Be generous in granting privileges in the DEV database (but still lock down the server environment), but don’t let Devs promote any DDL to the next environment. Only the DBAs can deliver/apply DDL to the next (usually QA) environment. So if the devs modify their tables/columns without the architect approving/knowing about it, their deployment to QA will fail.

I use tools that automatically compare the Dev database to the modeled database, then report on differences, so I’m not surprised when changes are coming.

I find this is a nice trade-off – it lets Devs do some what-iffing/testing/research, but also provides a strong incentive for them to still co-ordinate with the people who do the modeling.

The do sometimes still manage to try to sneak things in. If this dysfunction gets out of hand, then we go back to a locked down dev environment.