Restricting DBA access to specific databases

Most medium to large organizations have several DBAs and numerous databases. While all DBAs should have access to most of the databases, only one or two DBAs should be able to access the sensitive databases. The following paragraphs figure out how to achieve this. If all the databases are implemented in a single instance, then you can't restrict access in this manner, and you have only two choices:

Separate the database servers: If resources (hardware and money) aren't a problem, you should choose this approach. Move the sensitive databases to a new server and then change the 'sa' password to a new password that isn't the same as the "insensitive" login.

Create a new instance: If resources are scarce, create a new instance of SQL Server and move the sensitive databases to it. Change the 'sa' password to something different than the password on the default instance.

Making the right choice often depends on budget and available hardware. Be sure to make this decision wisely.