Hi

Its not a problem really, the DBA is the DBA and should be GOD when its comes the DB management and administration. To achieve this, only the DBA uses and knows the SA account (in dev/test/prod) and reworks the BUILTIN\Administrators login account to remove sysadmin access or possibly delete it all together and create a new custom version associated with better defined domain and local groups. In the case where mixed mode is used, the same ideas apply.

Dont be bullied into giving away the SA account, it should remain flexible enough to alter its password at any time (ie, dont go embedding it into dts jobs etc), look at it as your super account for emergancies and "dba" fixes only.

Like in oracle with the sys account, its not going away, so they create a "system" account with slightly different privs etc (but still basically king). So manage the DB and the SA account as such.

My big gripe is auditing in SQL-Server, its basically totally crap and needs a lot more time spent on it, including additional triggers for "on login", etc etc for custom jobs.

Cheers

Chris