Hello Avi,

I got SAP HANA Rules Framework 1.00 SP07 and I tried to activate in the repository via SAP HANA Studio.

Concerning permission, I think my user got all that is needed:

• HrfAdmin
• HrfRuleEditor
• HrfRuleServiceEditor
• HrfRuleViewer

Many thanks in advance again

Frank

Hi Frank,

I would recommend first running the Authorisation Trace (http://scn.sap.com/docs/DOC-68108) to fully check if you have the correct privileges.

Hello Frank,

Please check if you can activate the rule service with the REST API

http://<HOST>:80<INSTANCE>/sap/hrf/service/ruleService/<filepath>/<filename>

Method: POST

use the resource body as the payload.

Best regards, Avi.

Hello Avi,

unfortunately using the REST API runs into the same issue:

Do those details give you any more ideas?

Many thanks again.

Frank Schuler

Hello Michael,

we had been checking the HANA authorization trace, but unfortunately to no avail, since it was not as descriptive as your example.

This is potentially the most relevant fragment of the authorization trace so far, but it still did not lead us to a solution yet:

(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-16,18:00:57.982, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")

[6736]{220462}[25/2071637] 2016-02-16 18:00:57.982210 e REPOSITORY       activator.cpp(01206) : Repository: Activation failed for at least one object;At least one runtime reported an error during activation. Please see CheckResults for details

[6736]{220462}[24/-1] 2016-02-16 18:00:57.982242 e REPOSITORY       activator.cpp(00454) : Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for  detailed information about the root cause. No objects have been activated.

[6736]{220462}[24/-1] 2016-02-16 18:00:57.994075 e REPOSITORY       activator.cpp(00647) : Activator::activateObjects: Activation 223 completed with errors. Session error: Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for  detailed information about the root cause. No objects have been activated.(40136)

Check results with severity "error":

(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-16,18:00:57.982, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")

Would that tell you anything?

Very many thanks for your help yet again

Frank

Hello Frank,

1. In your screenshot it seems that you have used 'undefined' as the file path. you should put there the full path of the package where you would like to activate the rule service.

2. Please make sure that your user has write privilege to the package.

Thanks, Avi.

Hello Avi,

thank you very much for spotting the missing package name and the missing package authorizations.

However, with the correct package name and the package authorizations as you listed them, I know get the exact same error as when trying to activate the HRF Rule Service via the HANA Studio:

Technical error occurred - HrfException: Failed to create repository object: bat::Aggregation.hprruleservice\nError: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized

Unfortunately, as far as I can tell, the authorization trace is not very conclusive either:

[6744]{60031}[8/2071944] 2016-02-17 10:38:22.912718 i TraceContext     TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation, StatementHash=61c02ec40f117a91dae165139d6d6e1b

[6744]{60031}[8/2071944] 2016-02-17 10:38:22.912708 i Authorization    CatalogAuthorizationStorageManager.cpp(00974) : Trying to add DML restriction (ObjectId(30,0,oid=11471), 24 multiple times.

[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990697 i TraceContext     TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation

[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990675 e REPOSITORY       activator.cpp(01129) : activateObjectsInternalFast2: ActivationID 237, activation phase: Runtime sqlproc-runtime reported an error. Session error: No error(0)

Check results with severity "error":

(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-17,10:38:23.990, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")

[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990719 e REPOSITORY       activator.cpp(01206) : Repository: Activation failed for at least one object;At least one runtime reported an error during activation. Please see CheckResults for details

[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990748 e REPOSITORY       activator.cpp(00454) : Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for  detailed information about the root cause. No objects have been activated.

[6725]{60031}[26/2071944] 2016-02-17 10:38:24.001103 e REPOSITORY       activator.cpp(00647) : Activator::activateObjects: Activation 237 completed with errors. Session error: Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for  detailed information about the root cause. No objects have been activated.(40136)

Check results with severity "error":

(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-17,10:38:23.990, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")

[6730]{60031}[26/2071946] 2016-02-17 10:38:24.055193 i TraceContext     TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation

[6730]{60031}[26/2071946] 2016-02-17 10:38:24.055183 e REPOSITORY       sourceCodeMove.cpp(00108) : Inactive object to be activated does not exist in repository.(40112): {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}

[6730]{60031}[26/-1] 2016-02-17 10:38:24.059822 i TraceContext     TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation

[6730]{60031}[26/-1] 2016-02-17 10:38:24.059812 e REPOSITORY       guards.cpp(00355) : CheckAndCommitScope::~CheckAndCommitScope: Unable to checkAndCommitOperation: Repository: Encountered an internal error in the repository code, this is most likely a bug in the implementation(40109)

[6730]{60031}[26/-1] 2016-02-17 10:38:24.060015 e REPOSITORY       repository.cpp(00320) : Fatal activation error: exception  1: no.70040136  (repository/base/activation/activator.cpp:826)

    Repository: Activation failed for at least one object;source code move failed

exception throw location:

1: 0x00007fb95d979467 in repo::RepoException::RepoException(int, ltt_adp::basic_string<char, ltt::char_traits<char>, ltt::integral_constant<bool, true> > const&, char const*, int)+0x33 at repoexception.cpp:31 (libhdbrepocore.so)

2: 0x00007fb95d979549 in repo::GenerateError::GenerateError(int, ltt_adp::basic_string<char, ltt::char_traits<char>, ltt::integral_constant<bool, true> > const&, char const*, int)+0x5 at repoexception.cpp:56 (libhdbrepocore.so)

3: 0x00007fb95da33798 in repo::Activator::activateObjectsInternalFast2(repo::AbstractSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::InactiveVersion const&, ltt_adp::vector<repo::ObjectDataForActivation, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, ltt_adp::vector<Authorization::ObjectId, ltt::integral_constant<bool, true> >&, repo::ObjectDependenciesFacade&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&)+0x5b4 at activator.cpp:826 (libhdbrepocore.so)

4: 0x00007fb95da3c475 in repo::Activator::activateObjects(repo::AbstractSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::InactiveVersion const&, repo::ActivationMode, bool, repo::ObjectDependenciesFacade&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&)+0x701 at activator.cpp:423 (libhdbrepocore.so)

5: 0x00007fb95dc4ea7f in repo::RepositoryBaseFunc::activateObjectsInternal(repo::Activator&, repo::InactiveSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, bool, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&, bool)+0x1eb at repositorybasefunc.cpp:1662 (libhdbrepocore.so)

6: 0x00007fb95dc258e1 in repo::Repository::activateObjects(repo::InactiveSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, int&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&, bool)+0xd20 at repository.cpp:301 (libhdbrepocore.so)

7: 0x00007fb95dc57d2e in repo::RepositoryNet::handle_RepoNetRequest(TrexNet::Request&, TrexService::HandlerContext&)+0x63a at repositoryNet.cpp:830 (libhdbrepocore.so)

8: 0x00007fb9610e5518 in TRexAPI::TREXIndexServer::handle(TrexNet::Request&, TrexService::HandlerContext&)+0x22f4 at TREXIndexServer.cpp:5028 (hdbindexserver)

9: 0x00007fb957d50bf4 in TrexService::WorkerThread::run(void*)+0xa90 at TrexServiceThreads.cpp:584 (libhdbbasement.so)

10: 0x00007fb957d6d776 in TrexThreads::PoolThread::run()+0x842 at PoolThread.cpp:392 (libhdbbasement.so)

11: 0x00007fb957d6f0a0 in TrexThreads::PoolThread::run(void*&)+0x10 at PoolThread.cpp:165 (libhdbbasement.so)

12: 0x00007fb93f94f271 in Execution::Thread::staticMainImp(void**)+0x6f0 at Thread.cpp:461 (libhdbbasis.so)

13: 0x00007fb93f950848 in Execution::Thread::staticMain(void*)+0x34 at ThreadMain.cpp:26 (libhdbbasis.so)

How would this help me to find the missing authorization?

Very many thanks in advance again

Frank

Hi Frank,

Can you provide the Output of the Xsengine Trace file?

I have seen a similar issue where the user did not assign the select privilege on the Object to the _SYS_REPO user in the target system (with 'grantable to other' option?). This would typically cause the error you are seeing?

Hello Michael,

that was exactly it. I had not assigned the package that contains the tables for the HRF vocabulary to the _SYS_REPO user.

Now everything works like a charm.

Many thanks

Frank

Great to hear that this solution has worked for you. Hopefully others will gain from this also.