Agreed all round. We've been using this model for some years years now and it has made a world of difference.

It's a moot point - but how many DBA's out there are in a position where they have a say in what authentication models get used?

I am surprised by the number of of client's DBA's who are held responsible for the integrity of the databases under their jurisdiction - whilst at the same time have absolutely no say in the security/access models used by developers.

Have other folks out there found this to be a problem?