In our setup, all users are accessing the database through Remote Desktop Manager Server, and RDMS is accessing the SQL database with an account that has control permissions only, i.e. DDL and DML queries are allowed. That works fine for us.
Our goal is to be able to run with only DML access rights, but that requires any database modifications to be performed by either the installer or the client when it is first run. We have yet to perform our first application upgrade, so no definite answer on that.
Our goal is to be able to run with only DML access rights, but that requires any database modifications to be performed by either the installer or the client when it is first run. We have yet to perform our first application upgrade, so no definite answer on that.