Continuous Deployment to Production

  • CD is a great engineering practice where code is pushed through Production multiple times a day, which is entirely automated. This ensures, only Pipeline can deploy the code and Humans have very fewer access rights in higher environments. Needless to say, the changes are small, blast radius is limited, automation is the key and there are processes implemented around Pull Request to learn from team and inherently avoid malicious intents.
    In this case, is it ok for Developer to have read only access to production, esp for Infrastructure checks, looking at logs while a look at data will still need a break glass access which is monitored.
    Two questions:

    1. If we are automating the release teams task, what the implications from SOX compliance
    2. Developer has RO access (-data read) in production, and break glass (fire id) on demand

Log in to reply