Not knowing SQL permissions too well I would say that public, dbreader, and dbwriter would be more than sufficient. Certainly not sysadmin or securityadmin or admin of any type is necessary.
Yes giving users sysadmin priviledges is asking for problems, because now you’ve given them a free pass into the entire SQL Server system, they can now do anything they want, in all databases. The public role is all you need for ‘regular’ users. You would only need dbowner if you need to import table objects. There’s no need to give any NAV user sysadmin, unless they need to be able to do admin type tasks on SQL Server directly, such as backing up databases, maintaining system jobs, things like that. Even folks that need to be able to add users don’t need sysadmin, they don’t even need system wide proviledges if they only need access to the NAV databsae.