Skip to Content
-1
Jun 07, 2018 at 12:38 PM

"GRANT IMPORT TO" equivalent in .hdbrole HDI artifact

723 Views Last edit Jul 12, 2018 at 12:24 PM 2 rev

Hi!

What additional steps are required to GRANT IMPORT TO XSA_DEV via .hdbrole in HDB module?

This syntax

{
"role": {
"name": "myapp.db::app_access_role",
    "system_privileges":[ 
    "IMPORT"
    ]
}
}

throws a following build error

Deploying "src/default_access_role.hdbrole"...     Error: com.sap.hana.di.role: Could not create the role definition in the database [8254541]       at "src/default_access_role.hdbrole" (0:0)      Error: com.sap.hana.di.role: Database error 258: : insufficient privilege: Not authorized [8201003]        at "src/default_access_role.hdbrole" (0:0)    Error: com.sap.hana.di.role: Deploying "src/default_access_role.hdbrole"... failed [8212145]      at "src/default_access_role.hdbrole" (0:0)

This is absolutely weird because to XSA_DEV is the owner of the HDI container.

GRANT ROLE ADMIN TO XSA_DEV;

on SYSTEM database didn't help either.

Suggestion to address this question to my BASIS/Admin/Security team can't be accepted as answers, and any comments are welcome.