How much access do you give BA/PM's?

Question

Where I work we have a little bit of a dilemma... I work on a small team developing an application for internal use. We recently just received a new PM to the project. She would like to have access to our database and our sourcecode (stored in svn). Our previous PM did not see a need, nor want, to have access to any of the things "in our sandbox".

Having said that, What is the proper amount of access to give a PM/BA? Is there a security breach of some kind with this? If you agree that the PM should have access to one or both, what kind of access?

I have thought on this for a bit and at first I did not want the PM/BA in my sandbox, but I have since went the other way in thinking what harm could it do? Am I incorrect?

Is this end a battle worth fighting?

Answer 1

Give her access. Make her check it out of source control and track her like anyone else. If she changes anything you'll have a history. If she makes suggestions about the implementation, it might help. If she's a bully and start ranting about the source code well... she probably would have found a way to do that anyway.

Answer 2

You will probably want to give read-only access. As managers tend to keep everything in their hands, they might change the code as they see fit, breaking your procedures for review/testing etc. Giving a read-only access would satisfy them if they only want to see what is being done/who is doing what.

Answer 3

It really depends on how much the PM knows about programming. Some PMs I work for I would feel completely comfortable giving them full access to SVN, read and commit privileges. Other PMs I would trust them with read privileges, although I don't think they would know what to do with the code when they saw it.

Answer 4

Give her full access, if she wants it. She's supposed to manage the project you are developing, and to do that efficiently, she might need to be able to look at any part of the project.

Of course, there's always danger that she might do something stupid or malicious. If you have as part of your process auditing of any changes, you'll be able to find out if she messes anything.

Answer 5

I've never hear of this being considered a problem or a security issue. In fact, after reading the question, I have some serious questions about what your last PM was doing! By all means, embrace the fact that you have an interested manager and give her at least read access so she can do a check out and see what it is her developers are working with.

Answer 6

It depends a lot on what specific responsibilities the PM has on the project. Will she be helping users with usage problems and troubleshooting? Helping with testing? Is there any reason why being able to explore the data would help her so her job?

I think read-only access to the db and no-commit access to the source isn't likely to be harmful, and if it makes her feel like she's more a part of the team and gets her engaged with the project, then it's all for the best. And it certainly won't do anything for your rapport with her if you refuse and she goes over your head and gets access anyway.

Answer 7

To address the concern about security, make sure you get a sign off from a higher-level manager if you're going to give the PM any access at all. If anything does go wrong, at least you can show you were following company policies (or were exempted from them by someone higher up).

As for access, the PM has no business making changes to the code so be firm on no write access. Even read access should not be necessary unless they're actually doing code reviews or something that would require them to see the code.