Typically, a Group Policy will limit the permissions below to Administrator or to only specific Active Directory Groups, or possibly only to the Active Directory Administrator Accounts. When SQL Server is installed in a developer environment, this is complicated by the way in which group policy is applied across the board. As these are only a small fraction of overall group policy, why isn't there a generalized security group setting for Active Directory that automatically releases these permissions to a developer machine that has SQL Server loaded?
SQL Server Database Engine:(SeServiceLogonRight)
- Replace a process-level token (SeAssignPrimaryTokenPrivilege)
- Bypass traverse checking (SeChangeNotifyPrivilege)
- Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
- Permission to start SQL Writer
- Permission to read the Event Log service
- Permission to read the Remote Procedure Call service SQL Server Agent: *
- (SeServiceLogonRight)
- Replace a process-level token (SeAssignPrimaryTokenPrivilege)
- Bypass traverse checking (SeChangeNotifyPrivilege)
- Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
SSIS:
- Log on as a service (SeServiceLogonRight)
- Permission to write to application event log.
- Bypass traverse checking (SeChangeNotifyPrivilege)
- Impersonate a client after authentication (SeImpersonatePrivilege)
WHITE PAPER LINK:
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?redirectedfrom=MSDN&view=sql-server-ver16