You are absolutely right. As a security company, we do not find this acceptable either, that is why we don't call it a solution to the problem, only a workaround. Unfortunately, it is an issue on Microsoft's side, so we are not able to do anything about it. As of today, we are not aware of any solution to this issue, other than the above workaround. LOGbinder does not access the SharePoint database directly, that would violate Microsoft's terms of services. LOGbinder only uses the official SharePoint APIs that Microsoft provides. It is truly regrettable that we have to add these privileges in order to use the Microsoft API. If you would bring up the issue with Microsoft or you find another solution, please let us know. We are sorry, but we don't have a more secure solution for this issue at this point.