Hello.

One possibility is to use a stored procedure for the more sensitive roles. A stored procedure can have more rights than the User executing it, and the stored procedure can be used to ensure appropriate use (assuming individual users can be identified, User A only can create tables on database A).

Everett