"The best way to handle rights and access is to selectively apply permissions to individuals, matching up their skills with their rights. If a user has problems creating indexes or adding tables, remove those rights. If they are a model DBA, then perhaps they deserve sysadmin rights. You can either loosely apply security and then tighten it up or lightly apply it and loosen it as people prove themselves."

But Steve, that's fine in a small to mid-sized company, where you know all the workers... but what about an enterprise sized corporation (let's say a Microsoft, IBM or EMC...) How do you manage this sort of tailoring in organizations that large?