The director is correct in implementing the security model.

This will be the case in typical banking environment. No DBA will be given acess to server inturn to the data, without a prior issue to work. In the environment which I am currently working a DBA has to raise a token if any issue occurs, say a backup has failed.

The escalation manager in you case the key-keeper will add you user id to appropriate role for a specified duration..typically an hour. After that you are no longer sysadmin.

That means that no one is allowed to try any junk on the system.

Thanks,

Harris/