Should developers have access to production?
DevOps requires the development and operations teams to collaborate, sharing responsibility for designing, implementing, and maintaining systems.
This suggests, then, that developers need some level of access to production. But, unless you’re the developer, this is an unpopular idea.
So, should developers have access to production? Here’s a closer look at the debate.
Should developers have access to production? No.
The common reaction to the question ‘should developers have access to production’ is a resounding no from anyone other than developers.
First, there’s the argument that allowing developers access to production is simply too chaotic. (Particularly with large development teams and large companies.)
Developers potentially making changes as and when they please can make the software in question much harder to manage. They may implement things that break ops processes they’re unfamiliar with, for instance.
Plus, it can hurt developer productivity. When developers have access to production, it’s suggested that they’ll end up spending more time fighting fires than developing the next quality upgrade.
In other words, too many cooks spoil the broth — and adding developers to the production environment spoils it.
When developers don’t have access to production, it creates better stability for the product. It’s not being changed all the time; it’s not confusing those managing production that get left out of the loop. Everything runs just that bit smoother.
Another reason to say that developers should not have access to production is to do with concerns around privacy and data protection regulations. If any such legislation applies to the product — particularly those that enforce need-to-know access rights and the separation of duties — then allowing developers access to production may represent a breach.
Should developers have access to production? Yes.
On the other side of the coin, are there any reasons why developers should be able to access production?
The whole idea of giving production access to developers relates to the DevOps working culture. How can developers collaborate with operations without (at least some) access to production?
Developers should have access to production so that it’s easier for them to help with implementation and maintenance. That is, they can fix any bugs found, they can help with integration, and so on.
If something goes really wrong, it’s going to be super helpful to have a developer on hand to help put out the fire.
And besides, if developers can’t access production, is it really a DevOps culture? Development and operations remain siloed.
To what extent should developers have access to production?
With saying ‘yes’ to giving developers production access, then follows the question: to what extent should developers have access to production?
Here lies the opportunity to create a compromise.
Most people can recognise the need for developers to help — it’s the thinking behind DevOps, after all. It allows and encourages developers to take ownership of their work on a larger scale if they are partially responsible for maintaining and running it.
Good practice, then, is to give developers some access to production. Here, you also need clear guidelines and a collaborative approach with operations whenever this access is used.
This first removes the worries of chaos and confusion. But it also keeps development and operations as clear departments, but collaborative. (As is the expectation of a DevOps approach.)
Should developers have access to production? Maybe.
There’s no one right answer to the developer production access problem. Whether developers should have access to production or not depends on a host of factors.
It depends on the company size. It depends on why you want to give them access, and on how much access they’re given. And it depends on what, if any, privacy regulations are involved —and what they allow.
The answer to the question ‘should developers have access to production’ varies based on company and context.
Most developers will probably say yes. Most of the operations team will likely say no. It’s harder to do without causing chaos in bigger companies or with larger teams. And the extent of the access in question plays a huge role.
So, should developers have access to production? Sometimes.
Useful links
Privilege creep: do you really need access? A message from your IT team
