cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Update,Create and Delete with ODATA service result in 403 Forbidden Error

Former Member

on ‎2015 Aug 31 12:55 PM

0 Kudos
1,473

Hi,

I have a Hana XS Engine with an odata service. The service allows me to read the data of my tables. As soon as I want to Create, Update or Delete an entry I get the 403 - Forbidden error Page returned.

My user actually has the required rights to execute one of these actions (it works in Hana Studio with the sql command line), but I additionally tested it with the system user and got the same result.

Is this a known issue or is there a solution to my problem?

Thank you in advance!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

thamizharasan
Advisor
Advisor
‎2015 Oct 05 10:55 AM
0 Kudos

Hi Yannick,

Even i'm facing the same issue. I have updated my xsaccess file too.



{


    "exposed": true,


    "authentication": [{


        "method": "Basic"


    }],


    "default_file": "index.html",


      "cors" : { "enabled" : true, "allowMethod":["GET","POST","HEAD","DELETE","OPTIONS"]}  


}

Could you please explain how you resolved the issue..?

Regards,

ThamizharasaN.

Show replies
Show replies
Former Member
‎2015 Oct 14 12:37 PM
0 Kudos

Hello Thamizharasan,

Did you solve it?

If yes, please give me some advice to solve this.

Thanks.

thamizharasan
Advisor
Advisor
‎2015 Oct 14 2:32 PM
0 Kudos

Hi Frankie,

Yes the problem is solved. First check whether you have the needed privileges. Then we need to do one more thing to make it work. Just navigate to /sap/hana/xs/admin/ in your system, select your application and check whether the update, create and delete are there in allowed methods. After this everything went fine for me.

Regards,

ThamizharasaN.

former_member198968
Explorer
‎2016 Feb 03 11:14 AM
0 Kudos

hi ThamizharasaN,

I have done this. And i am able to post data successfully using xsjs service but not from XSOdata service. Is there anything i may be missing.?

thanks in advance,

regards,

Animesh Ghosh

thamizharasan
Advisor
Advisor
‎2016 Feb 07 6:55 AM
0 Kudos

Hi Animesh,

Let me know what error you are getting when you with xsodata..?

Regards,

ThamizharasaN.

Former Member
‎2016 Feb 09 3:00 PM

Hi Animesh,

if you are getting 403 - Forbidden error try modifying your xsaccess file like this:



{


     "exposed" : true, 


    


  


      


     "cache_control" : "must-revalidate",






     "cors":


      {


      "enabled":true,


      "allowMethods": ["GET","POST","DELETE","PUT"],


      "allowOrigin": ["*"],


      "maxAge":"3600"


      },


    


                    


     "enable_etags" : false,






     "force_ssl" : false,


    


     "prevent_xsrf" : false


}

especially the cors part solved the issue for me.

Best regards,

Yannick

former_member210023
Explorer
‎2016 Aug 22 6:18 AM
0 Kudos

Hi ThamizharasaN,

                           Could you please let me know the detailed path for updating CORS. I am unable to find it in HCP.

Thanks

Arka

thamizharasan
Advisor
Advisor
‎2016 Aug 22 7:29 AM
0 Kudos


Hi Arkajeet,

Just go to the admin console in HCP

https://<<you hcp system url>/sap/hana/xs/admin/

There you can find your application under xs artifact administration application objects.

Regards,

ThamizharasaN.

former_member210023
Explorer
‎2016 Aug 22 8:28 AM
0 Kudos

Thanks ThamizharasaN. I believe I do not have authorization as I am getting a 403. I shall take it up with the concerned people.

Thanks

Arka

Former Member
‎2015 Sep 02 3:29 PM
0 Kudos

I got it to work now. My mistake was that I only allowed the GET method (in the xsaccess).

Show replies
Show replies
Former Member
‎2015 Oct 04 8:48 AM
0 Kudos

Hi Yannick,

How did you correct this ?

-Avinash

Former Member
‎2016 Aug 24 9:50 AM
0 Kudos

This message was moderated.

thomas_jung
Developer Advocate
Developer Advocate
‎2015 Sep 01 3:09 PM
0 Kudos

I suggest you activate trace for this service and see what is being logged. It will show you the user running the request and generated SQL. Perhaps you have a technical user running this service. You also haven't posted your XSODATA definition. Are the entities directly against tables or views?  Create/Update/Delete against views only work with implemented exits otherwise they return forbidden.

Show replies
Show replies
Ask a Question