Skip to Content

Access XS Classic Schema from XSA HDI container

Nov 03, 2017 at 08:55 AM


avatar image


I have an existing XS Classic Schema (MY_XS_CLASSIC_SCHEMA) created via a .hdbschema file in my HANA system.

I need to access the tables in this existing XS Classic schema from a new XS Advanced HDI container (MYHDI)

I defined a user provided service for this purpose. This service was created using a HANA database user (XS_CLASSIC_USER) that has SELECT access to the existing XS classic Schema.

The mta.yaml file was modified to add the user provided service and a .hdbgrant file is defined in the HDI container.

Now when i build the HDI container i get the below error.

Error: Error executing: GRANT "SELECT" ON SCHEMA "MY_XS_CLASSIC_SCHEMA" TO "MYHDI_HDI_MYHDIDBMODULE_1#OO";(nested message: insufficient privilege: Not authorized)

The user I used to create the User Provided Service has the SELECT access for the XS classic schema but don't have the GRANTABLE option. Is that the issue?

If yes then how can I create a HANA data base user in XS Classic which has a SELECT object privilege to a hdbschema with GRANTABLE option? I tried logging in with the SYSTEM user and running the below command but it fails with an authorization issue.


Thanks for your help,

Lijo John

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Michael Healy
Nov 03, 2017 at 11:24 PM

you need to get the original owner of the schema to grant the select to the new user with GRANTABLE TO OTHERS.

SYSTEM will also fail. SYSTEM is not GOD user, only the owner can grant other users the ability to grant further.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Michael,

The problem here is that the XS classic Schema is defined in a .hdbschema file. My understanding is that in such cases the generated runtime schema is owned by _SYS_REPO and there is no way I can login as the SCHEMA user and provide GRANTABLE access to other others.

Michael Healy
Nov 06, 2017 at 08:06 PM

If you look here:

It states:

Please be aware that if you find that the owner of an object is _SYS_REPO, this is not as straight forward as logging in as _SYS_REPO as this is not possible because SYS_REPO is a technical database user used by the SAP HANA repository. The repository consists of packages that contain design time versions of various objects, such as attribute views, analytic views, calculation views, procedures, analytic privileges, and roles. _SYS_REPO is the owner of all objects in the repository, as well as their activated runtime versions.

You have to create a .hdbrole file which which gives the access ( Development type of role, giving select, execute, insert etc access) on this schema. You then assign this role to the user who is trying to access the object.

10 |10000 characters needed characters left characters exceeded
Dirk Raschke Nov 06, 2017 at 08:20 PM
10 |10000 characters needed characters left characters exceeded