The only other alternative I can think of is to allow SELECT/INSERT/UPDATE/DELETE access at object level. This way the whole DB will not have read/write access.

>Can anyone explain the security issues with using built-in security roles such as db_writer, db_reader, etc. We have an application that uses these to control access, but one client is complaining that it causes them to fail a security audit. What are the alternatives to using these roles?