Skip to Content
0
Jan 20, 2023 at 03:33 AM

CAP with classic schema: Error executing: GRANT "" TO "#OO"

305 Views

Hi community,

I am trying to use virtual tables created in a classc schema in a CAP project as described in my previous question.

The project structure looks like below.

project.png

I have set up the following objects.

1. Roles to access the virtual tables

create role VTROLE;
grant select on schema "JDBCUSER" to VTROLE;

create role VTROLE_G;
grant select on schema "JDBCUSER" to VTROLE with grant option;

2. A user who is granted above roles with admin option

create user VTUSER password "password" set usergroup default;
alter user VTUSER disable password lifetime;

grant VTROLE to VTUSER with admin option;
grant VTROLE_G to VTUSER with admin option;

3. A user provided service to access the virtual tables

cf cups demo-inventory-ups -p "{\"user\":\"VTUSER\",\"password\":\"password\",\"tags\":[\"hana\"] , \"schema\" : \"JDBCUSER\" }"

4. .hdbgrants

{
	"cross-schema-ups": {
		"object_owner": {
			"roles": ["VTROLE_G"]
		},
		"application_user": {
			"roles": ["VTROLE"]
		}
	}
}

When I execute "cf deploy", I came across the following error.

insufficient privilege: Detailed info for this error can be found with guid '98426E7F5DAF314786009B03B81C9006')

Error executing: GRANT "VTROLE_G" TO "0DF41154432140A6A45C380671E40976#OO"; (STDERR, APP/TASK/deploy)#

SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS returned the following output.

output.png

However, running "grant VTROLE_G to TEST with admin option" with VTUSER in Database Explorer was successful, so I can say this user has the privilage to to grant the role to other users.

grant-successful.png

What can be the reason for this error?

Best regards,

Mio

Attachments

image.png (9.9 kB)
project.png (6.3 kB)
output.png (9.4 kB)