Why even read access?
Pete, September 10, 2016 - 2:50 am UTC
Why do developers even have read access to your production database? Many, if not all of the concerns you list can apply just as much to read access as to write access. I can think of a couple of reasons that they might need it, but every permission or capability you allow any user to have should be fully justified and not just nice to have. If their justification is valid and what they want can be done securely and without undue impact on performance, then help them get there. If the justification is weak or what is asked for is excessive or unsafe, then find an alternative approach or get management involved to formally accept the risk before doing anything.
Btw, I really like the idea of forcing them to use temporary tables...