Thanks for the response Kraig.

I'll see what I can find out from TPTP here at our Univ regarding Sox Compliance. Additionally, are there any other compliance and controls standards out there they we may have to be aware of? I've seen things like ITIL, COBIT, COSO, PCI, etc.

You are spot on with regards to your business user needs something done asap example!

I agree on point #3 that we should not be the ones coming up with this, actually, it is just me pounding the drum. Everyone else in on the decision thinks everyone that has access to 'their' DB, should also have Write access in Prod on the Primary Node of the Cluster. If something goes 'wrong', they, the non-DBA will supposedly be responsible. Hmmm, sounds great in theory.

I'm reading SQL Server 2012 Securty Best Practices - Operational and Administrative Tasks. I"ve also found a video about Security, Compliance, and SQL Server by Andy Warren and David Maman. Do you have any other guidelines to look at and/or compliancy 'laws' that we best not cross?

Thanks again.