Comment No to local PC, Yes to production servers (Score 1) 605
At my last position I was at a local market level. The local market had its own IT team with security policies given to them by a division team. Division got its policies from corporate. Sometimes things were altered to suit the divison or local market, too.
When working there, I had full admin rights to production servers, but not to the PC from which I worked. This was stressful as I was forced to develop in the production environment. It was also ironic that I had admin rights to these servers but not my PC. It was because IT did not have the training or time to admin the servers (SQL and SharePoint). I did my best to have the local IT team install software after software to enable development from my PC as best as possible. After about 9 months on the job, I obtained a development server that I could work from via remote desktop. By then, I had already developed processes to develop from the production server. Also, the development box was SLOW and annoying to use (an old Pentium III box...).
This all seems a bit backwards and it took some adjustment, but it worked. I became a hero for being able to manage these servers as well as develop new tools for the local market. I got along very well with the IT department and they were very competent and helpful which made working with them easier. I would have appreciated local admin rights, but the local IT manager was not able to bend the rules for anyone without getting in trouble if audited by division.
I am working at the same company at the corporate level after moving up from the local market level. At corporate I have full admin rights to both a desktop and laptop for development. I do not have admin (root) access to development and production servers though. We have a sysadmin team dedicated to protecting our servers from ourselves. Change request procedures ensure the environments are modified properly. For PC support, We have a local IT team that reports to the division office as I sit a thousand of miles from actual HQ.
There have been times where admin rights (root) to servers would be nice, but we have 10+ developers relying on that server to be available for work/testing/etc. So, I can understand why the servers must be managed by an SA team. Change requests are simple and usually accomplished in a fair amount of time. For times I absolutely need root access to try out new things, I just build Virtual Machines on my desktop and try before I place a CR for the dev servers. Production CR's are much more strict and those servers never have compiling tools to restrict local users from building binaries that could break things.