for me, it doesn't matter if it's entity framework or an ADO connection or anything else. it doesn't make a real difference in what it's going to do.
in our shop, our application typically connects as a user with db_DataReader , db_DataWriter, and EXECUTE permissions;
we don't grant it db_ddladmin, so that login cannot create new tables or procs or anything, we feel that anything like that has to go though the DBA.
we also grant it VIEW DEFINITION as well, so it can see the structure of all objects.
this is the basic permissiosn for the role,a nd any user(s) the applciation would use go into this riole:
CREATE ROLE [AppAccess]
EXEC sp_addrolemember N'db_datareader', N'AppAccess'
EXEC sp_addrolemember N'db_datawriter', N'AppAccess'
GRANT EXECUTE TO [AppAccess]
Grant View Definition ON SCHEMA::[dbo] To [AppAccess]
--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!