on 2020 Apr 07 12:09 PM
Hi Team,
I am getting the below error while building the APRole.hdbrole.
The file requires "db://AP_POC_WEBIDE::AP_POC_WEBIDE" which is not provided by any file [8212001] at "src/APRole.hdbrole" (0:0)
1. I was able to successfully create the AP_POC_WEBIDE.hdbanalyticprivilege
2. created the APRole.hdbrole and tried to build it but got the error as " The file requires "db://AP_POC_WEBIDE::AP_POC_WEBIDE" which is not provided by any file [8212001] at "src/APRole.hdbrole" (0:0) "
APRole.hdbrole file Code :
{
"role": { "name":"start123.startHDB::Analytical_Privilege_Role",
"schema_privileges":[{ "privileges": [ "SELECT"] }],
"schema_analytic_privileges": [
{ "privileges":[ "AP_POC_WEBIDE" ]
}]
}
}
Please help in this regard and also help with whole process to complete successfully assign the Analytical Privilege to a specific User.screen.png
-Using the Web IDE XSA for HANA on Primise.
Followed below link to create the analytical privilege and role file .
Request clarification before answering.
Hi Nikil,
this sounds very strange. Especially so because you said before that "I found the other table T_NO_SCHEMA_ROLES".
I think this should better be handled by an incident, so colleagues can look into your system.
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nikil,
this is very strange as you said that "T_NO_SCHEMA_ROLES" would exist in your system. What HANA revision are you on?
Can you run SELECT statements successfully in the admin SQL console on _SYS_DI.TT_SCHEMA_ROLES or _SYS_DI.T_NO_SCHEMA_ROLES ?
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nikil,
you seem to open a normal SQL console. If you right-click on your database you have the option "Open SQL Console (Admin)" This should return you a current_user that ends in "_DT" and not "_RT"
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan,
I tried as per your comments opened the sql admin of the HDI Container of the project did the below steps.
SELECT current_user from dummy - Successfully executed
set schema POC3_SCHEMA_2_993BCOYK1573J80U1YQRJIP93_DT; -- Successfully executed
CREATE LOCAL TEMPORARY COLUMN TABLE #ROLES LIKE _SYS_DI.T_NO_SCHEMA_ROLES; - Getting the error as unresolved Table T_NO_SCHEMA_ROLES
Attached screen shot for reference.screen6.png
Thanks ,
Nikil
Hi Nikil,
sorry, my answer was not complete. I have changed it meanwhile and highlighted the changes in bold. In short:
- use the SQL admin console
- select the current_user you should see something like "_DT" at the end. set this as the schema
- add "#DI" to the container schema when calling the procedure
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan,
First opened the sql console of the project HDI container and i tried as you mentioned in the above points but stuck at creation of #Roles Temporary Table itself.
added screen shot for your reference what exactly i tried and error what i am getting..screen5.png
please help in this regard.
Thanks,
Nikil
Hi Nikil,
if you want to use the SQL API it is probably better to use a dedicated container administrator user for it (see e.g., here )
If you want to use the admin SQL console of your hdi-container you will need to use the respective schema of the user. You can find out this e.g., by running
SELECT current_user from dummy;
set this schema at the beginning:
set schema <schema>;
CREATE LOCAL TEMPORARY COLUMN TABLE #ROLES LIKE _SYS_DI.TT_SCHEMA_ROLES;
INSERT INTO #ROLES ( ROLE_NAME, PRINCIPAL_SCHEMA_NAME, PRINCIPAL_NAME ) VALUES ( 'simpleRole', '', 'SYSTEM' );
CALL <containerSchema>#DI.GRANT_CONTAINER_SCHEMA_ROLES(#ROLES, _SYS_DI.T_NO_PARAMETERS, ?, ?, ?);
DROP TABLE #ROLES;
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan ,
Good Day...!
i tried steps as u mentioned in above ans but still i am getting the same insufficient privileges.
1.SET SCHEMA START123_HDI_STARTHDB_1; - successfully executed
then i tried to check for the table TT_SCHEMA_ROLES i didnt get it but i found the other table T_NO_SCHEMA_ROLES with same structure so used this table.
CREATE LOCAL TEMPORARY COLUMN TABLE #ROLES LIKE _SYS_DI.T_NO_SCHEMA_ROLES;
but the i got the same error as i mentioned insufficient privileges once i try to execute the above statement.
please help in this regard to complete the process of Assigning the AP to a specific User : ABC using Web IDE XSa for HANA(On Primise)
ERROR :
Could not execute 'CREATE LOCAL TEMPORARY COLUMN TABLE #ROLES LIKE _SYS_DI.T_NO_SCHEMA_ROLES'
Error: (dberror) [258]: insufficient privilege: Detailed info for this error can be found with guid '084BEA8D509D6F43AA5B3071C660F020'.
Thanks ,
Nikilscreen3.png
Hi Nikil,
as said there are several ways. For example, if you want to assign the role to a database user, you could use user SYSTEM (or any user with privilege ROLE ADMIN) and execute
GRANT <schemaOfContainer>.<roleName> to X
You can determine your <schemaOfContainer> by looking at the deploy log, or run a query like:
select * from roles where role_name ='<nameOfRole>'
If you want to use the API you can find instructions here
Or you do the role management in HANA Database Cockpit (Role Assignment).
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan ,
tried to follow the SQL API .
opened the sql console of project hdi container(attached screen shot for ref) tried to to start the execute sql statements one by one as in below link got error in first statement it self.
1 . create local temporary column table "#Roles" like "_SYS_DI" ."T_NO_SCHEMA_ROLES";
got the error as unresloved then i set the schema
set schema POC3_SCHEMA_2;
then again tried to execute the statement
create local temporary column table "#Roles" like "_SYS_DI" ."T_NO_SCHEMA_ROLES";
Got the error as below
Could not execute 'create local temporary column table "#Roles" like "_SYS_DI" ."T_NO_SCHEMA_ROLES"'
Error: (dberror) [258]: insufficient privilege: Detailed info for this error can be found with guid 'BFF37FF8A04A6B44842959CD7C5E4708'
Using the Web IDE XSA fro HANA (On Premise)
User having roles : Role Admin, User Admin, XS_Autherization_Admin, Develper Role, etc.
Thanks
Nikilscreen2.png
Hi,
there are several ways how you can grant the role: with new versions of HANA Database Cockpit, with a user that has system privilege Role Admin using SQL (grant <role_name> to user), using the HDI SQL API. If you want to assign it to your "modeling-user" you might make use of the development_debug_role. For details see topic "How do I assign analytic privileges to the user that runs a data preview in Web IDE?" at
https://blogs.sap.com/2019/11/13/faq-modeling-in-web-ide/
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
the error message seems to suggest that your analytic privilege is actually named differently. Is there a namespace involved? Can you paste the definition of your AP?
Best,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks alot Jan .. , i have updated the name space for the Analytical privilege name in APRole file as below then i was able to build the role file successfully .
{
"role": { "name":"start123.startHDB::Analytical_Privilege_Role",
"schema_privileges":[{ "privileges": [ "SELECT"] }],
"schema_analytic_privileges": [
{ "privileges":[ "start123.startHDB::AP_POC_WEBIDE" ]
}]
}
}
my next question in same thread was - could you please help with how to grant this role other User to apply this AP with details process
- Uising the Web IDE XSA for HANA on Primise
User | Count |
---|---|
46 | |
9 | |
8 | |
6 | |
5 | |
5 | |
4 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.