Resolution for Event ID 7888 - Only site admin can access Data Source object from user profile DB

Resolution for Event ID 7888 - Only site admin can access Data Source object from user profile DB

  • Comments 1
  • Likes

After a recent implementation of MOSS 2007 (least privilege), I was going through the event viewer to ensure everything was running without hiccups and I discovered that II had an Event ID: 7888 in the logs.

clip_image002[4]

Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Date: 9/5/2008
Time: 3:00:01 PM
User: N/A
Computer: YOURMOSSSERVER
Description:
A runtime exception was detected. Details follow.
Message: Access Denied! Only site admin can access Data Source object from user profile DB.

Techinal Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

I had a few of these errors, and after a little digging, noticed it was occurring when a profile import was occurring. Since I was using least privilege, I first assumed that the profile access account didn’t have correct permissions. Bad assumption… the profiles were being imported, so that really couldn’t have been it.

 

In the end, I finally resolved the issue by granting the SharePoint Search Service account the Manage User Profiles permission.

  1. To obtain your Search Service Account:
    1. Central Administration > Operations > Services on Server > Office SharePoint Server Search Service Settings
    2. Farm Search Service Account

      clip_image004[4]
  2. To grant your Search Service Account the Manage User Profiles Permission
    1. Shared Services Administration: SharedServices YourMoss > Manage Permission
    2. If the account from 1.2 is not listed, add it. If it already exists, modify it.

      clip_image006[4]
    3. Choose Permission
      1. Grant your account the Manage user profiles permissions

        clip_image008[4]

- Dan

Comments
  • I faced same problem, I found this link too: msmvps.com/.../another-error-message-access-denied-on-profile-import.aspx

    it says, we have to do this for content access acount and app pool account which is wrong.

    I gave manage user profile to my farm search service account, but it was not enough. We have to add search service account to Viwers group of SSP site through Site Actions menu, then Advanced Permission.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment