Minimum requirements for SQL Server logins

A SQL user login is required when setting up configurations that point to the application database, the forms database, the objects database, and any template databases. This SQL account requires certain permission levels to these databases. The SQL 'sa' user account has all the required permissions and is often used to set up configurations.

However, the 'sa' login also has a much greater scope of permissions than is required and many organizations prefer to make very minimal use of the 'sa' account. In such cases where organizations do not want to use the 'sa' login credentials, it is possible to set up a special set of SQL user logins that have the minimum required permissions to get the job done.

SQL Server logins come into play at two basic times: when you create the databases required for Mongoose-based application configurations; and when creating and using the actual configurations. Each of these situations requires somewhat different levels of permission on SQL Server.

To sum up these requirements:

  • Create custom role mg_executor.  
  • Connections to the application, forms, and templates databases require db_datareader, db_datawriter, and mg_executor permissions.
  • Any operation where views to the objects database are regenerated also require db_datareader, db_datawriter, and mg_executor permissions.
  • Operations in the application database, in which the schema is to be altered, require those same permissions, plus db_ddladmin permissions.
Related topics