Comment by carlhjerpe

> It is my experience that many people do not realize that it is possible not to have developers just connect to prod databases with admin privs.

Dismissive, everyone knows this but they probably can't be arsed/don't care

> Pointing out that there comes a point where this sort of approach isn’t the norm is part of how people who reach that level of scale learn that. https://xkcd.com/1053/

Not everyone has these ambitions

> And that level of concern isn’t reserved for planet-scale - once you have a couple of million dollar contracts on your B2B SaaS platform you should be taking production data ops seriously enough that this sort of approach is unlikely to make sense.

Sure, but you're talking about "seriousness" with the same dismissive "I'm better" tone here again, your usecase and the business you work for doesn't reflect what everyone else is doing

> And I shouldn’t need to say that user privacy ought to be a concern even for small operations.

Depends a lot on what PII you're collecting. But rather than stating "You shouldn't collect PII you don't need" since I don't know your usecase I'll say "I try to minimize the PII I collect so I don't have to deal with these issues yet".