just because you have a windows login, does not auto-magically mean the login is sysadmin, and has access to everything.

Its very common in a dev environment that everyone has access to everything, and that loose coding practice can be tempting to pass on to production.

I think that's a key component to being a competent DBA: understanding security and how to limit access to just what is REALLY needed.

So your objective really is two fold: make sure normal users are never granted excessive permissions, and to create a Role that contains just the needed permissions for the application(?) to use.