Not necessarily every dev box, but I'd say that in most environments it's reasonable that devs would have full permissions in any "their" dev boxes/VMs. If you split boxes/VMs across devs instead of sharing them, then the access would be limited to whatever people are assigned to own that box, but they'd have full access. I mean, if something breaks, it should be trivial to reset that machine or get a new one, VMs can be cloned and spawned in seconds and there's no reason not to spend an hour once so that you automatically get a fully working dev environment with all the tooling needed.
In any case the notion of "the root password" seems weird, root passwords should be unique (even for VMs), randomly generated, and mostly not used; in most situations you'd use publickey authentication instead of passwords.
