So, I was asked today a question that made me have to think a bit.
Scenario: The network admin would build out our server. The database team (DBA) would take over and install MS SQL Server and maintain it.
Business Expectation: data is sensitive (including no viewing for network admin)
Question: Is it possible to prevent the network admin from accessing our databases? My first thought is NO because the network admin sets the local permissions. But then I thought about it and realized that if MS SQL Server is installed on Mixed Mode, then the SA account can go in and remove/control all Windows Authentication accounts right? Once all users are assigned properly, then only the dedicated Windows Authentication or SQL accounts will have access to our databases.
Can someone confirm?