Usually, you do not hand out “root access” to auditors. Auditors are there to gather information (e.g to audit) and report.

In general, you don’t give out broadly permissive access to sensitive systems because people (yes even incredibly competent people) are prone to getting confused or mistyping and you really don’t want anyone deleting the entire database at the drop of a hat because they didn’t have enough coffee that morning and were logged into the wrong system.