It is not possible to restrict anything a user in the "sysadmin" can do. No other setting matters. A user assigned to the "sysadmin' server role, bypasses all security checks and can do everything on the server and all databases.
Level of access SYSADMIN has across databases
Want to confirm my understanding of access rights is correct in SQL Server.
Situation: Server TXB001 hosting databases DB01, DB02, and DB03. User1 has SYSADMIN rights to Server TXB001 and DB_Owner role to DB01, DB_datareader to DB02, and no role assigned to DB03. However, because User1 has SYSADMIN rights on TXB001, his rights on the databases are irrelevant; since they are hosted on that server he has DBO permissions to all three databases.
Just for background I am not a SQL Server user, just a person trying to confirm assumptions prior to discussing this with a client. I want to make sure I understand how it works before I potentially get people worked up. Thank you in advance.