I don't think it actually matters much; your database is your core business and access to it should be restricted. Same as your machines. To the point where, if you have everything set up right (which is a big if, granted), NOBODY should need physical access to ANY machine or database. All access through the application's management interface, where access can be finely tuned and access logs can be used to hold people accountable.