on 02-13-2016 3:57 PM
Dear HANA Rules Framework experts,
we have been following Noam Gilady's excellent HANA Rules Framework blog with its respective references.
With that, we got everything working including a Vocabulary and Rule.
However, when trying to create a Rule Service, we get an 258 - insufficient privilege: Not authorized error. It looks as if the HRF framework tries to create a procedure in the SAP_HRF schema:
When executing this code from the SQL Console it fails
with an
SAP DBTech JDBC: [411]: invalid table type: Cannot find table type SAP_HRF.bat::Aggregation.OUTPUT.TYPE: line 4 col 30 (at pos 134)
Has anyone come across this before?
Many thanks in advance
Frank
Hello Frank,
- Which HRF version are you using?
- Do you try to activate the rule service in the repository or via REST APIs?
- Did you grant your user with HRF permissions?
Thanks, Avi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Frank,
I would recommend first running the Authorisation Trace (http://scn.sap.com/docs/DOC-68108) to fully check if you have the correct privileges.
Hello Frank,
Please check if you can activate the rule service with the REST API
http://<HOST>:80<INSTANCE>/sap/hrf/service/ruleService/<filepath>/<filename>
Method: POST
use the resource body as the payload.
Best regards, Avi.
Hello Michael,
we had been checking the HANA authorization trace, but unfortunately to no avail, since it was not as descriptive as your example.
This is potentially the most relevant fragment of the authorization trace so far, but it still did not lead us to a solution yet:
(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-16,18:00:57.982, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")
[6736]{220462}[25/2071637] 2016-02-16 18:00:57.982210 e REPOSITORY activator.cpp(01206) : Repository: Activation failed for at least one object;At least one runtime reported an error during activation. Please see CheckResults for details
[6736]{220462}[24/-1] 2016-02-16 18:00:57.982242 e REPOSITORY activator.cpp(00454) : Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for detailed information about the root cause. No objects have been activated.
[6736]{220462}[24/-1] 2016-02-16 18:00:57.994075 e REPOSITORY activator.cpp(00647) : Activator::activateObjects: Activation 223 completed with errors. Session error: Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for detailed information about the root cause. No objects have been activated.(40136)
Check results with severity "error":
(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-16,18:00:57.982, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")
Would that tell you anything?
Very many thanks for your help yet again
Frank
Hello Avi,
thank you very much for spotting the missing package name and the missing package authorizations.
However, with the correct package name and the package authorizations as you listed them, I know get the exact same error as when trying to activate the HRF Rule Service via the HANA Studio:
Technical error occurred - HrfException: Failed to create repository object: bat::Aggregation.hprruleservice\nError: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized
Unfortunately, as far as I can tell, the authorization trace is not very conclusive either:
[6744]{60031}[8/2071944] 2016-02-17 10:38:22.912718 i TraceContext TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation, StatementHash=61c02ec40f117a91dae165139d6d6e1b
[6744]{60031}[8/2071944] 2016-02-17 10:38:22.912708 i Authorization CatalogAuthorizationStorageManager.cpp(00974) : Trying to add DML restriction (ObjectId(30,0,oid=11471), 24 multiple times.
[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990697 i TraceContext TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation
[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990675 e REPOSITORY activator.cpp(01129) : activateObjectsInternalFast2: ActivationID 237, activation phase: Runtime sqlproc-runtime reported an error. Session error: No error(0)
Check results with severity "error":
(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-17,10:38:23.990, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")
[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990719 e REPOSITORY activator.cpp(01206) : Repository: Activation failed for at least one object;At least one runtime reported an error during activation. Please see CheckResults for details
[6725]{60031}[26/2071944] 2016-02-17 10:38:23.990748 e REPOSITORY activator.cpp(00454) : Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for detailed information about the root cause. No objects have been activated.
[6725]{60031}[26/2071944] 2016-02-17 10:38:24.001103 e REPOSITORY activator.cpp(00647) : Activator::activateObjects: Activation 237 completed with errors. Session error: Repository: Activation failed for at least one object;At least one error was encountered during activation. Please see the CheckResult information for detailed information about the root cause. No objects have been activated.(40136)
Check results with severity "error":
(ERROR, error code: 8000034, error message: HRF Plugin: 26 Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized, object: {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}, location: , time stamp: 2016-02-17,10:38:23.990, unformatted error message: $NAME$: $CODE$ $MESSAGE$, parameter 0: "CODE"="26", parameter 1: "MESSAGE"="Technical error occurred - InternalError: dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized", parameter 2: "NAME"="HRF Plugin")
[6730]{60031}[26/2071946] 2016-02-17 10:38:24.055193 i TraceContext TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation
[6730]{60031}[26/2071946] 2016-02-17 10:38:24.055183 e REPOSITORY sourceCodeMove.cpp(00108) : Inactive object to be activated does not exist in repository.(40112): {tenant: , package: bat, name: Aggregation, suffix: hprruleservice}
[6730]{60031}[26/-1] 2016-02-17 10:38:24.059822 i TraceContext TraceContext.cpp(00855) : UserName=FSCHULER, ApplicationUserName=FSCHULER, ApplicationName=sap.hrf, ApplicationSource=/sap/hrf/service/ruleService/bat/Aggregation
[6730]{60031}[26/-1] 2016-02-17 10:38:24.059812 e REPOSITORY guards.cpp(00355) : CheckAndCommitScope::~CheckAndCommitScope: Unable to checkAndCommitOperation: Repository: Encountered an internal error in the repository code, this is most likely a bug in the implementation(40109)
[6730]{60031}[26/-1] 2016-02-17 10:38:24.060015 e REPOSITORY repository.cpp(00320) : Fatal activation error: exception 1: no.70040136 (repository/base/activation/activator.cpp:826)
Repository: Activation failed for at least one object;source code move failed
exception throw location:
1: 0x00007fb95d979467 in repo::RepoException::RepoException(int, ltt_adp::basic_string<char, ltt::char_traits<char>, ltt::integral_constant<bool, true> > const&, char const*, int)+0x33 at repoexception.cpp:31 (libhdbrepocore.so)
2: 0x00007fb95d979549 in repo::GenerateError::GenerateError(int, ltt_adp::basic_string<char, ltt::char_traits<char>, ltt::integral_constant<bool, true> > const&, char const*, int)+0x5 at repoexception.cpp:56 (libhdbrepocore.so)
3: 0x00007fb95da33798 in repo::Activator::activateObjectsInternalFast2(repo::AbstractSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::InactiveVersion const&, ltt_adp::vector<repo::ObjectDataForActivation, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, ltt_adp::vector<Authorization::ObjectId, ltt::integral_constant<bool, true> >&, repo::ObjectDependenciesFacade&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&)+0x5b4 at activator.cpp:826 (libhdbrepocore.so)
4: 0x00007fb95da3c475 in repo::Activator::activateObjects(repo::AbstractSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::InactiveVersion const&, repo::ActivationMode, bool, repo::ObjectDependenciesFacade&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&)+0x701 at activator.cpp:423 (libhdbrepocore.so)
5: 0x00007fb95dc4ea7f in repo::RepositoryBaseFunc::activateObjectsInternal(repo::Activator&, repo::InactiveSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, bool, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&, bool)+0x1eb at repositorybasefunc.cpp:1662 (libhdbrepocore.so)
6: 0x00007fb95dc258e1 in repo::Repository::activateObjects(repo::InactiveSession*, ltt_adp::vector<repo::ObjectID, ltt::integral_constant<bool, true> > const&, repo::ActivationMode, int&, ltt_adp::vector<repo::CheckResult, ltt::integral_constant<bool, true> >&, repo::ChangeID&, bool)+0xd20 at repository.cpp:301 (libhdbrepocore.so)
7: 0x00007fb95dc57d2e in repo::RepositoryNet::handle_RepoNetRequest(TrexNet::Request&, TrexService::HandlerContext&)+0x63a at repositoryNet.cpp:830 (libhdbrepocore.so)
8: 0x00007fb9610e5518 in TRexAPI::TREXIndexServer::handle(TrexNet::Request&, TrexService::HandlerContext&)+0x22f4 at TREXIndexServer.cpp:5028 (hdbindexserver)
9: 0x00007fb957d50bf4 in TrexService::WorkerThread::run(void*)+0xa90 at TrexServiceThreads.cpp:584 (libhdbbasement.so)
10: 0x00007fb957d6d776 in TrexThreads::PoolThread::run()+0x842 at PoolThread.cpp:392 (libhdbbasement.so)
11: 0x00007fb957d6f0a0 in TrexThreads::PoolThread::run(void*&)+0x10 at PoolThread.cpp:165 (libhdbbasement.so)
12: 0x00007fb93f94f271 in Execution::Thread::staticMainImp(void**)+0x6f0 at Thread.cpp:461 (libhdbbasis.so)
13: 0x00007fb93f950848 in Execution::Thread::staticMain(void*)+0x34 at ThreadMain.cpp:26 (libhdbbasis.so)
How would this help me to find the missing authorization?
Very many thanks in advance again
Frank
Hi Frank,
please mark your question as answered. For future people looking here for the same question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Frank,
First of all - thanks for your kind words! I have forwarded your issue to the relevant experts...
BR, Noam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.