1.Verify that database permissions are granted or revoked appropriately for the required level of authorization
Determine which user accounts are required to have access to what data
Accounts that do not require permissions or access should be locked, disabled, or even removed
2.Review database permissions granted to individuals instead of groups or roles
Review for any permission granted to user
3.Ensure that database permissions are not implicitly granted incorrectly
Review the specifics of the permission model for database platform, and verify that you fully understand how permission are inherited
Document permissions that are granted to ensure that permissions are not allowed when they are not appropriate.
4.Review dynamic SQL executed in store procedure
Review store procedures
Restrict use of dynamic SQL in procedures that run with elevated privileges