authentication control

Hoi,

We have a development, quality and production environment of the portal.

Currently our content administrators have full access on development, full access on quality, and normal access on production. (normal access = default authenticated user)

Some content administrators have a bad habbet, to develop on QA. That's not allowed, because development should be done on the Development system.

The issue is that when you have developed something on Dev, you can create a transport to transport it to QA. On QA you can import it, and you can test it again.

So the developer should have no access to change anything (like Iview settings etcetc) on QA.

However, the content administrator should be able to upload his transport package in the QA environment.

How can we achief this?