We recently moved our datacenter and went through this whole discussion.  The Finance/Sr Mgmt/Auditors all pulled that same argument that I couldn't have the SA password nor be a local admin on the box. 

I agreed but only on the condition that they (the trustworthy ones --their words) were to be the "key masters".  When our folks at overseas offices started calling me at 3 in the morning, I gave them the phone numbers to these trustworthy ones, a meeting was called very quickly to resolve this issue.   (I actually go some decent sleep those three nights!)

The end result of the meeting was:

1. I am back were I am able to do my job (SA and local admin).  We implemented many standardized procedures that can be documented and followed which is the real meaning of SOX and ultimately what the auditors are looking for.   

2.  I did use it to get most of the developers off the production boxes and for them to create more of an admin interface to do their jobs.

3.  They now have a much bigger appreciation/understanding for the number of hours that we work and our job skills. 

4.  We had a serious and meaningful discussion about data security, job roles and responsibilities. 

I hate politics as much as anyone but sometimes it has to be played when they won't come in with an open mind.   

Good luck!

SJ

---

Accepting all invites