You do not think about it, because your supplier are some nice guys, but what if they are not? Have you tried to test the security of all the logins that you have given them?
Do you know that if a supplier is sysadmin, then they can delete all your databases and shutdown the server?
The document attached shows how to test the rights you have given to a supplier or user of the SQL databases.
We use our own system, SQL powerhouse, to show how to test if the user has to many permissions.