Apropos to this topic, how many of us as DBAs or database developers has had exposure to concepts like minimizing the attack surface of a database, or follow principles of least privilege in designing a database? Or, even if you do, what kind of organizational pressures do you feel to compromise your security design?

I'm constantly surprised at how many systems are designed with admin privilege required as a proxy for security. In practice, though, that strategy requires granting admin access to too many actors to be secure. (i.e. more permissions granted than the minimum each actor needs to accomplish their task in the system.)

And, while the same system could be designed with lesser permissions granted, once a database is fielded that requires admin privilege, it becomes a self-reinforcing strategy that is set in deeper and deeper concrete as the system lives out its natural life.