Skip to Content
avatar image
Former Member

Error by grant privileges to _sys_repo

Hi experts,

I have the following basic question about _sys_repo user and the ability to see the content of an attribute view :

I have created new schema and 2 new tables from the repository with my user MOO, after activation the objects. I give meself the select privileges on the schema :

i have tried :

GRANT SELECT ON SCHEMA "ADEL_SCHEMA" TO _SYS_REPO WITH GRANT OPTION;

i get the error : insufficient privilege: Not authorized

so i solve this issue with :

call _SYS_REPO.GRANT_SCHEMA_PRIVILEGE_ON_ACTIVATED_CONTENT('select','<SCHEMANAME>','MOO');


so far so good , i can access the schema and see the content of the tables.


After that i have created an attribute view using the 2 tables : the problem i can not see the content of the view.

The only solution is given in more than a post is :


GRANT SELECT ON SCHEMA <YOUR SCHEMA> TO _SYS_REPO WITH GRANT OPTION;


1.My First question : I acticated the table, so _sys_repo is the owner of those objects. Has _sys_repo also access to the table and to schema  ?


2. why i have to grant the privileges on my schema to _sys_pro ? i want to see the content of the attribute view with my user.


3. Trying to execute :

GRANT SELECT ON SCHEMA <YOUR SCHEMA> TO _SYS_REPO WITH GRANT OPTION;

I get the error :

insufficient privilege: Not authorized


Thanks in advance,


Best Regards

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    May 19, 2014 at 06:27 PM

    The select statement gives _SYS_REPO as owner of the schema. I understand that is not possible to log in with _SYS_REPO.

    The objects of the schema are created from the repository with.hdbschema and .hdbtables files.

    The solution what i used is to give my user the role with the name 'MODELING'.

    I don't know of this is the best/right solution.

    Regards

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I think I missed your original comment that you could not access the VIEWS, but could see the schema tables. That tells me that you likely had no analytic privileges to access the views. What likely happened is that via MODELING you received AP "BI_CP_ALL", which allows you to execute any view in the system. Since SYS_REPO already owned the schema, he could already read the base data.

      The approach you mention is suitable for developers (CP_ALL), but for other groups of end users, you'll likely want to restrict what models they can see.

      Regards,

      Justin

  • avatar image
    Former Member
    May 19, 2014 at 02:54 PM

    1. SYS_REPO owns the column views and procedure definitions found in SYS_BIC, it does not inherently have any other object privileges to the underlying sources.

    2. As explained above, SYS_REPO is the user that owns and executes the models and procedures. That user also needs authorization to read the source tables AND relay the information (grant) to the user who is calling the view.

    3. The actual owner of the schema needs to grant SELECT access grantable to SYS_REPO to make this happen. You seem to have the correct SQL statement shown there to accomplish this, you just need to make sure you are logged in as the owner of the schema when you attempt to execute. To see the owner of the schema, try SELECT * FROM "SYS"."OWNERSHIP" WHERE "SCHEMA_NAME" = <YOURSCHEMA>, this will validate that which user you need to be logged in as in order to grant the access.

    Regards,

    Justin

    Add comment
    10|10000 characters needed characters exceeded