Below you will find a security account matrix for SCOM 2016, that includes all the common security accounts in SCOM, and their default or recommended permissions. This includes the management servers, the database servers, SQL Role permissions, and database mappings. You can use this to correct deployments where permissions got modified incorrectly, or to verify that a least privileged model is being used.
This download is for SCOM 2016. For SCOM 2019 please see: https://kevinholman.com/2020/07/23/scom-2019-security-account-matrix/