I think I've finally picked up on some of the basic steps to connect a user/client to SS. Well I'm unsure about step 4 - that's where I want some clarification, if anyone can help.
(1) Create a Login in SSMS
(2) Create a User for that Login, for each DB that he will use.
(3) Grant the Login Execute permissions on any SPs he will run, or read-write table permissions if desired.
(4) Grant the Login read-write permission on the folder containing the database files (or at least read-write permission to those database files that this Login will use).
Perhaps I'm wrong about step 4. After all, suppose I'm running SS under the Local Service account. Shouldn't that be the only account in need of read-write permission on the .mdf files? I shouldn't have to grant the Login direct read-write access to that folder, right? (Understand I'm NOT talking about sharing the folder, I would never share the folder, that's not the question here).