In your example, I am not saying you need to give the dev access to prod. But you should be working with the dev to figure out why he needs access to prod and figuring out what needs to happen to make the end goal happen. Getting read/write access to prod isn't the end goal, the dev is trying to accomplish something and they see direct access to prod as the solution.
My point wasn't that lawyers/security/IT/whatever shouldn't do their job. It's that their perspective should be focused on helping the company achieve whatever it's trying to do.
My point wasn't that lawyers/security/IT/whatever shouldn't do their job. It's that their perspective should be focused on helping the company achieve whatever it's trying to do.