Oracle has a SYSOPER privilege allows opration such as:
instance startup,mount & database open;
alter database backup archive log and restore
This privilege allows the user to perform basic operational tasks without the ability look user data.
I know this SYSOPER could limit DBA powers, but some company has different DBA roles. And it better not allow DBA to access database directlly after application implemantation.
SQL server has the same equivilents...if i need someone who only is going to do operating system backups, i can assign the proper roles. The issue is the sysadmin role itself. someone needs to be in that role, even if it is unused, in order to actually do administration.
kind of like saying the person who is the president of the company should not have access to the financial information of the company, because he could abuse it.
As said in thousands of similar posts here: if you cannot trust the person in the role, remove the person.
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!