Below you will find a security account matrix for SCOM 2019, that includes all the common service and security accounts in SCOM, and their default or recommended permissions. This includes the management servers, the database servers, SQL Role permissions, and database mappings. You can use this to correct deployments where permissions got modified incorrectly, or to verify that a least privileged model is being used.
This matrix is for SCOM 2019. For SCOM 2016, please see: https://kevinholman.com/2019/03/08/scom-2016-security-account-matrix/