Encrypting internal databases is frequently just not practical or even feasible.

How many different individuals, groups, and departments can access the same data? Different data? Different crossovers? In your situation all data may be at a 1:1 ratio, lucky you push for encryption, this however is highly unlikely. Database encryption is most useful when used in web applications, to prevent a compromise of the database from disclosing client information in an unacceptable manner.

Although it is true that you could develop an DB interface application which contains all the keys and uses different passphrases to grant different types of access... this new application had better be developed really well or it will be a huge hole granting even more access than most flavors of DB compromise.

To answer your second question... only users that require access to specific DB utilities in order to do their job should be granted access to those utilities. Additionally users with greater privileges should receive more secure computing education.

cheers,

catch