DB_Owner rights should default for users.  SQL Sever users' passwords are proprietary and the passwords are not the same as the user's application login credentials.

DB_Owner rights can be manually removed by unmarking the checkbox for each appropriate user within SQL Server User Roles, although it is not recommended by Blackbaud.