Production Systems for non sys-admins

What's your opinion on access to the Production or Live Systems by non sys-admins?

Do you think this access should be provided with nominal usernames?

Do you think access to the log files or the databases should be allowed?

Solution 1:

Apply the Principle of Least Privilege. If they need access to do the job, you give them the access. But you only give the access they need. If they don't need access to do the job, you don't give it to them.

This doesn't just protect the person (can't be accused of overstepping his/her bounds), but also protects the organization, should the user's account be compromised.

As to why they shouldn't be given such access...

A sad tale of mis-steps and corruption (from today)

Solution 2:

I agree with the above but I would like to add that shared user accounts are not a good idea at all. You cannot track down who did what in the logs, and you cannot control who shares what passwords with who.

Configure a group with specific access control, and give each non-admin who needs access to the systems their own account, with only the access they need to do their jobs.

Solution 3:

From a DBA standpoint, access to production systems for users should be strictly limited, and this includes developers. Users should only be able to see the data they need and this would ideally be provided via views, not direct access to tables.

Developers, likewise, should be able to see the data in production, but not alter any tables. Any changes should be done in test (or dev) first, then scripted and ran on production by the DBA.

Solution 4:

The heuristic is pretty simple:

Do they get fired if the screw up the system?

Do you?

If the answers are "no" and "yes", the way they are in most organizations, then the answer is clear.