A fairly common question I seem to keep running across from SMS 2003 admins that have upgraded to Configuration Manager is: "What happened to the SMS_SiteSystemToSQLConnection group on my Configuration Manager 2007 site database server?"
Although this is documented in the Configuration Manager documentation library in the What's New in Security for Configuration Manager topic, I figured that I would blog this to get the word out a little more.
In case you're wondering what that topic says, here's the applicable bit:
The SMS_SiteSystemToSQLConnection group is no longer needed because database access is controlled by SQL Server roles that are automatically created during Configuration Manager 2007 Setup. For more information, see About the Database Roles for Configuration Manager at http://technet.microsoft.com/en-us/library/bb632943.aspx.
So there you go...question answered 
OK, you probably want a little more background information I'm guessing.
First, the history of the group. When SMS 2003 sites are installed, the SMS_SiteSystemToSQLConnection_<site code> group is created to manage the required permissions for site systems to access the site database to support advanced security. Site systems like management points, server locator points, and reporting points are thereafter added to this group when applicable-even if they're installed locally on the site server computer. You'll still see database roles installed on SQL 2005 instances hosting SMS 2003 site databases because database roles are a SQL 2005 feature, but you won't see SMS-related database roles as they're not used.
Now you see it (before upgrade from SMS 2003):
As stated earlier, Configuration Manager installations do not use the SMS_SiteSystemToSQLConnection_<site code> group so you won't find that group on the SQL Server hosting a Configuration Manager site database. Instead, SQL Server 2005 database roles are used to control site system access to the site database. All of the required database roles are created, and assigned the required permissions, during Configuration Manager primary site setup. Modifying the roles created by Configuration Manager 2007 and the permissions assigned to those roles is not supported
As new site systems are configured for the site that require access to the site database, site component manager automatically adds the computer account to the required database access roles for you-as long as you're using the computer$ for the site system to connect to the site database. If you will use a database connection account to allow a management point, PXE service point, or server locator point to connect to the site database, then you need to manually add the database connection account to the appropriate site database role.
Now you don't (after upgrading to Configuration Manager 2007):
For a picture of what these database roles look like (before and after upgrading to Configuration Manager) check out the picture at the bottom of my Upgrading SQL for SMS Sites post.
For more information about Configuration Manager database roles, see About the Database Roles for Configuration Manager.
Hope this helps,
~Jeff