Segregation in Duties in Database.

Guys, if you do IT Audits, please pour in your thoughts. One of my colleagues asked this question and since then I have had deep thoughts on this.

We have SOD control for applications, why not for databases? I'm aware of the guidance that if your database (SQL for example) has only Admins, you don't have to worry. But what if a user who is non-admin has access to both production and development instance of the database?

And if your database is connected to an application, then changes made in dev instance of the database will be reflected in the dev environment of the application, and this same user can make changes in prod database which would impact the application in prod server.