Paranoia Kicks In:
He can’t have updated it…right?
I mean, he doesn’t have db_datawriter permission; I’ve denied him update permission on my table. I’m safe!…right?
This is a fun article which highlights just how hard getting correct, granular permissions can be.