Grant db_datareader for SCCM site database

Objective: Grant a SQL login db_datareader (read-only) on the SCCM/MECM site database (CM_<site>) for the vScope SQL connector.

Prerequisites

• SQL access to the SCCM server/instance.
• Know your site DB name (e.g., CM_ABC).
• Rights to create/modify logins on that SQL instance.

Steps

1. Create or choose the login

   • SQL or Windows auth; example: sccmreader. Ensure the login is enabled/active.

2. Server Roles

   • Set to public (no extra server roles required).

3. User mapping

   • Check the SCCM site DB (e.g., CM_ABC).
   • Database role membership: check db_datareader.
     

4. Default database (optional)

   • Set default DB to the site DB (e.g., CM_ABC) for clarity.

5. Status

   • Ensure the login is allowed to connect and is active.
     

Verify access

• Run a simple query as that login:

  SELECT TOP 1 * FROM dbo.Sites;

  Expected: returns at least one row. If empty or error, re-check DB name, role, or instance/port.

Notes

• No server-level roles beyond public are needed.
• If using a named instance or dynamic ports, ensure the login can connect via the same target you configure in vScope.

Common issues

• Wrong database (must be the site DB, e.g., CM_<site>).
• Login disabled or password expired.
• Connecting to the wrong instance/port (especially with named instances).

Related

• SCCM probe setup: System Center Configuration Manager