We have several SQL Server databases in our organization and most of them are a requirement for a specific application.
Most often, either the end-user will request to have them be a member of the db_owner role or the application will automatically make them a member of db_owner.
I know there are exceptions, specific circumstances, etc., etc., but as a general rule of thumb, *most* users would not need to be any more than a db_datareader and db_datawriter, would they? For the average user, it seems like gross overkill to make them a member of db_owner, or am I wrong? I'm trying to adhere to the principle of "least privilege".