Skip to Content

Create and access HDI content via NodeJS (HDB)

I have an MTA application with a DB and Node module. Now I would like to create e.g. a table type from Node. Unfortunately, the user I am using seems to not have the necessary rights for that task. I connect the following way (binding between my module is defined in the yaml file):

// Get HANA connection details
try {
	var options = xsenv.getServices({
		hana: {tag: "hana"}
	});
} catch (err) {
	console.error("[WARN]", err.message);
}

var client = hdb.createClient({
	host: options.hana.host,
	port: options.hana.port,
	user: options.hana.user,
	password: options.hana.password
});

The user start with "SBSS_71605140660360133...". I can connect successfully. However, I am not able to call procedures or execute create statements. I get the following error message: "ERR error { [Error: insufficient privilege: Not authorized]".

Do I not use the technical user of the HDI container itself? Shouldn't he have all the rights?

I saw the following code snippet: https://developers.sap.com/tutorials/xsa-node-dbaccess.html. But I am not sure why the following line retrieves the client object. Where do they set the connection details?

 var client = req.db;

I do not want to use XSJS. Just NodeJS, connect to my HDI container, call procedures and create types and tables. Can you please provide some help? I did a lot of research by I don't get the concept and cannot figure out how to achieve that.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Feb 03, 2019 at 04:28 PM

    You can't do DML - no create operations!

    Only create objects via HDI design time - a different technical user is used then.

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Thomas, we have a similar situation related with the HDI container and authorizations, and I´d like to share with you an alternative solution and a new problem generated by it.

      We are implemented a Java application (Spring Boot, Spring Data, Hibernate, Flyway, etc.) and we need to created the database objects through the application (using Hibernate and Flyway), during the deploy on SCP Cloud Foundry, and we had the same error:

      [Error: insufficient privilege: Not authorized]

      So, based on SAP tutorials and samples, we created a HDB module deployed by a MTA file and inside this module we configured the required roles (CREATE, SELECT, INSERT, etc.) using the default_access_role. In this way, we could create the database objects in the HDI container successfully!

      But, now we have a serious side effect: if we undeploy the java application from SCP Cloud Foundry, all database objects and data created by the application are automatically delete from the HDI container schema (become empty)!

      Could you help us with this problem/behavior in the HDI container?

      Best Regards,

      Fabiano Rosa

  • Posted on Feb 01, 2019 at 04:49 PM

    What are you getting the unauthorized on? Yes you are connected as the container application technical user, but that doesn't give you DML rights to the container for instance.

    As far as the req.db, this is when you are using Express with hdbext as the middleware. Express connects to the DB for you on each http request.

    If you want to try to get the concepts down, you might like these videos:

    https://www.youtube.com/watch?v=cvYHSmK6k_Q

    https://www.youtube.com/watch?v=OXIQ4yBOHEE

    Add a comment
    10|10000 characters needed characters exceeded

    • Thanks Thomas! I followed some tutorials and I made it work so "req.db" works now. But the error stayed:

      That is how one of my routes look like:

      app.get("/example3", function(req, res) {
      		var client = req.db;
      		async.waterfall([
      
      
      			function prepare(callback) {
      				client.prepare("create type tt1 as table (i INT)",
      					function(err, statement) {
      						callback(null, err, statement);
      					});
      			},
      
      
      			function execute(err, statement, callback) {
      				console.log(err);
      				statement.exec([], function(execErr, results) {
      					callback(null, execErr, results);
      				});
      			},
      			function response(err, results, callback) {
      				if (err) {
      					res.type("text/plain").status(500).send("ERROR: " + err.toString());
      					return;
      				} else {
      					var result = JSON.stringify({
      						Objects: results
      					});
      					res.type("application/json").status(200).send(result);
      				}
      				callback();
      			}
      		]);
      	});

      My error statement:

      console.log(err);

      will print:

      { [Error: insufficient privilege: Not authorized]

      I get that the user I am connected with does not have DML rights. I haven't watched your videos fully yet. Is it possible for you to point me to the specific place in the video where DML is explained or some other source?

  • Posted on Feb 07, 2019 at 05:07 PM

    @Fabiano Rosa

    Don't use an HDI resource. Use a normal Schema HANA resource instead if you are going to self-manage the DB objects.

    Add a comment
    10|10000 characters needed characters exceeded

    • Thomas, thanks for the orientation! We will evaluate the HANA Schema approach in our development. One more question: SAP has some guideline or documentation with the best practices to use the SCP CF HANA Servce plans (HDI, Schema, etc.) in the development?

      Best regards,

      Fabiano Rosa

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.