Why not simply work on virtual machines? Then you know they are clean and you can have all the rights you want and still have comply with company rules.
Ok, so a virtual machine can be created on the fly with a few mouse clicks (and blown away just as easily), but I guess I don't see your point? Virtual Machine or not, you still have an OS to administer and apply your operating/security guidelines to. And if you have a stream-lined IT shop, then maybe the distance to walk to go power on the physical server might be the only deterrent.
In a lot of environments, setting up a good seperation is simply to costly in time, so you either end up with dev's with not enough rights to do their job or to many where they can endanger systems they shouldn't.
Totally Agreed. It seems like in any development environment I've had to set up for Project XYZ or Prototype ABC, the separation and security needs to be there, but it seems it's always a rush job and Manager John Doe wanted it done "yesterday" when you found out about it "today". If you get development environments without the permission(s) to do their job, then you need a better SysAdmin or at least one with a better clue.
So it should not be needed to have local admin rights, but then the sysadmins got a hell of a job to setup everything so that it is not needed. Most sysadmins simply ain't capable of that, or if they are, are not given the time.
You hit the nail on the head. A lot of sysadmin's I've come across really lack a good wide-range of knowledge in areas they are getting paid to support and in turn, the Lone Ranger SysAdmin, who actually knows his stuff, gets stuck with it all. If you're organized, then it's just your time that gets stretched and your plate gets bigger. I know SysAdmin's can be way egotistical but I take a different approach and have a really good working relationship with my development team(s). I learn off them (e.g. new web technologies or the programming-language-of-the-day) and they learn from me (e.g. we got it set up, but now let's secure it, lock it down, establish user/group policies and get you access to what you need). It's almost impossible to know everything anymore and specialty positions are dwindling bigtime in the IT industry. If you're not a Jack-of-all-trades with a good head on your shoulders, then you're more able to sink quicker than swim anywhere anymore.
It seems that more and more mathematicians are using a new, high level language named "research student".