cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles To Assign for SQL command XSJS

Former Member

on ‎07-11-2017 11:34 AM

0 Kudos

Hi,

I have been trying to create an anonymous connection to my xsjs service that performs some SELECT sql commands on an hdbtable. I however have done so unsuccessfully. Whenever I go to my xsjs service as http, (/service.xsjs?commandSlot=commandValue) it prompts me to login.

For reference I followed this guide:

https://help.sap.com/doc/52715f71adba4aaeb480d946c742d1f6/2.0.00/en-US/740f8789a73340c2879246ebbaff6...

In the .sqlcc file the line "role_for_auto_user : (role) " defines the role to be granted whenever any user calls on my xsjs service. I have tried various roles and none of them have made my connection to my xsjs service anonymous. Instead, I always see a SAP HANA login prompt window.

Also the login prompt window says : "The server (server name) is asking for your username and password. The server reports that it is from SAP HDB System."

Any suggestions?

-Diana

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-12-2017 10:35 AM

Hey! So I was not working with OData at all just with a xsjs file that made SQL select calls to a dataservice, my solution was the following. This post by Beat Gut helped me out (https://archive.sap.com/discussions/thread/3689217) as well as this a video on how to set up an anon connection by Philip Mugglestone (https://www.youtube.com/watch?v=wXes4QJ1tuQ).

Roles that one needs to access Web IDE, and XS Admin:

sap.hana.ide.roles::Developer

sap.hana.xs.admin.roles::HTTPDestAdministrator

sap.hana.xs.admin.roles::HTTPDestViewer

sap.hana.xs.admin.roles::RuntimeConfAdministrator

sap.hana.xs.admin.roles::RuntimeConfViewer

1. Create an hdbrole. You can do this on the Web IDE (https://(....)trial.hanatrial.ondemand.com/sap/hana/ide/editor)or on SAP HANA studio. In Web IDE, you just right click on your application, and click New, then Role. Then right click on your newly created role, select Open With, Text Editor. In between the curly brackets defining your role type:

sql object <application name>::<hdbtable name (without the .hdbtable extension)>: SELECT, INSERT, UPDATE, DELETE;

For example:

2. Now create an xssqlcc connection to your xsjs service. This is simply the connection that will use the .hdbrole we just created in (2). Any user that attempts to access your xsjs service will connect to the database with this xsqlcc. To do this, create a file with the .xssqlcc extension. For example, 'anonymousConnection.xssqlcc'. Here you will insert the text:

{

"description" : "Insert description here",

"role_for_auto_user" : "<application name>::<hdbrole file name (without the .hdbrole extension)>"

}

Activate.

For example:

3. Go to XS Admin (https://(....)trial.hanatrial.ondemand.com/sap/hana/xs/admin/) and activate your role. To do this, select your package on the left hand side, click on your role and then click on Activate.

4. Go to your .xsaccess file. Set authentication to null. So make sure you have the line:

"authentication" : null,

in your file. Most of the time, this line is set up to "Basic" or form method or something.

5. Go to your xsjs file. Wherever you have your statement: $.db.getConnection(), replace this with $.db.getConnection("<application name>::<xssqlcc file name (without the .xsqlcc extension)>").

For example:

6. I think that is all. Run your xsjs service and see if it launches for anyone.

For example

Show replies
Show replies
architectSAP
Active Contributor
‎07-11-2017 12:24 PM
0 Kudos

Hello Diana,

AS part of this blog I explain how to make a XSJS OData service anonymously available:

Measure your Raspberry Pi sensor data on the go with the Smart Business Service

Best regards

Frank

Show replies
Show replies
Former Member
‎07-11-2017 1:44 PM
0 Kudos

Thank You. I am working on assigning the right privileges on my own role. I was wondering, if there was a role I could simply refer to in my "role_for_auto_user" line that I could refer to?

architectSAP
Active Contributor
‎07-11-2017 1:58 PM
0 Kudos

Hello Diana,

As described in my blog, you have to create that role, in my case:

role blog::anonymous
{
catalog sql object "_SYS_BIC"."blog/c4pa": //Objecttype: VIEW
	SELECT;
catalog analytic privilege : "_SYS_BI_CP_ALL";
}

Then you assign this role to "role_for_auto_user":

{
    "description" : "anonymous",
    "role_for_auto_user" : "blog::anonymous"
}

Best regards

Frank

Former Member
‎07-11-2017 2:04 PM
0 Kudos

I was just wondering if there was a premade role that one could refer to.

Ask a Question