We have been having issues where the Application DBA's are creating files to expand their databases and using up all the space.
The two-part question is does the db_ddladmin role allow the user to alter a dB to add files? And what sort of lockdowns are best practices? dB Owner? Just DataReader/DataWriter?
Can we prevent them from adding files at all?