Recently in one of my SharePoint 2010 PerformancePoint environments, I came across an event log with the following error:
Failed to read the acls for an item. Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))
Although I didn’t notice any issues in the environment, I suspected that this was not normal and proceeded to resolve. The following steps allowed me to eliminate the error from occurring any longer:
- From Central Administration, go to Application Management > Manage Service Applications and then click on the Secure Store Service Application.
- Put a check in the box next to the Target Application ID used for PerformancePoint Service and then click on Generate New Key from the ribbon.
- Next, open the SharePoint 2010 Management Shell (PowerShell) and enter the following commands:
PS> $w = Get-SPWebApplication -Identity [http://yourwebapplication]
PS> $w.GrantAccessTo ProcessIdentity([domain\serviceaccount])
This PowerShell command does three things: It creates a new user (or makes sure the service account has permissions) for the contentdb for this web application, it makes the user a member of the db_owner role, and it creates a new schema for the user.
In my case the service account appeared to have the DB rights it needed, but something wasn’t 100% right, but the powershell commands resolved.