SQL Minimal Access user

I would recommend checking the documentation on this topic.

I was hoping for a slightly more complete example, as not sure why live site needs Alter table or schema etc..

Is there not a simple example, for a basic site?

The user for the live site needs the alter table, schema, etc. because it's allowed in the CMS. If you have staging or CI/CD set up, the services will execute those schema, table, etc changes on the production database when you initialize the staging service or CI/CD. So there's no way around it UNLESS you want to manually push your changes to the database directly without the user of the built-in tools from Kentico.

What is a simple example? What is a basic site? Each site is different and has different needs. We do not know what you will be doing on your basic site in the code. What would be the user activity and journey on the basic site. It is not that easy to create a simple example...

I Guess sort of hoping for a matrix of basic objects and permissions (Assuming no custom code), e.g.

alter table, schema -> Required for CI or Staging

Analytics_HourHits -> SELECT, INSERT (if using analytics) CMS_LicenseKey -> SELECT CMS_Tree -> SELECT (UPDATE, DELETE for Staging, CI) CMS_User -> SELECT, UPDATE (If using auth)

Just a rough idea, even if it was list of know exclusions, its just without digging into code its difficult to know what can be restricted. e.g. I assume for the Live site execpt for staging you would only need SELECT on CMS_Tree etc..

Also doesn't CI and staging run through the Admin site, so that could be a different user?