it might not be obvious;
for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group
that has direct or implied access
SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..
it might be a domain group.
you can check that with an extended stored procedure:
modify either of these commands to check a specific user, or a group:
EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from
EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members
Lowell