Friends of the netherweb,
I'm looking for tried-and-true processes for enabling a new potential tech vendor access to my website without providing access at the web server level.
In the past, whenever getting first acquainted with a potential vendor, the need always arises for the potential vendor to actually look at the website before committing to a price or workload schedule. Also, a vendor is interested in seeing the site to ensure that they are familiar with the current systems and that their skill set is capable of executing the work.
Historically, I've given the vendor 'root command' access to the webserver. Once they've gone in and grabbed what they needed I've changed the primary password. Finally, when the vendor and I agree on terms and I feel comfortable with that particular vendor, I give them the new password. This is kind of silly on multiple levels.
Thus, I'm looking for process suggestions for how to get the website, in its entirety, to a potential vendor's possession without opening up the full mothership treasure chest at the webserver host level.