When it comes to access, a recent trend observed is having a self-serve tooling platforms for engineering and non-tech teams. This is to facilitate debugging during production issues, run background jobs or sometimes take a database backup by the said teams themselves and/or compliment the SRE teams.
Now, IAM - Identity Access Management was spawned with similar problem statements in mind and apparently proves useful. But while managing its infrastructure at scale (think of orgs with 250+ people across development, product, data-science, design etc..), it can be a constant hassle. This not only slows down genuine feature building but can cause friction among teams if there's too little or too much process around it.
While most people are careful with their privilege when it comes to production but it's only a matter of time before one right command on the wrong environment (unintentional or not) can cause all sorts of panic, ad-hoc debugging and restoration to fix arising outages.
There are concepts like least privilege, single sign-ons, SSH keys, and RBAC that are battle tested and newer ones like Zerotrust that might end up creating more problems than they solve, if used incorrectly. On the other hand, denying access proves to be counter productive since teams need to rely on others to get vital information they could've obtained themselves.
Therefore the million dollar question that comes up is:
How do you think Dev/Design/Product Teams should access the Infrastructure?