hi Eric,

thanks for such a good explaination, actually there are already multiple running applications and it is not possible to remove logins from sysadmin role or cant modify any users permission because that may imapct of other areas of application and client will not accept it. requirement is only to restrict everyone except SA to update that audit table data.