MS SQL Server provides a wide range of options to choose from when deciding how to regulate security in our organizations? I’m curious how you handle it?
Do you go full on best practice and run Windows Authentication only, allow service account and security groups only, and define user roles with granular permissions to apply to these accounts?
Do you fold under the pressures of the developers who blame you for their application’s failures and therefore you allow them whatever they claim they need in order to mitigate the blame?
Maybe somewhere in between. I’m eager to hear your methods. Feel free to post comments to elaborate or recommend additional options for the poll. (Mark all that apply)