I agree that we have some work to do on access control. In fact, we have setting up Mathesar users with the 1:1 database user mapping in our roadmap[1]. Assuming you're referring to the Database super user as being a problem, we also have giving more granular control over that to the installer in the future. I completely understand reluctance to give a webapp super user access to a production database.
Very nice to hear, I will follow your project.
One of the projects I was thinking about is financial systems used by government actors such as correctional services. For these customers there’s strong legal requirements for data handling so a database super user with full access is a big no-no even for the most trusted developers internally.
We completely understand. We want to have the ability for Mathesar to gracefully handle DB users with different permissions (i.e. we'd disable features in the UI based on the permissions of the DB user set up during installation), but we couldn't get that done in time for launch. We'll continue working on this.
[1] https://mathesar.org/roadmap.html