History
At one time you could install and run DNN using a SQL User that only had limited permissions (db_datareader, db_datawriter, db_ddladmin and db_securityadmin). This worked fine until SQL Server SP2 (or one of the following security patches), and then it stopped working and you would get an error when installing the database. The installation was able to create all the objects (tables, SPROCS, etc) but when the code ran to grant Execute permission to all the stored procedures (SPROCS) / user defined tables (UDF) the permissions the SQL user had were not enough and the grant could not be done (although it could be granted before the patch). Since this was caused by one of the SQL patches, there was nothing we could do in the code or IIS to overcome this issue, but a solution was found. At that time I meant to post the solution, but somehow it got overlooked and I did not do the post. So now I am finally doing the post. Although it is very late, I hope this still helps some people who want to run DNN with a SQL user who only has the permissions above.
Solution
The solutions is really very simple. Because the code cannot grant Execute permissions on the SPROC’s and UDT’s, the solutions is simply a matter of granting the user Execute rights at the database level. Below are the steps on how to do this.
1) Create the user just like you would with db_datareader, db_datawriter, db_ddladmin and db_securityadmin permissions.
2) Right click on the database for your install and select properties on the menu that appears.
3) Under “Select a page” left click on the “Permissions” option.
4) Select the name of the user you are using in the connectionString for DNN.
5) Under the “Permissions for {UserName}”, the Explicit tab – Scroll down until you find the Execute permission and make sure the Grant checkbox is checked (see screenshot below).
6) Click the [OK] button to save the changes and now your install should work fine with at SQL user that has limited permissions.
Conclusion
For those of you who like running your DNN site using the above scenario I hop this helps alleviate any installation issue you have. For those of you who want to run you site in an even more secure SQL setup (user who has no permissions but executing SPROC and UDF’s), you can read a previous blog a did almost three years ago called “Most-Under-Used-Security-Feature-in-DNN”.