Skip to Content
1

Using APL - Granting rights to a user in hdbrole file - not authorized to access the object

Jan 28, 2017 at 11:08 AM

86

avatar image

Hi,

in order to use the APL, a user has to have two roles: AFL__SYS_AFL_APL_AREA_EXECUTE and AFLPM_CREATOR_ERASER_EXECUTE.

My application is deployed on a tenant db. I am trying to give this roles to dinamically created technical users using the "global_role" in my .hdbrole file:

{
     "role": {
     "name": "xyz.db.roles::technicalUserRole",
     "global_roles":[ 
       "AFL__SYS_AFL_APL_AREA_EXECUTE",
       "AFLPM_CREATOR_ERASER_EXECUTE"
     ],
     "schema_privileges": [{
       "privileges": [
         "CREATE ANY", 
         "CREATE TEMPORARY TABLE", 
         "DELETE", 
         "DROP", 
         "EXECUTE", 
         "INSERT", 
         "REFERENCES", 
         "SELECT",
         "UPDATE",
         "SELECT CDS METADATA",
         "SELECT METADATA",
         "UPDATE"
       ]
     }]
   }
}

I gert the error:

==> Error: com.sap.hana.di.role: "AFLPM_CREATOR_ERASER_EXECUTE": not authorized to access the referenced object [8207018]

I get the error, even if I use the roles used in the examples in the documentation pages:

"global_roles":[ 
      "MODELING", 
      "DATA ADMIN" 
    ],

==> Error: com.sap.hana.di.role: "MODELING": not authorized to access the referenced object [8207018].

Does somebody know, why this error occurs?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers