Security Schema Questions



I have a sql05 instance and a Windows Group called developers
I want the developers to be able to alter databases.

So I
Created a server login for the windows Developer Group
Created a User Mapping for the model Database
Added Database role membership for model: db_owner

Then I created a new db called test
The developers could view the data and run statements like "alter
Schema".
However, the developers could not create a new table.

I then created a new database user for one of the developers in Test
and gave him db_owner role membership.
The user could then create tables.

Why could the developers run some commands but not create tables even
when they were mapped to dbo_owner?

Also why does db_denydatareader have a schema?

thanks,
.