The database user should only be granted SELECT permissions on the specified database & tables you want to query.
Grafana does not validate that queries are safe so queries can contain any SQL statement. For example, statements
like USE otherdb;
and DROP TABLE user;
would be executed. To protect against this we
Highly recommmend you create a specific MSSQL user with restricted permissions.