on 06-07-2018 1:38 PM
Hi!
What additional steps are required to GRANT IMPORT TO XSA_DEV via .hdbrole in HDB module?
This syntax
{
"role": {
"name": "myapp.db::app_access_role",
"system_privileges":[
"IMPORT"
]
}
}
throws a following build error
Deploying "src/default_access_role.hdbrole"... Error: com.sap.hana.di.role: Could not create the role definition in the database [8254541] at "src/default_access_role.hdbrole" (0:0) Error: com.sap.hana.di.role: Database error 258: : insufficient privilege: Not authorized [8201003] at "src/default_access_role.hdbrole" (0:0) Error: com.sap.hana.di.role: Deploying "src/default_access_role.hdbrole"... failed [8212145] at "src/default_access_role.hdbrole" (0:0)
This is absolutely weird because to XSA_DEV is the owner of the HDI container.
GRANT ROLE ADMIN TO XSA_DEV;
on SYSTEM database didn't help either.
Suggestion to address this question to my BASIS/Admin/Security team can't be accepted as answers, and any comments are welcome.
The error message you posted is from default_access_role.hdbrole, but your example is named myapp.db::app_access_role. So which is it? Is this error the correct error? Perhaps you need to show us the content in your default_access_role as well.
>This is absolutely weird because to XSA_DEV is the owner of the HDI container.
I don't see XSA_DEV is the owner of the container. The owner is the generated technical user. XSA_DEV would be your business user and has nothing to do with granting rights to the container.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Thomas!
Below src/defaults/default_access_role.hdbrole
{
"role": {
"name": "default_access_role",
"schema_privileges": [{
"privileges": [
"CREATE ANY",
"SELECT",
"INSERT",
"UPDATE",
"DELETE",
"ALTER",
"EXECUTE"
]
}
],
"system_privileges":[
"IMPORT"
]
}
}
raise
Processing work list... Undeploying "src/defaults/default_access_role.hdbrole"... Undeploying "src/defaults/default_access_role.hdbrole"... ok Deploying "src/defaults/default_access_role.hdbrole"... Error: com.sap.hana.di.role: Could not create the role definition in the database [8254541] at "src/defaults/default_access_role.hdbrole" (0:0) Error: com.sap.hana.di.role: Database error 258: : insufficient privilege: Not authorized [8201003] at "src/defaults/default_access_role.hdbrole" (0:0) Error: com.sap.hana.di.role: Deploying "src/defaults/default_access_role.hdbrole"... failed [8212145] at "src/defaults/default_access_role.hdbrole" (0:0) Warning: Worker 1 running the "com.sap.hana.di.role" plugin has encountered an error while deploying 1 objects [8212030] Warning: Command failed [8210001] Error: Worker 1 has encountered an error; all remaining jobs will be canceled [8214600] Error: Processing work list... failed [8212102] Make failed (4 errors, 1 warnings): tried to deploy 1 files, undeploy 0 files, redeploy 0 dependent files Error: Making... failed [8211605]
If I remove "system_privileges" part it is building successfully.
P.S.
Lately on HANA 2.0 SPS03 ports mode I used a workaround defined in SAP HANA Administration Guide - Grant a User a Role from the Container's Schema to grant INSERT & IMPORT roles to my DTS_USER but I can't make it work in FQDN mode as "GRANT_CONTAINER_SCHEMA_ROLES" now raise
Database error 332: : invalid user name: DTS_USER: line 1 col 43 (at pos 42)
thomas.jung - I have the similar issue while having SYSTEM Privilege in hdbrole in HDI Container.
How to overcome this issue?
Deploying "src/admin_roles/REGULARBASIS.hdbrole"... Error: com.sap.hana.di.role: Could not create the role definition in the database [8254541] at "src/admin_roles/REGULARBASIS.hdbrole" (0:0) Error: com.sap.hana.di.role: Database error 258: : insufficient privilege: Detailed info for this error can be found with guid 'F238F5DFEAFD3F478AA93D7A3BCB47B5', extracted detailed information: user "ADMIN_ROLES_1#OO" is not allowed to grant (or revoke) the privilege "ADAPTER ADMIN" for object ""."" of type "" [8201003] at "src/admin_roles/REGULARBASIS.hdbrole" (0:0) Error: com.sap.hana.di.role: Deploying "src/admin_roles/REGULARBASIS.hdbrole"... failed [8212145] at "src/admin_roles/REGULARBASIS.hdbrole" (0:0) Warning: Worker 0 running the "com.sap.hana.di.role" plugin has encountered an error while deploying 1 objects [8212030] Error: Worker 0 has encountered an error; all remaining jobs will be canceled [8214600] Error: Processing work list... failed [8212102]
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.