A SQL Server database  comes with a range of fixed roles beyond read and write.

db_owner

db_accessAdmin

db_securityadmin

db_ddladmin

Assigning  a database user with these permissions requires strict controls. Very often a user can accidentally drop an object, rename an object or change other users permissions  and restricting their access to data.

What controls do you have in place to audit these permissions? It is not unusual for a user to request temporary elevated access to a database , for example , to change the definition of code or for an installation.

A common approach is to create a regular audit – which monitors and reports on elevated permissions. The DBA can work with the database owner to outline the risks as part of a regular database risk assessment and to create steps for changing the permission.   I am happy when I see database users at the db_reader and db_writer permission level

Ultimately it is the DBAs responsibility to ensure the security policy is in place and a process exists to check against the policy..

 Read More on database risk and security audit

Decrease database risks with minimal spend

SQL Server - Security Risk Analysis and database security

How to create a SQL Server Security Audit