Infrastructure took away our read access in S3 to data that we own and our ability to manually delete/upload to S3 in that prefix (which we own). Without waiting for us to confirm that we have alternative means to read and change what is in there. And I had no warning about this, so here I am doing a midnight mod on an existing solution of mine in hopes that I can finish it before tomorrow morning for some legal reporting deadline.

Things would be so much easier if the infrastructure team let the emergency support role have those permissions for emergencies like this, but they didn't. I guess "least privilege" means "most time spent trying to accomplish the most trivial of things, like changing a file".

Least privilege is the most overrated rule in security. Sure it's good as one of your principles, but if you do nothing but eliminate privilege wherever you feel like it's unnecessary all you'll achieve is

- incapacitate your organization

- make everyone hate infosec

- normalise sending your password in email whenever someone asks for it because that's how workers deal with needing urgent access to something beyond their assigned privileges.

A correct approach would be to

- never close a gate before asking everyone involved (like how admin works since the dawn of time)

- Always state the reason for a change. If there's an intended alternative route, make sure everyone involved knows about it

- Make changes in the morning, watch out for any complaints

- grant new privileges to technical staff after minimal verification, refine or question them on alternative routes they should have used later. You do NOT want people to get creative

- Make sure that at any point in time there is someone on call for every privilege on every resource. This is especially true for hours when none of your company's offices are open

- In idle times, identify and gradually revoke privileges that the owner doesn't or shouldn't use

See there's your problem. You're doing something which shouldn't be your job, outside of working hours, because of something someone else broke. You should've just send them an email stating you need access / should've been notified of the change ahead of time, cc the relevant supervisor, and log off. It's their poor planning and management that caused the problem, let them solve it on their own.

@hitko I agree that's what should happen. But oftentimes, if users try to use a sink and no water comes out, they blame the water company even if it was some fucking teenager who closed the main valve. (true story)
So, yeah, I understand @homomorphicanus ' sad midnight oil burnout.

Fail the legal deadline. Then spend two weeks explaining what happened. That is the way it works.
No need to work in the middle of the night.

@JsonBoa So? If the water company sends someone over to fix it, they'll just call them next time their sink is broken. You can't expect users to stop doing dumb shit as long as it keeps working for them.

@magicMirror yup this. Now with the misstep of working late to get it done, OP can also say that they tried to get it done but passed out from exhaustion and weren't able to meet the deadline.

But yea OP, fail the deadline, make sure to CYA and don't do it again unless it's literally a life threatening kind of situation. I feel like this makes me sound like a dick but you have to hold the infrastructure team accountable for their work and this is an overstep. If the company wants to let them lock down everything to the point where you can't do your job then that's fine - just don't let it destroy your life outside of work and enjoy the fireworks (provide you've completed the CYA needed to protect yourself).

The nice word is escalation.

If you can't do a task, escalate to the appropriate people

Stop working or else the assumption is that you can work _just_ fine.

By still working you just achieve giving proof that the permission are not needed at all.