cancel
Showing results for 
Search instead for 
Did you mean: 

insufficient privilege during select

0 Kudos

Hello,

we are trying to execute a select on a hana column view created by sap bw.

Select Statement from bo explorer:
SELECT "ZX_PROJAH" AS "ALIAS_0412B065" , "ZX_CUSTOM___T" AS "ALIAS_7EB67647" , "ZX_CUSTOM" AS "ALIAS_EE0FEF92" , "ZX_PROMON" AS "ALIAS_0412BD60" , "ZX_PRODGR___T" AS "ALIAS_2E5B30D8" , "ZX_PRODGR" AS "ALIAS_04129AA3" , "ZX_COUNTR___T" AS "ALIAS_A0478319" , "ZX_COUNTR" AS "ALIAS_EDBC3564" , SUM("ZX_REKLA") AS "ALIAS_67F03444"  FROM "_SYS_BIC"."system-local.bw.bw2hana/ZX_CUBE01" GROUP BY GROUPING SETS LIMIT 26 MULTIPLE RESULTSETS  ((("ZX_PROJAH") ORDER BY ALIAS_67F03444 DESC ,ALIAS_0412B065 ASC ),(("ZX_CUSTOM___T", "ZX_CUSTOM") ORDER BY ALIAS_67F03444 DESC ,ALIAS_7EB67647 ASC ),(("ZX_PROMON") ORDER BY ALIAS_67F03444 DESC ,ALIAS_0412BD60 ASC ),(("ZX_PRODGR___T", "ZX_PRODGR") ORDER BY ALIAS_67F03444 DESC ,ALIAS_2E5B30D8 ASC ),(("ZX_COUNTR___T", "ZX_COUNTR") ORDER BY ALIAS_67F03444 DESC ,ALIAS_A0478319 ASC )) WITH PARAMETERS( 'locale'='de_DE' )

Create Statement of HANA Studio column view:
CREATE COLUMN VIEW "_SYS_BIC"."system-local.bw.bw2hana/ZX_CUBE01" WITH PARAMETERS (indexType=5,
  joinIndex="SAPETB"."/BI0/SCALYEAR",
joinIndexType=2,
joinIndexEstimation=0,
  joinIndex="SAPETB"."/BI0/SDATE",
joinIndexType=2,
joinIndexEstimation=0,
....

We are using the user ROEMER to execute the statement.

The user ROEMER has following
granted roles:
- modeling
- user
- public
- AFL__SYS_AFL_AFLPAL_EXECUTE_WITH_GRANT_OPTION
object privileges:
- _SYS_BI grantor _SYS_REPO
- _SYS_BIC grantor SAPETB
- _SYS_BIC grantor _SYS_REPO
- _SYS_BIC grantor SYSTEM
- _SYS_REPO grantor SYSTEM
- REPOSITORY_REST grantor SYSTEM
- ROEMER grantor SYS
- SAPETB grantor SAPEPB
- SYSTEM grantor SYSTEM
analytic privileges:
_SYS_BI_CP_ALL

As you see, we have tried many combinations of SCHEMA and USER with the GRANT Statements
GRANT SELECT ON SCHEMA <SCHEMA> TO <USER>;
GRANT SELECT ON SCHEMA <SCHEMA> TO _SYS_REPO WITH GRANT OPTION;

Anyway we get the error of unsufficient privileges:
Could not execute 'SELECT "ZX_PROJAH" AS "ALIAS_0412B065" , "ZX_CUSTOM___T" AS "ALIAS_7EB67647" , "ZX_CUSTOM" AS ...'
SAP DBTech JDBC: [258]: insufficient privilege

Which privileges and roles are neccessary?
What is missing?

Best Regards
Andreas

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hello,

we have found a solution lately due to Information from an education.

The procedure checks the table RS2HANA_AUTH_STR with the DB-User. So we added the user to this table manually.

I think, this is only a workaround, until SAP can answer this threat.

Best Regards

Andreas

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi All,

Did you find the solution?

I have the same issue, Invalid definition of structured privilege: Invalid filter condition but the Oss note is not clear.

Thanks

lbreddemann
Active Contributor
0 Kudos

The view will likely have some analytical privileges assigned it (looks like a BW generated view). If the user doesn't have the required AP for that view, (s)he won't be able to access it.

0 Kudos

Thank you, I have added the AP bw2hana/SAPETB_ZX_CUBE01_REPORTING

Now I get the next error, I will analyse it:

Could not execute 'SELECT "ZX_PROJAH" AS "ALIAS_0412B065" , "ZX_CUSTOM___T" AS "ALIAS_7EB67647" , "ZX_CUSTOM" AS ...'

SAP DBTech JDBC: [485]: invalid definition of structured privilege: Invalid filter condition

Former Member
0 Kudos

Hi Andreas,

Did you find the solution for the error  "[485]: invalid definition of structured privilege: Invalid filter condition". We are running into the same issue. Would appreciate if you could share.

former_member183326
Active Contributor
0 Kudos

Hello,

Doing a simple search you can see:

2250455 - SAP DBTech JDBC 485 - Invalid definition of structured privilege: Invalid filter condition

Have you checked this?

Former Member
0 Kudos

Thank you Michael - I found this note yesterday and we're looking into this now. Will update if the issue is resolved.

Former Member
0 Kudos

Update: We followed the following instructions from the above oss note.  The step 3 was not clear. We are not sure what needs to be fixed in the procedure. Can someone help with this please?

Resolution

Please do the following:

  1. Grant the EXECUTE privilege on the procedure _SYS_BIC.bw2hana/<Schema>_CZZCV04_REPORTING to the user.
  2. Use this user to execute CALL "_SYS_BIC"."bw2hana/<Schema>_CZZCV04_REPORTING"(?).
  3. Fix the procedure so that it will return a valid filter string.
  4. Revoke the EXECUTE privilege on the procedure  _SYS_BIC.bw2hana/<Schema>_CZZCV04_REPORTING from the user.
lucas_oliveira
Advisor
Advisor
0 Kudos

Hi,

I believe that means you're using a dynamic analytic privilege and the filters are being created by a procedure.. That needs a fix in order to provide valid filters.

BRs,

Lucas de Oliveira

Former Member
0 Kudos

Hi Lucas,

I am also getting this same error and as mentioned by other people here, note 2250455 does not give a clear solution. It just says "Fix the procedure so that it will return a valid filter string". Could you please help me understand what to fix in the procedure?

And also this issue is not only with a single analytic view. Any new analytic view created is giving the same error. So I think something has to be fixed centrally which will fix this issue with all the analytic views and prevent it from occurring again for a new view created.

Thanks,
Arindam

Former Member
0 Kudos

Hi Puneet,

I am facing the same issue. Can you please help me with a solution?