When you say 'I would prefer not to give such permission to this anonymous user', your log file is not being directly published by IIS so any user would have to go through the CGI script to read the content. What you want to do is to protect your CGI script and make sure that it can only be used by an appropriate person.

Have you looked at using the default 'Windows Integrated' authentication so that the CGI script would be run as your Manger user account? You can then secure the script and your app by setting his account as having read access.