Thanks for an interesting read! We have had similar requirements, and needed to create our own seperation of duties methodology (including security elevation tools) as it was very hard to find any established principles or documentation for SQL Server.
We have new audit requirements for DBAs to deploy scripts without having access to modify these scripts prior to deployment- have you seen a solution for this?
Thanks
David.