i have to restrict access for some Oracle datas.

For oracle user there is no problem to restrict the access-rigths.

BUT: when a os-user is in the ORA_DBA-group, this user can establish a connection as sysdba regardless the entered username/password - even if the does not exists or his account is locked!!!!!!! in this case the user SYS will be connected - with all rigths!!!!!!!!!!!!

So, when a OS-admin registers himself in the ORA_DBA-group he has full-access to the database incl. the possibility to read sensitive datas which is not wished by the Oracle-admin.

Question: Is there any possibility on the part of Oracle to prevent this behavior!