I am curious to find out what other organizations are doing as to developer access to sysadm in production. Such as using a database account created like sysadm that can be checked out for use and locked when not in use? or ?
Developers usually have full acces to the database only in a Development environment.
Acces to test and acceptence environments are somtimes readonly (usually none), this can be accomplished by creating a seperate database user that only has read acces to the SYSADM schema via synoniems.
Developer acces to database on production is a big NONO. This is also contrary to legal security legislation for example SOX.
System administrators and/or DBA are the only ones that should know the password voor SYSADM user.