Thank you for contacting us.
Generally, db_owner is required. As for the directory permissions you could set them in accordance with your needs. It is not necessary the user to have full control over all folders, you can specify separate folders where the user has only read permissions. You need to grant write permissions to the App_Data folder, because there are the database and sitefinity.log.
Hope this helps.
the Telerik team
Check out Telerik Trainer
, the state of the art learning tool for Telerik products.