Do you know how to educate your developers?

To ensure that developers have a clear understanding of how permissions are granted, it's important to educate them on the process.

User sends an email with a task to grant access to a resource and SysAdmins grant it. A developer wouldn't know how a SysAdmin granted the permission.

❌ Figure: Bad Example - Issac wouldn't how he was added to GitHub

As a SysAdmin, call a developer on Teams and share the screen to show how you would grant permission to a resource. Warn them before calling as per Calling - Do you warn then call?

Steps to effectively educate your developers

• Start by explaining the importance of granting permissions correctly and securely.
• Show developers how to navigate to the appropriate access control section in the relevant platform (e.g., Azure, AWS, SharePoint).
• Demonstrate how to select the specific resource or application for which permissions need to be granted.
• Emphasize the principle of least privilege and guide developers on granting only the necessary permissions.
• Provide examples of common scenarios where specific permissions are required and explain how to grant them.
• Encourage developers to ask questions and seek clarification during the process.