security model for relational database?

Answer 1

Need just a bit more information to make a good recommendation about this. The question is to broad.

Answer 2

Although the question is overly broad,
You can start your approach by separating deployment from development (coding) issues.

You should architect security into how the different pieces fit together.

You should restrict how input is accepted by proper input validation and the use of stored procedures.

You should run everything with least required permissions.

These are all good practices regardless whether the database is relational or not.