Skip to Content
0

WEBIDE XSA: Deploy "Enable Access to Objects in a Remote Classic Schema" in Productive System

Jan 05 at 08:54 AM

167

avatar image

Hi,

after we included a grantor service (cups) in our app (Hana on-premise), we are facing the issue that the deploy to the target system fails.

The grantor service does work fine in our DEV system. We followed all the steps, which are described within this sap document:

https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.01/en-US/402944b21b7c4d60a825b3ac69479955.html

In the PROD system (and space) we were creating the cups service again, before we deployed the app. The only difference to the DEV system is the SQL port and the host name, which we changed of course.

We tried it a lot of times, but always the same. The deploying to the target system fails.

The only hint which we found in the logs is that it could have something to do with the hdbgrants file. But I checked everything and really don't understand why this is making us so much trubble.

/app/cfg/TBRS_CSP.hdbgrants

#2.0#2018 01 04 19:31:47.500#+01:00#DEBUG#com.sap.cloud.lm.sl.xs2.161601.name.db#
######com.sap.cloud.lm.sl.cf.process.steps.StepsUtil########pool-6-thread-3###
[PollExecuteTaskStatusStep] [name.db]  [Thu Jan 04 19:31:40 CET 2018]  grantor service: TBRS_CSP-grantor, granting user: TBRS_CSP_GRANTOR (STDERR, APP/2-0/deploy)#

#2.0#2018 01 04 19:31:47.501#+01:00#DEBUG#com.sap.cloud.lm.sl.xs2.161601.name.db#
######com.sap.cloud.lm.sl.cf.process.steps.StepsUtil########pool-6-thread-3###
[PollExecuteTaskStatusStep] [name.db]  [Thu Jan 04 19:31:40 CET 2018]  file name: /hana/shared/../xs/app_working/saphana1/executionroot/675b5652-4b7f-4adc-a829-afb79e3cb3dc/app/cfg/TBRS_CSP.hdbgrants (STDERR, APP/2-0/deploy)#


#2.0#2018 01 04 19:31:47.501#+01:00#DEBUG#com.sap.cloud.lm.sl.xs2.161601.name.db#
######com.sap.cloud.lm.sl.cf.process.steps.StepsUtil########pool-6-thread-3###
[PollExecuteTaskStatusStep] [name.db]  [Thu Jan 04 19:31:40 CET 2018]   (STDERR, APP/2-0/deploy)#


#2.0#2018 01 04 19:31:47.501#+01:00#DEBUG#com.sap.cloud.lm.sl.xs2.161601.name.db#
######com.sap.cloud.lm.sl.cf.process.steps.StepsUtil########pool-6-thread-3###
[PollExecuteTaskStatusStep] [name.db]  [Thu Jan 04 19:31:40 CET 2018]  npm ERR! Linux 4.4.74-92.29-default (STDERR, APP/2-0/deploy)#

To prove this behaviour we were building the same app in a different space of our DEV system. We were creating this grant services again for this space and it worked as expected. We could build it. (Didn't try to deploy it.)

Because we can't include here all of the log files, may be one of you has the chance to watch for it. Its the sap incident 580015 / 2017. There you can find the dmol log file from the deploy and much more.

We are using the latest patches:

XSAC_PORTAL_SERV 1.0.0 
com.sap.xsac_alm_pi_ui 1.12.3
com.sap.core.account 1.0.9 
com.sap.dwf.runtime 2.2.2 
com.sap.xsa.hrtt 2.3.61 
alm-product-installer 1.13.4 
com.sap.devx.di.builder 4.2.20 
com.sap.xsa.admin 1.5.8 
com.sap.devx.webide 4.2.29 
com.sap.xs.auditlog.ui 0.1.0 
com.sap.dwf.tools 2.2.2

Any ideas would be very helpful!

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Dirk Raschke Jan 12 at 02:32 PM
1

It's solved. Forgot to set the Grantor user. :(

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hi Dirk,

Iam kind of struggling with the same issue. When you say that you forgot to set the grantor, what exactly do you mean?

I have created the role with the access permissions and even added the same with sql port and grantor user.

Requesting your valuable suggestions.

Thanks,

Ashwin

0

I'm not really sure, but I assume it had something to do with that....

--create user NAME_GRANTOR password XXXX no force_first_password_change; 
grant "NAME::external_access_appuser", "NAME::external_access_g" to NAME_GRANTOR with admin option;

0

Thanks Dirk. Appreciate your timely response. :)

It looks almost the same, except the schema name user. i will try creating a new user.

Regards,

Ashwin

0

My pleasure. :)

..and check the user that it is not locked and the check for the expected object privileges within the created roles.

Good luck!

0