If creating a custom user then the account should be given database owner rights over the sem5 database:
http://www.symantec.com/docs/TECH192646
Sysadmin is only needed if allowing the SEPM Installer to create the DB, and even then only for the install. Once the DB has been created and the SEPM is up and running, it only need DBO rights to continue normal operation.