Resolution for Event ID 7888 - Only site admin can access Data Source object from user profile DB
After a recent implementation of MOSS 2007 (least privilege), I was going through the event viewer to ensure everything was running without hiccups and I discovered that II had an Event ID: 7888 in the logs.
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Date: 9/5/2008
Time: 3:00:01 PM
User: N/A
Computer: YOURMOSSSERVER
Description:
A runtime exception was detected. Details follow.
Message: Access Denied! Only site admin can access Data Source object from user profile DB.
Techinal Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)
For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp .
I had a few of these errors, and after a little digging, noticed it was occurring when a profile import was occurring. Since I was using least privilege, I first assumed that the profile access account didn’t have correct permissions. Bad assumption… the profiles were being imported, so that really couldn’t have been it.
In the end, I finally resolved the issue by granting the SharePoint Search Service account the Manage User Profiles permission.
- To obtain your Search Service Account:
Central Administration > Operations > Services on Server > Office SharePoint Server Search Service Settings
Farm Search Service Account
- To grant your Search Service Account the Manage User Profiles Permission
Shared Services Administration: SharedServices YourMoss > Manage Permission
If the account from 1.2 is not listed, add it. If it already exists, modify it.
Choose Permission
Grant your account the Manage user profiles permissions
- Dan
Comments
- Anonymous
January 01, 2011
I faced same problem, I found this link too: msmvps.com/.../another-error-message-access-denied-on-profile-import.aspx it says, we have to do this for content access acount and app pool account which is wrong. I gave manage user profile to my farm search service account, but it was not enough. We have to add search service account to Viwers group of SSP site through Site Actions menu, then Advanced Permission.