I am going through and auditing my companies Marketo privileges and we have a few SFDC admin that have admin privileges in Marketo. I wasnt sure if there are any kind of best practices for SFDC admin in Marketo or if giving them admin access is the best way to go.
I'm going through something similar in SFDC. When we were a tiny company, everyone wanted admin rights because they "needed rights to do XYZ" that only admins have. In such a small company, you have more control over training and everyone being in the same place makes it seem safer than it really is.
Once we grew, we realized how bad this actually was, including the compliance issues that Greg is talking about. Or running into opt in issues where these groups do not understand legal opt in and they click those buttons - as admins they have that ability. Or overriding opt out - I now have to have an alert running to see if my colleagues are erasing opt outs! It's caused HUGE problems, but it's hard to take away something that people now see as a standard. I'd recommend to everyone to guard admin rights from the beginning but if you can't or you walk into the situation and it's already part of their expectations, then I'd say get your boss on board to back you up and deal with it quickly because the longer you're at an organization and let it go on, the harder it will become.
Any suggestions on what privileges they should be given?
There is no single not simple answer to this question. The salesforce profile system and to a lesser extend Marketo role system are very flexible and you need to configure them to suit your organization and the missions these people have to perform.
One recommendation: do not use standard profiles in SFDC not standard roles in Marketo. Take the time to define your own.