One idea that comes to mind would be creating a local RFC destination with a specified user that does have a developer key and running all FMs that change or create repository objects in this RFC destination. I think you would have problems bypassing this check any other way than giving a user with a development key (one way or another) as although the developer keys are stored in the database I believe the checks on developer key are programmed in the system kernel and not in ABAP. I would also agree with Neal that allowing users who are not trusted with a developer key the ability to change domains sounds high risk.
↧