I'm sure that EVERYONE knows this, and I've just been in a cave…
I've had to do a bit of User Profile editing. When going in through Central Administration, clicking on the Shared Services 1 site, and then clicking on User Profiles, my ID was not authorized to view the user profiles. I had to log in and the <local machine>/Administrator to do the work. Not big deal, but I could not for the life of me find where that account was set "in charge" and where to make my user account have the same level of authority.
I had gone into the blue "Site Actions"->"Site Settings" area from the main Central Administration home page and tried to add my ID there…but nothing worked.
Finally, for no apparent reason, I click on the "Site Actions" from the SharedServices1 site. From there "Site Settings" and a new entry under the Users Permissions area, "Site collection administrators". I added my ID to the list and BAM…my ID can administer user profiles.
Apparently, the SharedServices1 site has different permissions from the Central Administration site. It makes sense, now that I know…but not knowing has frustrated me for the longest time.
jeff102410