The other day I was working with a class that pulls back all the audit information for a user, SPAuditQuery. It has some really good options, especially query by user. I was trying to pull information from the site collection for the user, however I continued to receive a non-descript error message. Finally, I thought to myself what permissions does this user have and sure enough the user was a Site Admin and not Site Collection Admin. If you are pulling audit logs from a Site, then check that the user is a Site Collection Admin. If you are pulling audit logs from a web, then you need to make sure that they are a Site Admin. If you are pulling from a list, then they need to have list admin rights (probably somewhere around the built in permissions “designer” level). In this case we may not let the person have Site Collection Admin rights, but we may want them to see the log data in a custom webpart. We can use an alternative with SPSecurity.RunwithElevatedPrivileges and place the webpart in an area secured for only those people to see.
Another key thing to note when working with audit logs you need to turn on the Audit Logs in the Site Collection under Site Settings before you can even begin to hit anything with code. Otherwise you will receive all kinds of pretty nasty looking error messages. When dealing with anything I always consider Occam’s Razor – The simplest assumption is probably true. Initially you should check to see if the audit logs are turned on in the Site Collection, then check permissions. Good luck guys…As usual I hope that you can learn from my mistakes.