Home → LOGbinder for SP KB → How To → LOGbinder SP use of SQL Privileges

3.4. LOGbinder SP use of SQL Privileges

Issue

In the blog on www.logbinder.com (Workaround if LOGbinder SP is having SQL database issues), a suggested workaround for insufficient privileges to SharePoint’s SQL databases is to add the LOGbinder service account as a database administrator (DBO). We recently published a a new blog (Least Privilege Workaround for SQL DB Access) that explains that dbo is no longer needed as there is a different role, SPDataAccess, that can be used. The question arises: How does LOGbinder for SharePoint use these privileges?

Access to SharePoint databases

First, it must be understood that LOGbinder for SharePoint does not access SharePoint’s SQL databases directly. All access to SharePoint data is through the SharePoint Server Object Model (see http://msdn.microsoft.com/en-us/library/jj164060.aspx). LOGbinder for SharePoint does not execute any Transact-SQL commands directly, nor does LOGbinder for SharePoint access the SQL database directly to adjust database structure, privileges, and so forth.

The workaround suggested in the above blog is recommended based on troubleshooting in our labs, to address what apparently is a defect in the SharePoint Server Object Model. LOGbinder for SharePoint does not then use elevated privileges to perform other activity.

LOGbinder for SharePoint’s use of SharePoint data

Even though LOGbinder for SharePoint accesses SharePoint through its object model, a secondary question may be: What activity does LOGbinder for SharePoint perform in SharePoint? LOGbinder for SharePoint’s main activity is to read SharePoint audit logs, as well as to read metadata about SharePoint site collection, lists, libraries, users, groups, and similar entities.

Through the SharePoint Server Object Model, LOGbinder for SharePoint does make some changes to SharePoint (the customer specifies these changes in the LOGbinder Control Panel). The changes LOGbinder for SharePoint will make to SharePoint include: adding/removing site collection administrators, adjusting audit policy settings for a site collection, adjusting the audit log trimming setting for a site collection, and deleting audit log records. (The documentation for LOGbinder for SharePoint contains details on these actions.) So, other than purging old log data and setting audit policy according to configuration settings by the administrator, there is nothing that LOGbinder does that modifies or could corrupt SharePoint content or the SQL database.