Resolution for Event ID 7888 - Only site admin can access Data Source object from user profile DB
After a recent implementation of MOSS 2007 (least privilege), I was going through the event viewer to ensure everything was running without hiccups and I discovered that II had an Event ID: 7888 in the logs.
![clip_image002[4]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/83/96/metablogapi/2474.clip_image0024_180706CB.jpg)
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Date: 9/5/2008
Time: 3:00:01 PM
User: N/A
Computer: YOURMOSSSERVER
Description:
A runtime exception was detected. Details follow.
Message: Access Denied! Only site admin can access Data Source object from user profile DB.
Techinal Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)
For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp .
I had a few of these errors, and after a little digging, noticed it was occurring when a profile import was occurring. Since I was using least privilege, I first assumed that the profile access account didn’t have correct permissions. Bad assumption… the profiles were being imported, so that really couldn’t have been it.
In the end, I finally resolved the issue by granting the SharePoint Search Service account the Manage User Profiles permission.
- To obtain your Search Service Account:
Central Administration > Operations > Services on Server > Office SharePoint Server Search Service Settings
Farm Search Service Account
![clip_image004[4]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/83/96/metablogapi/7178.clip_image0044_2FBE3E31.jpg)
- To grant your Search Service Account the Manage User Profiles Permission
Shared Services Administration: SharedServices YourMoss > Manage Permission
If the account from 1.2 is not listed, add it. If it already exists, modify it.
![clip_image006[4]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/83/96/metablogapi/8750.clip_image0064_360514BF.jpg)
Choose Permission
Grant your account the Manage user profiles permissions
![clip_image008[4]](https://msdntnarchive.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/83/96/metablogapi/2388.clip_image0084_7562C84F.jpg)
- Dan