What SQL rights are needed for the application identity?