A Developer Needs Prod Access. How You Handle It Says Everything.
A developer just submitted a request for read access to the production database. They say it is urgent: a customer is reporting an issue and they need to debug it. Your current role model does not include production database access for engineers. What do you do?
This is the kind of question that separates IAM (Identity and Access Management) candidates who think about access control as a ticket-routing problem from those who understand it as an ongoing negotiation between security, operations, and the business. The second group gets the offers.
The wrong instinct
The procedural answer is: check with their manager, assign the closest role or create a custom permission, and add a note to the ticket. This is the path of least resistance, and it is how access control erodes over time.
Custom roles accumulate. "Temporary" permissions become permanent when nobody revokes them. One exception becomes the precedent for the next hundred requests. An IAM professional who just fulfills requests without analyzing them is not doing identity management. They are doing order processing.
Working through the scenario
Here is how a strong candidate talks through that production database request:
Scope before granting. "Read access to a production database" is broad. If the developer is debugging a customer issue, they probably need specific tables or records, not the entire database. The first question is: what are you actually trying to see?
Just-in-time over standing access. For a one-time debug session, temporary access scoped to the relevant tables, tied to the incident ticket, with a four-hour window is better than a standing permission. The developer gets what they need. The access does not persist into the next audit review.
Treat the exception as a signal. If senior engineers regularly need production database access to support customers, that is a pattern. Either the break-glass process is too slow, or there is a missing role that should be formalized. Solving the individual request without addressing the pattern means you will handle the same request next week.
Document everything. What was granted, why, the ticket reference, the expiration. If this shows up in an audit or during an incident investigation, you want to explain it in thirty seconds.
This approach demonstrates the thinking IAM interviewers are looking for: scope, time-bound access, pattern recognition, and auditability.
The broader IAM design principles
That single scenario touches on principles that apply to every IAM architecture question:
The identity lifecycle. Joiners, movers, leavers. Access needs to be provisioned on hire, updated on role change, and revoked on departure. Gaps in any stage create orphaned accounts and privilege accumulation. A common audit finding: a significant share of active accounts belong to people who have already left. Every one of those accounts is a potential entry point.
Roles based on function, not org chart. A team name is not a role. Two people in the same department may have completely different access needs. Roles that track org structure create over-permissioning by default.
Separated privileges. Admin accounts should not be used for everyday work. Privileged access management, break-glass accounts, and just-in-time elevation all serve the principle that high-risk access should only exist when actively needed. This connects directly to how cloud security teams think about IAM.
Automated access reviews. Access that is not reviewed accumulates. Manager attestation helps but is not enough on its own: approvals tend to rubber-stamp colleagues without deep scrutiny. Automated controls, entitlement analytics, and anomaly detection fill the gap that periodic reviews miss.
Auditability as a first-class requirement. Who has access to what, when did they get it, who approved it, when was it last reviewed? If you cannot answer these quickly during an incident, your IAM program has a gap.
Common IAM interview traps
"The closest role" trap. Over-permissioning is how least privilege fails in practice. Assigning the closest available role without questioning scope is the default answer. It is also the wrong one.
The "temporary access" trap. Temporary access that depends on someone remembering to revoke it is not temporary. Strong candidates propose automated expiration built into the request workflow, not a calendar reminder.
The "just this once" trap. Recurring exceptions signal a design gap. If you are handling the same non-standard request repeatedly, the answer is not better exception handling. It is a better role model: formalize the access pattern or fix the process that keeps generating the exception.
The usability trap. Security controls that create too much friction get bypassed. Shared accounts, exported credentials, shadow IT: these are symptoms of an IAM process that is too slow or too rigid. Strong candidates acknowledge this tension and design around it.
IAM questions on MyKareer test how you balance security with business needs. Try a session.