If your company did not care about security, why is it secured in the first place? Since a select few are creating the queries today, I imagine access was a concern.
And do they care enough to audit access? If not now, will they when there is a breach?
To dismiss the advice you are getting shows you will be news worthy at some point in your career. And not in a good way. Go to your DBA with this thread and discuss it. Let us know the results.
The AD approach offers more flexibility, and is auditable. But you still want controls in place.
The cost of not doing this in the correct manner can easily exceed what you perceive it costs using the current process.
In case you decide to dismiss my reply as not from a “good” DBA, I spent a couple decades for a Fortune 500 company, working as both a Developer for the data warehouse, and as the one in charge of securing our data corporate wide. In fact, when code red came through, I was on vacation. When I got back, in the meeting about this problem, my servers were the only ones that were not breached. The other 2 who replied likely had similar experiences. They are highly respected by many in the field.
In years, I have never seen either one post less than the best of help. And many times go to great lengths to help others.
I’d go so far as to say if any of us could post what you are asking for in the manner you want, we’d go directly to Microsoft and report it.