Well, let me interject and say that allowing developers direct access to production resources is a Very Bad Practice, whether you're doing it the DevOps way or no.
I have spent most of my career having the ability to do things that average devlopers aren't allowed to do. I spent over half a decade in the OS Support Group for a major mainframe system. My first rule has always been to never give myself permission to do anything I don't want to get yelled at when it gets damaged or hacked. And by "permission", I don't mean self-discipline I mean hard constraints like security system rules.
When I build a webapp, there are no references to production files or databases coded into the app, They're all externally injected as part of the deployment process. And while I also set up the deployment process, that doesn't mean that I actually deploy production. That's handed off to the properly authorized person or department in the Operations staff. Because there are no internal changes, however, if a production system goes down, I can often diagnose without access to the production code or data because the exact same WAR file is used for development,
testing, and production with only the files and databases swapped out; again, via external configuration, not changes to the WAR. There are always harmless test versions of the files and databases for the development and support side so that access is not generally needed to production. I don't need to know secure data and I can't be blamed if it gets damaged.
I aid and abet this process by putting lots of logging code into the apps with appropriate log levels, so that if things do go sour, we can turn on fine-grained tracking to get a better view of the fault. Writing "anti-bugging" code into the app helps as well.
Of course, sometimes all that isn't enough. As I said, I'm generally entrusted to be able to walk into the computer room and lay hands on directly. But it's a last resort and as much as possible, I get things done through the operations staff. I don't hack the database if I can submit a request to the DBA, I don't jam in an experimental WAR without sysadmin support (including fallback processes).
One reason sysadmins like me is because I don't just throw loose code and vague instructions at them, I provide a complete standardized installation process that makes their job easier. That is in large part what DevOps is geared towards for everyone.