This was actually posted about a week ago, fell behind a little during travelling. Building a Security Philosophy was written to get people to think about they approach security. Do you give the proverbial Junior DBA only partial access? Do you believe in table access? Do you use the built in roles?
I have opinions on the topic, but it's not clear that there are always right answers, and definitely some that are situational. Many of us have the philosophy that we acquired at the first job, or from the first manager or peer - at some point it's worth revisiting to decide if we still agree with those principles held for so long!