If all SCCM is doing in inspecting System Views, Catalog Views and DMOs then you may be able to go to something like this:

1. Create a Login for the SCCM service to use to login, or add the SCCM service account if that's how it authenticated to the DB instance (probably done already).

2. Create a User in every user database on the instance for that Login plus model (to support having a user in all new DBs) and leave the user in the public Database Role only, i.e. the user should not need any explicit permissions.

3. While in master grant VIEW SERVER STATE to the Login.

4. While in master grant VIEW ANY DEFINITION to the Login. The ANY is very important because it denotes a sever-level permission that permeates all databases as well, as long as the login has a user in the database.

That will offer the SCCM Login the ability to view all server-level and database-level metadata. Any permissions required to allow the SCCM login to modify server or database level settings will require additional grants.