Hi

We have a number of calculation views created in various packages, on top of these calculation views we have several odata services, lets say for purpose of explanation, 2 odata services, each one using its own calculation view.

I have 2 users,

User 1 has been granted select only on CV 1

User 2 Has been granted Select only on CV 2

When user 1 or 2 calls the odata service and authenticate , i get the following error:

<error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"> <code/> <message xml:lang="en-US">Service exception: [258] insufficient privilege</message> </error>

If i then grant _SYS_BIC_CP_ALL to user 1 only, and test , both of the odata services (i.e. 1 and 2) return data with no error while using user 1. user 2 , neither work.

This _SYS_BIC_CP_ALL seems to be a all or nothing privileged, and seems to ignore the select permission on the underlying object that the odata service is based on.

How do i ensure that i can achieve restrictions on a specific user being able to call only the selected cv's and odata services that they have permissions to.

It also seems like the only way to get the odata service's working is to grant _SYS_BIC_CP_ALL. but then everyone has access to everything.

Is there another way or what am i missing on the permissions

(PS SELECT and EXEC on SYS_BIC and SYS_REPO has also been granted as well as CATALOG READ and root Package permissions) are these all necessary and i granted root package because nothing changed when i granted the respective package from the tree, so i covered my bases by granting root.