As per the Symantec Endpoint Encryption Install Guide, there is a strict requirement for the database creation account to have two roles - public and sysadmin. This account is required for the installation process to create the SEE database on the Microsoft SQL server. 

It's possible that some customer environments involve stricter role management and the database admins might be reluctant to assign the sysadmin role to the DB creation account. There is no workaround for this situation at this point and the only official recommendation from Symantec is to grant the sysadmin role to the account at least for the time of the SEE installation or upgrade. Symantec isn't able to guarantee that any lower-level roles will allow the installation or upgrade to go ahead successfully.

A Feature Request has been opened to add the possibility of having the SEE installation or upgrade to work fine without having to grant the sysadmin role on the MS SQL server to the DB creation account. 

Symantec Corporation is committed to product quality and satisfied customers. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product. 

There is no guaranteed date for this request from the Encryption Product Management team, or the Encryption Engineering team at this time. Please be sure to refer back to this article periodically as any changes to the status of the request will be reflected here. You can also subscribe to this article to receive notification when it is updated.

To have your organization added to the list of companies that desire this Feature Request, please contact technical support.