This is a solution oriented approach instead of a lazy ass covering approach which I think the GP was referring to. The job should be finding risks and then figuring out how to work around those risks. Very rarely are there no solutions, most of the time it is due to general laziness or in aptitude where someone can find risks but they do not find solutions.
In this particular example, often this isn't remotely feasible, either from a business logic standpoint (I can think of plenty of fintech examples), lack of qualified DBA/sysadmins, network admins, cloud cost constraints, methods and controls to ensure to auditors that devs cannot access production data - none of this is trivial, and often to the dev it seems "silly" they may need to wait a few hours for something they could technically access in a few minutes, but acting like these solutions have no tradeoffs or are always worth doing suggests a lack of knowledge as to how these things actually work in a business and on a development team. It certainly isn't always laziness, and I'd even say it's not laziness that often at all.