backport of commit 3acfa450c2605226418c7dad00b39cbfb857f7b4 (#22104)

Co-authored-by: Ellie <ellie.sterner@hashicorp.com>

website/content/docs/secrets/databases/mssql.mdx

@@ -17,6 +17,24 @@ the MSSQL database.
 See the [database secrets engine](/vault/docs/secrets/databases) docs for
 more information about setting up the database secrets engine.
 
+The following privileges are needed by the plugin for minimum functionality. Additional privileges may be needed 
+depending on the SQL configured on the database roles. 
+
+```sql
+-- Create Login
+CREATE LOGIN vault_login WITH PASSWORD = '<password>';
+
+-- Create User
+CREATE user vault_user for login vault_login;
+
+-- Grant Permissions
+GRANT ALTER ANY LOGIN TO "vault_user";
+GRANT ALTER ANY USER TO "vault_user";
+GRANT ALTER ANY CONNECTION TO "vault_login";
+GRANT CONTROL ON SCHEMA::dbo TO "vault_user";
+EXEC sp_addrolemember "db_accessadmin", "vault_user";
+```
+
 ## Capabilities
 
 | Plugin Name             | Root Credential Rotation | Dynamic Roles | Static Roles | Username Customization |