and if it is super sensitive data (hippa related, bank etc) come audit time your head is on the chopping block. none of our users have direct access to db not even using groups, they dont need to query the data that way. we restrict things by using dedicated svc accounts. if they want data they can use ssrs. harsh but they are ok with it
1 Like