Seems to me that a user should have access with minimum privileges through standard login, and a separate unique account with elevated privileges.  No one should share an account, unless there's some way to limit use of that account to one person at a time and track which person had it for how long - with a new, time-limited password for each request.  Otherwise it would be difficult to tell who used the SysAdmin account to drop the production database.