Why not have the archiving team process as a backgrond job using a system user ID with broader access. In our environment the archiving is done as a background job. Also, we've implement a process for users to assign emergeny access for a period of time to troubleshoot or fix issues all with proper approvals of course. In addition to that, the session is recorded upon the assignment of the role. I would not recommend assigning change authorization in a daily support role as it can open up other functions you may not know about. Our support users is restricted to display only in production - no and, if's, or buts!
↧