DEV-002 critical Onboarding Documentation

Access requirements documented and pre-defined

All required access should be documented and requestable before day one. New devs shouldn't discover missing access mid-task.

Question to ask

"What access is a new dev still waiting on after week one?"

Pass criteria

  • Documented list of all required access
  • Clear owner or request process per item
  • Full access achievable within first day

Fail criteria

  • No access list
  • List incomplete or outdated
  • Access takes 2+ days
  • Regular surprise missing access

Related items

DEV-001 Onboarding checklist documented DEV-007 Access provisioning automated

Verification guide

Severity: Critical

New developers shouldn't discover missing access mid-task. All required access should be documented and requestable before day one.

Check automatically:

# Look for access list documentation
grep -riE "access|accounts|permissions|provisioning" docs/ --include="*.md" 2>/dev/null | grep -iE "new|onboard|developer|engineer"

# Look for access checklist or matrix
find . -maxdepth 4 -type f \( -name "*access*" -o -name "*permissions*" -o -name "*accounts*" \) -name "*.md" 2>/dev/null | grep -v node_modules

# Check for tools commonly needing access
grep -riE "github|gitlab|slack|aws|gcp|azure|sentry|datadog|vercel|netlify|linear|jira|notion|figma|1password|bitwarden|lastpass" docs/ --include="*.md" 2>/dev/null | head -20

Ask user:

  • "Is there a complete list of accounts/tools a new dev needs?"
  • "Who requests access - new dev, manager, or automated?"
  • "How long until a new dev has full access?" (hours vs days)
  • "When did someone last discover they were missing access mid-task?"

Common access categories to cover:

Category Examples
Code GitHub/GitLab, repo access levels
Cloud AWS, GCP, Azure console access
Monitoring Sentry, Datadog, LogRocket
Communication Slack, email lists
Project management Linear, Jira, Notion
Design Figma, design system
Secrets 1Password, Vault
Infrastructure Vercel, Netlify, Heroku

Pass criteria:

  • Documented list of all required access (repos, tools, services, environments)
  • Each item has clear owner or request process
  • Full access achievable within first day
  • Recently validated (no surprise missing access)

Fail criteria:

  • No list ("they discover what they need as they go")
  • List exists but incomplete or outdated
  • Access takes 2+ days, blocking productivity
  • New devs regularly discover missing access after day one

Cross-reference with:

  • DEV-001 (access list should be part of onboarding checklist)
  • DEV-007 (automation level for access provisioning)

Evidence to capture:

  • Location of access list
  • Tools/services covered (count and categories)
  • Request process per category
  • Typical time to full access

Section

39. Developer Onboarding

Compliance & Legal

← Previous

DEV-001

Onboarding checklist documented

 Next →

DEV-003

Architecture overview documented