Do you know how to educate your developers?

To ensure that developers have a clear understanding of how permissions are granted, it's important to educate them on the process.

User sends an email with a task to grant access to a resource and SysAdmins grant it. A developer wouldn't know how a SysAdmin granted the permission.

2024 03 05 16 34 15 — Bad Example - Issac wouldn't how he was added to GitHub

As a SysAdmin, call a developer on Teams and share the screen to show how you would grant permission to a resource. Warn them before calling as per Calling - Do you warn then call?

Steps to effectively educate your developers

Start by explaining the importance of granting permissions correctly and securely.
Show developers how to navigate to the appropriate access control section in the relevant platform (e.g., Azure, AWS, SharePoint).
Demonstrate how to select the specific resource or application for which permissions need to be granted.
Emphasize the principle of least privilege and guide developers on granting only the necessary permissions.
Provide examples of common scenarios where specific permissions are required and explain how to grant them.
Encourage developers to ask questions and seek clarification during the process.