SQL Permissions

Typically DotNetNuke sites are installed and run under dbo , however DotNetNuke has a few options for sites that wish to operate under a reduced set of user permissions.

Installing/upgrading with non-dbo users

It's possible to install DotNetNuke with a non-dbo user. The minimum set of permissions required for DotNetNuke to install and use is to have a user that belonds to the db_datareader, db_datawriter, db_ddladmin and db_securityadmin roles. In addition, the user needs to have Execute rights to execute stored procedures.
Some upgrades may issue an error, if db_owner permission has not been granted and another user with db_owner permission will need to modify database settings manually, e.g. increment database compatibility level, when upgrading to DNN 7.4.0 or beyond.

The following blog details how to set up and use the relevant user.

Please note, 3rd party modules may require more permissions - in particular modules (including the core reports module) that support the usage of direct SQL will require more permissions i.e. not just the ability to execute stored procedures.

Running under a lower user

DotNetNuke primarily requires most of it's permissions during installation and upgrading as well as installtion/upgrarding of some extensions. This is because these scripts will contain DDL instructions such as SQL to create and modify tables and stored procedures.

However outside these scenarios most sites simply execute stored procedures that contain DML instructions such as SELECT, INSERT,UPDATE and DELETE. To support this common configuration, DotNetNuke offers an optional upgradeConnectionString . The connection defined in this string is used for install/upgrade of core and modules, whereas the normal connection string is used for daily running of the site. A site wishing to lock down database permissions might set a dbo user as the upgrade connection string and set a user that only has read permissions (e.g. db_datareader) and the ability to execute stored procedures.