***This blog post is still important but outdated. Please see this post for updated least privilege changes.***
In the blog on www.logbinder.com
(Workaround if LOGbinder SP is having SQL database issues),
a suggested workaround for insufficient privileges to SharePoint’s SQL databases
is to add the LOGbinder service account as a database administrator (DBO). The
question arises: How does LOGbinder SP use these elevated privileges?
First, it must be understood that LOGbinder SP does not access
SharePoint’s SQL databases directly. All access to SharePoint data is through
the SharePoint Server Object Model (see http://msdn.microsoft.com/en-us/library/jj164060.aspx).
LOGbinder SP does not execute any Transact-SQL commands directly, nor does
LOGbinder SP access the SQL database directly to adjust database structure,
privileges, and so forth.
The workaround suggested in the above blog is recommended based on
troubleshooting in our labs, to address what apparently is a defect in the
SharePoint Server Object Model. LOGbinder SP does not then use these elevated
privileges to perform other activity.
Even though LOGbinder SP accesses SharePoint through its object
model, a secondary question may be: What activity does LOGbinder SP perform in
SharePoint? LOGbinder SP’s main activity is to read SharePoint audit logs, as
well as to read metadata about SharePoint site collection, lists, libraries,
users, groups, and similar entities.
Through
the SharePoint Server Object Model, LOGbinder SP does make some changes to
SharePoint (the customer specifies these changes in the LOGbinder Control
Panel). The changes LOGbinder SP will make to SharePoint include: adding/removing
site collection administrators, adjusting audit policy settings for a site
collection, adjusting the audit log trimming setting for a site collection, and
deleting audit log records. (The documentation for LOGbinder SP contains details
on these actions.)
So, other than purging old log data and setting audit policy according to configuration settings
by the administrator, there is nothing that LOGbinder does that modifies or
could corrupt SharePoint content or the SQL database.