Very nice article. I was especially pleased to see the mention of Entity Framework. I'm not a full-fledged DBA. I refer to myself as a database developer, handling both ends, building my applications from the ground (database) up and doing my best to follow best practices on both ends, including security. I have never understood how Microsoft and others can push tools (and samples) like Entity Framework (which I don't use) that depend on full table access for users. Where is the concern for security?