There's definitely a case for separation of duties. For example, admin roles who have DDL permissions should not have DML access. To achieve this, you'll need to manage the permissions at a granular level and revoke permissions from the role. Cheers!
>
