We ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment. Organizations simply don t have the time or resources to solve this challenge. Separation of duties is not enforced by automatically combining assignment of DBA responsibilities to the administrator role. Instead, security should be tightened by revoking DBA privileges from all operating users from the BUINAdministrators group.
Source: https://threatpost.com/do-you-know-what-your-database-users-are-doing-083110/74401/

