The database user should only be granted SELECT permissions on the specified database & tables you want to query.
Grafana does not validate that queries are safe so queries can contain any SQL statement. For example, statements
like USE otherdb; and DROP TABLE user; would be executed. To protect against this we
Highly recommmend you create a specific MSSQL user with restricted permissions.