James Anderson rails on inappropriate sa account usage:
I can already hear managers saying:
If you don’t trust your employees, why employ them in the first place?
Well there is the whole accidental damage thing. I guess you could cover that by having a good backup\restore process (if your RTO and RPO permitted the downtime) but don’t expect to pass any security audits coming your way. Hint: your clients wont like this.
Plus, supposing everybody knows the sa account, there’s no way to know who accidentally(?) dropped the customer database.