For me that's one reason to have sa as the DB owner. So that I won't have any cases where logins have more rights than their assigned permissions state.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability