on 02-24-2016 2:12 PM
I have found plenty of threads on the subject of "SAP DBTech JDBC: [258]: insufficient privilege", but nothing that seems to be helpful for my situation
The following statement on compposite provider 'COM_PROV_XYZ':
select * from "_SYS_BIC"."system-local.bw.bw2hana/COM_PROV_XYZ";
fails with the message:
Could not execute 'select * from "_SYS_BIC"."system-local.bw.bw2hana/COM_PROV_XYZ"'
SAP DBTech JDBC: [258]: insufficient privilege
The following select on calc view 'YYY' works though:
select * from "_SYS_BIC"."ProjectX/YYY"
Which agrees with the fact that the user has been granted roles with the followin auths:
(also the case for _SYS_BIC and _SYS_REPO)
Also:
Any ideas out there?
Hello,
Have you tried running a trace whilst reproducing the error?
Please see the Troubleshooting Authorizations Guide for information on how to activate the trace.
Please paste trace information here so we can have a look.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks for the link to the great guide of yours.
Below you find the trace:
[14433]{362618}[1901/-1] 2016-02-25 09:25:26.656715 i TraceContext TraceContext.cpp(00923) : UserName=XXX, ApplicationUserName=thb_hem, ApplicationName=HDBStudio, ApplicationSource=csns.sql.editor.SQLExecuteFormEditor$2$1.run(SQLExecuteFormEditor.java:856);
[14433]{362618}[1901/-1] 2016-02-25 09:25:26.656708 i Authorization qo_rewrite_rules.cc(00267) : User XXX is not authorized to access _SYS_BIC.system-local.bw.bw2hana/A9CO_ER_ES07 because he is missing any structured privileges applicable to that object
Ah ok, I still think there might be some missing information, could you upload the whole file to:
https://mdocs.sap.com/mcm/public/v1/open?shr=6qXkl5lljT5wMH_zorkvDvMOjjUuj2C-gtYhYPChc24
By looking at what you out up, it seems the user you are using have not been granted the correct privileges on _SYS_BIC. Have you made sure your user has granted the SELECT with SYS_REPO with grantable to others option?
Hello,
we had the same problem or error message while executing the model (calculation view based on generated SAP HANA view in BW) in a BW transformation. Every time we executed the DTP and the transformation (SAP HANA expert scripted based transformation) we received the same error message regarding missing structured authorization of the generated SAP HANA view.
Activating the transformation again solved the problem. So simple, quiet so complicated.
I guess it has something to do with a BW note with switched from "each view one analytical privilege in one role" to "one role for all analytical privileges". The change affected the transformation obviously only when reactivating it. But don't ask me which SAP Note causes this authorization switch.
Good luck!
Marcel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I order to view the data, Analytic privileges on the view are required for the user apart from the _SYS_BIC and _SYS_BI privileges.
Also, the trace above mentions:
User XXX is not authorized to access _SYS_BIC.system-local.bw.bw2hana/A9CO_ER_ES07 because he is missing any structured privileges applicable to that object
Here, structured privileges refer to the analytic privilege to the user.
Can you check if the user has the respective Analytic privilege.
For analytic privilege you can refer the help.sap.com at
Analytic Privileges - SAP HANA Developer Guide for SAP HANA Studio - SAP Library
Thank you.
Anjali.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Steps to check the analytic privilege
1. In the Calculation view system-local.bw.bw2hana/COM_PROV_XYZ , check the Properties for Apply Privilege as
If it is classic Analytic Privilege, you can check if an analytic privilege is created on it. You can do this by selecting the view in the Systems view and in the context menu select Where used
This will list the analytic privilege if any created on the package.
Once we know the analytic privilege, go to the user in the Security -> Users -> Username.
Check in the Analytic Privileges whether the same privilege is granted to the user. If not then grant the same.
If there is no analytic privilege defined on the view, you need to ask the administrator (or user who has the privilege to create the analytic privilege) to create one and grant it to your user.
Thank you.
Anjali.
Thanks for your suggestion but that did not solve it either
This annoying problem refuses to go away
FYI: the schema has been added to the role:
and _SYS_REPO has been assigned the role:
Please let me know if this is correct and/or if you have any other suggestions.
I uploaded a fresh trace file hoping that you can take a look.
Thanks for this info, but we are on SAPKW74012 (and the note refers to sub-11).
Activating authorization checks ST01 and RSECADMIN created no fail records in their respective logs (currently nothing has been marked as authorization relevant anyway). I assume that this is what you refer to with "checked the authorizations from a BW perspective".
Given that the object is a HANA object (a composite provider created in HANA Studio) and the error pops up when trying to execute an SQL statement in HANA Studio on the composite provider I assume this is not surprising.
The mystery remains!
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.