cancel
Showing results for 
Search instead for 
Did you mean: 

SAP HANA security issue: SAP DBTech JDBC: [258]

Former Member
0 Kudos

Hello experts,

I am trying SAP HANA security features by playing out with a test user (MYTESTUSER) I've previously created. This is the permissions detail I've granted to the mentioned user:

Granted Roles:

PUBLIC

Object Privileges:

_SYS_BIC : SELECT

_SYS_REPO : EXECUTE, SELECT

REPOSITORY_REST (SYS): EXECUTE

MYSCHEMA : SELECT (Contains source tables for views)

Package Privileges:

TEST.MYTEST (Package containing my views)

Analytic Privileges:

AP_MYTEST : Contains all my views and a couple restrictions over an attribute.

What do I expect?: when logging on as MYTESTUSER it should be able to deploy the different folders in SAP HANA Studio, dive into "Content" folder, and even more: reach the package TEST.MYTEST, once there by selecting "Calculation Views" folder then being able to open CV_MYTEST calc view (which was already added into AP_MYTEST shown above).

What happens as is?: Running as MYTESTUSER I am able to reach the calc view, when opened it is able for view only (its design). When pushing over the button "Open in Data Preview Editor" it trhows me the error:

Cannot get the data provider outline

SAP DBTech JDBC: [258]: insufficient privilege: insufficient privilege: Not authorized at ptime/query/checker/query_check.cc:2418

What is expected?: Running as MYTESTUSER "Open in Data Preview Editor" feature must return and show adequate data from calculated view.

In consequence:

  • What does this error ("Not authorized at ptime/query/checker/query_check.cc:2418") specifically means and how to start addressing it?
  • I'm unable to determine what is crashing or in what point it doesn't work. Any clues?
  • I've also realized that there's no way out to perform some kind of trace (at least in an easy-known-fashion). Could you also advice? it would be quite important to be able to detect what are specifically the missing authorizations for a performed action. (kinda SU53 in SAP)


Any clues or advices are welcome. Thanks a lot in advance,


Bernardo


Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Bernardo,

Can you check whether _SYS_REPO has SELECT access on your schema. Open _SYS_REPO user and check whether your schema is listed under objects privileges or not. If not run the below query.

GRANT SELECT ON SCHEMA <schema_name> TO _SYS_REPO WITH GRANT OPTION.

if it doesn't work try to give SELECT and EXECUTE access on both _SYS_BI and _SYS_BIC to your schema and check. And also but default your should have all the privileges on your schema.

Regards,

Venkat N.

Former Member
0 Kudos

Thanks Venkat for your advice,

This is what I did for it to work as expected:

Assigned following privileges on following objects:

_SYS_BI      SELECT

_SYS_BIC     SELECT

_SYS_REPO     SELECT

<MY_SCHEMA_CONTAINING_VIEWS>    SELECT

<REPOSITORY_REST (SYS)>    EXECUTE

... previously created an Analytic Privilege on which it contained my Analytic and Calculation Views containing also the restrictions I'm interested to lock. It worked properly that way.

Thanks a lot for your support and best regards,

Bernardo

Answers (0)