Basics
When installing Dataedo Web, a service user is created to run the app - by default, it's named IIS APPPOOL\DataedoPool. Since the server can't impersonate other domain users at this point, any connections to a repository database using Windows or domain authentication can only authenticate as this service user.
If the repository database server you're connecting to does not allow non-domain users, you have two options - either grant the IIS app pool user the required permissions (details below) or change the IIS app pool user to one that already has them.
Creating a repository using domain authentication
To create a repository, the user requires the CREATE ANY DATABASE permission. Other required database permissions are automatically granted during repository creation.
Connecting to an existing repository using domain authentication
To connect to an existing repository, the user needs to be added to ADMINS and USERS roles in the database - these are roles created by Dataedo in the repository database during its creation.
If you want to be able to upgrade repository from Dataedo Web, the user also should be granted the db_owner role.
Managing users from Dataedo Web
Currently Dataedo Web uses database logins to authenticate users. If you want to manage database users from Dataedo Web, the IIS app pool user needs to be granted the security_admin server role. You can always manage users manually or using Dataedo Administration console otherwise.