It is true that a sysadmin loin has the permission to read all database objects. But many applications use views to control the data access.

For example, user logins are saved in a table, and grouped by permissions or positions. A view displays different employee data according to the current login. If the login is a department supervisor, then the view only return employees from this department. If the login is CEO, then it returns all employees. Or only if the login is HR user, the review returns salary, otherwise salary is null.

This permission control has nothing to do with the database permission.

If you know the database structure, you can run a query against tables instead of views. But unfortunately sometime purchased third party applications are not allowing you to know the inside of the database. And in most cases, the queries can be very complicated.

To make it worse, after an upgrade, tables could be changed.