So I would like to know what exactly DBA1 can do that DBA2 cannot undo or drop?
Some more discussion on this can be found in the newsgroups, e.g. in these threads:
I should add that this question is not dealing with topics like "Do users of my application need DBA authority to do backups or create other users?" - For these cases, it's a widely accepted best-practise to give particular users execute permission on according stored procedures (and the like) to allow these DBA actions, but to do not grant them DBA authority.
This question is more focussed on enterprise/in-house databases with more than one DBA account.
I'd like to attempt to make a list of the things DBA2 can or can not do - and I would invite anyone to add/comment on this - consider this just a starting point...
Basically, I will assume there are two users with DBA authority named DBA1 and DBA2, and would assume that DBA2 might turn into malicious intentions:
I. What DBA2 can do:
II. What DBA2 cannot do: