This is silly. The answer here us, "it depends". For example, if you have sensitive data in a production environment, maybe you don't want developers to have access to the environment regardless of the size of the organization. For smaller, less mature apps, having a full blown IT managed server might be overkill and get in the way. In my previous life as a consultant at Kaiser, we had both situations which was entirely appropriate.
This is what I'm experiencing. As in application team, I'm supporting a reporting app whose users are CO or D. I have zero access to the production app, to the server, and to the data. Reason given was because of the data sensitivity.
But realistically, the test data comes from production data, so what is the conclusion there?
I'm having hard time to ensure if the data is correctly processed every month, since I have no access at all.
Note: the app was done by other people and was handed over to my team.
There are commercial solutions that can pull data from Oracle and massage it for full testing capabilities.. (As in - replace this users name with a generated name, replace this address with a generated address, replace this CC with a generated/valid-format cc).
That might be an option if you can't get at any decent test data?
