Skip to Content
0

Roles To Assign for SQL command XSJS

Jul 11, 2017 at 10:34 AM

119

avatar image
Former Member

Hi,

I have been trying to create an anonymous connection to my xsjs service that performs some SELECT sql commands on an hdbtable. I however have done so unsuccessfully. Whenever I go to my xsjs service as http, (/service.xsjs?commandSlot=commandValue) it prompts me to login.

For reference I followed this guide:

https://help.sap.com/doc/52715f71adba4aaeb480d946c742d1f6/2.0.00/en-US/740f8789a73340c2879246ebbaff6d5d.html

In the .sqlcc file the line "role_for_auto_user : (role) " defines the role to be granted whenever any user calls on my xsjs service. I have tried various roles and none of them have made my connection to my xsjs service anonymous. Instead, I always see a SAP HANA login prompt window.

Also the login prompt window says : "The server (server name) is asking for your username and password. The server reports that it is from SAP HDB System."

Any suggestions?

-Diana

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Frank Schuler
Jul 11, 2017 at 11:24 AM
-1

Hello Diana,

AS part of this blog I explain how to make a XSJS OData service anonymously available:

Measure your Raspberry Pi sensor data on the go with the Smart Business Service

Best regards

Frank

Show 3 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thank You. I am working on assigning the right privileges on my own role. I was wondering, if there was a role I could simply refer to in my "role_for_auto_user" line that I could refer to?

0

Hello Diana,

As described in my blog, you have to create that role, in my case:

role blog::anonymous
{
catalog sql object "_SYS_BIC"."blog/c4pa": //Objecttype: VIEW
	SELECT;
catalog analytic privilege : "_SYS_BI_CP_ALL";
}

Then you assign this role to "role_for_auto_user":

{
    "description" : "anonymous",
    "role_for_auto_user" : "blog::anonymous"
}

Best regards

Frank

0
Former Member
Frank Schuler

I was just wondering if there was a premade role that one could refer to.

0
avatar image
Former Member
Jul 12, 2017 at 09:35 AM
0

Hey! So I was not working with OData at all just with a xsjs file that made SQL select calls to a dataservice, my solution was the following. This post by Beat Gut helped me out (https://archive.sap.com/discussions/thread/3689217) as well as this a video on how to set up an anon connection by Philip Mugglestone (https://www.youtube.com/watch?v=wXes4QJ1tuQ).

Roles that one needs to access Web IDE, and XS Admin:

sap.hana.ide.roles::Developer

sap.hana.xs.admin.roles::HTTPDestAdministrator

sap.hana.xs.admin.roles::HTTPDestViewer

sap.hana.xs.admin.roles::RuntimeConfAdministrator

sap.hana.xs.admin.roles::RuntimeConfViewer

1. Create an hdbrole. You can do this on the Web IDE (https://(....)trial.hanatrial.ondemand.com/sap/hana/ide/editor)or on SAP HANA studio. In Web IDE, you just right click on your application, and click New, then Role. Then right click on your newly created role, select Open With, Text Editor. In between the curly brackets defining your role type:

sql object <application name>::<hdbtable name (without the .hdbtable extension)>: SELECT, INSERT, UPDATE, DELETE;

For example:

2. Now create an xssqlcc connection to your xsjs service. This is simply the connection that will use the .hdbrole we just created in (2). Any user that attempts to access your xsjs service will connect to the database with this xsqlcc. To do this, create a file with the .xssqlcc extension. For example, 'anonymousConnection.xssqlcc'. Here you will insert the text:

{

"description" : "Insert description here",

"role_for_auto_user" : "<application name>::<hdbrole file name (without the .hdbrole extension)>"

}

Activate.

For example:

3. Go to XS Admin (https://(....)trial.hanatrial.ondemand.com/sap/hana/xs/admin/) and activate your role. To do this, select your package on the left hand side, click on your role and then click on Activate.

4. Go to your .xsaccess file. Set authentication to null. So make sure you have the line:

"authentication" : null,

in your file. Most of the time, this line is set up to "Basic" or form method or something.

5. Go to your xsjs file. Wherever you have your statement: $.db.getConnection(), replace this with $.db.getConnection("<application name>::<xssqlcc file name (without the .xsqlcc extension)>").

For example:

6. I think that is all. Run your xsjs service and see if it launches for anyone.

For example


screenshot-1.png (229.2 kB)
1.png (85.4 kB)
2.png (78.6 kB)
45.png (54.7 kB)
47.png (100.9 kB)
6.png (35.6 kB)
3-4.png (113.4 kB)
new-item.png (93.9 kB)
new-item-2.png (115.7 kB)
new-item-3.png (86.9 kB)
Share
10 |10000 characters needed characters left characters exceeded