Skip to Content
avatar image
Former Member

Insufficient privilege: Not authorized at ptime/query/checker/query_check.cc on hdbsequence

Hi All,


I am currently trying to create a table (TOPIC) and a sequence (SEQ_TOPIC_ID) in HCP, and a XSJS service on top of it to insert a entry to the table.

In my XS project, I placed a TOPIC.hdbtable and SEQ_TOPIC_ID.hdbsequence in it. Both table and sequence are generated correctly in my trial account schema in the hana db.


Then,in order to grant the access to the table and sequence , I also placed a file model_access.hdbrole in the project folder.

The content looks like follow:


role i065831trial.bubuwork.TopicCenter::model_access {

    application privilege: i065831trial.bubuwork.TopicCenter::Basic;

    sql object i065831trial.bubuwork.TopicCenter::TOPIC : SELECT,INSERT;

    sql object i065831trial.bubuwork.TopicCenter::SEQ_TOPIC_ID : SELECT, DROP;

}


The issue is, when I call the XSJS service from the web url, I will facing below error:

Error while executing query: [dberror(Connection.prepareStatement): 258 - insufficient privilege: Not

 authorized at ptime/query/checker/query_check.cc:2547]

the role has been granted to my account, and I am able to insert to the table TOPIC without sequence with above role setting, but If I try to read the SEQ_TOPIC_ID, an insufficient privilege will shown up.


My question is: Is following line correct to grant the privilege to a role for sequence ? It does not seem to work for sequence  !

sql object i065831trial.bubuwork.TopicCenter::SEQ_TOPIC_ID : SELECT, DROP;



Thanks very much!

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Mar 20, 2014 at 06:49 AM

    The only possible authorizations on a sequence are SELECT, ALTER, and DROP.  Really only SELECT should be necessary to use the sequence.  Could you perhaps post your XSJS code where you use the sequence?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 25, 2016 at 04:57 PM

    I just had the same problem and was able to solve it. Maybe my answer helps someone in the future.

    To get the nextval from the sequence you usually do "select "xyz".nextval from DUMMY". Now DUMMY is a table. And if you have a restricted user you actually have to give that user access to that table as well. Which I didn't. Kind of stupid.

    So I added

    catalog sql object "SYS"."DUMMY" : SELECT;

    Voila! It worked.

    Add comment
    10|10000 characters needed characters exceeded