I was looking around for some information regarding securing SQL datastore for XenApp.
I came across this article.
Important: For improved security, you can change the user account’s permission to db_reader and db_writer after the initial installation of the database with db_owner permission. Changing the user account’s permission from db_owner may cause problems installing future service packs or feature releases for XenApp. Be sure to change the account permission back to db_owner before installing a service pack or feature release for XenApp.
Also for other information check out the main page. There are lots of really useful snippets of information here which search engines do not always pick up.