After a recent implementation of MOSS 2007 (least privilege), I was going through the event viewer to ensure everything was running without hiccups and I discovered that II had an Event ID: 7888 in the logs.
Event Type: Error Event Source: Office SharePoint Server Event Category: Office Server General Event ID: 7888 Date: 9/5/2008 Time: 3:00:01 PM User: N/A Computer: YOURMOSSSERVER Description: A runtime exception was detected. Details follow. Message: Access Denied! Only site admin can access Data Source object from user profile DB.
Techinal Details: System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB. at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource() at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I had a few of these errors, and after a little digging, noticed it was occurring when a profile import was occurring. Since I was using least privilege, I first assumed that the profile access account didn’t have correct permissions. Bad assumption… the profiles were being imported, so that really couldn’t have been it.
In the end, I finally resolved the issue by granting the SharePoint Search Service account the Manage User Profiles permission.
I faced same problem, I found this link too: msmvps.com/.../another-error-message-access-denied-on-profile-import.aspx
it says, we have to do this for content access acount and app pool account which is wrong.
I gave manage user profile to my farm search service account, but it was not enough. We have to add search service account to Viwers group of SSP site through Site Actions menu, then Advanced Permission.