If your company is obligated to follow regulations like those set forth in something like PCI standards, then devs will certainly not have access to production.
Otherwise, good practice could be to have everything automated in the production env...whatever you're doing on production, make it as scripted/automated as possible. That way, you're forced to examine your processes ahead of time.
Otherwise, good practice could be to have everything automated in the production env...whatever you're doing on production, make it as scripted/automated as possible. That way, you're forced to examine your processes ahead of time.