I have a question on how the PDM client is able to read and write to the SQL database. This question has been raised to me from our network security team and I have not been able to find an answer in the forums or documentation. This is closest I've found but it's fairly old and is still missing the component they are interested in:

https://forum.solidworks.com/message/15731?q=Client%20to%20SQL%20database%20security 

I understand that the clients use a SQL user account that has at least db_owner privileges (like sa) that is stored on the Archive server. When the client connects to the archive server, the SQL user account is then used to make reads/writes to the database over ports 1433/1434. 

My question is if the SQL user account credentials (I'm hoping it's at least encrypted) are passed to the client to make these reads/writes? I believe the other alternative is that the reads/writes are done through the archive server and the SQL user credentials are never passed to the client. I know this is a technical question that's under the covers but I thought I would start here before diving deeper.