Normally there are dev, uat and production env.
In dev, there are lot more developers have access. If a developer want to secure his objects, he can simply put them into groups and manage them. I understand it is not very convenient.
For UAT, admin should manage all the objects migrated. The same applies to production.
Please post this question to peopletools forum.
Dev box : if we open a def group and try opening field/record type definitions its takes around 5 mins in a large customised applications .Which is very unfeasible to manage every time a new object is created at multiple times a day frequency .
Prod Instance : Above issue applies to this . Also, in usual circumstances , developers have read only access to all objects . developements keep on happening and there are so many developers working in any organisation .so its not feasible to open the def groups and add the left out objects every time a migration is sent .Apart from this, if a developer fails to report of his newly created objects, admin needs to check all the 27 objects type after certain interval to make sure no objects are left out .
What i wish, if the first rule is avoided, in prod boxes we can make use of **All Definitions** reference [i understand its no definition group] and grant display access to everyone else and full access to admins .. and we are done for ever ...never need to intervene in this