Can confirm that Jeff is right in saying

"I do believe that GP requires that the sa account be used to perfom certain administration tasks, but the users connect with SQL server user names"

One question the Auditors like to ask is if they are a user in GP doesn't that mean they have DB access rights. Answer is that  their  password is encrypted in the DB so users cannot just us ODBC to access the database directly

With reagrds to sa it may be possible to set up a user in GP and then give them admin right in SQL to be able to do the restricted tasks. Its one of the down sides of GP - you cannot just give these permisssions to users but one way of getting SOX Compliance. The way we are getting round the issue at present is to only aloww one or two DBAs to have access to the pasword and then changing the password on a regular basis.

Hope this helps

Jim