SEPM 14.0 and above connected to a SQL database
The public server role requires the following securables under "servers":
View any database
Alter any login
These permissions will automatically be added after DB creation.
The "Alter any Login" securable is required to allow a password reset of the "REPORTER_DBNAME" account during a SEPM reconfigure from a SQL Authentication set-up to a Windows Authentication set-up.
It was necessary to add this access as SQL Server doesn't support to grant alter just one specified user to a role.
NOTE: This permission is only needed for the Management Server Configuration Wizard to properly update the REPORTER_DBNAME account password. Once the wizard has finished running the permission is no longer required. If this permission is removed it will need to be re-added prior to running the configuration wizard again. This includes performing an upgrade.