It’s a simple question: can your database administrators read all of the data in all databases?
Yes Yes, but we trust them not to – as in, we’ve got written policies in place, and they know they’re not supposed to go poking around in the payroll tables or the human resources database Yes, if they bypass tech restrictions – like we’ve encrypted the data, but the DBA could technically log in with the app’s login or certificate and decrypt stuff they’re not supposed to see, or get access to our key vaults, or create a new login and then