In SAP HANA I am trying to call a StoredProcedure with a Table Type as input parameter.
Other Input parameters work just fine. But as soon as I use a Table Type I get the error:
Failed to execute action: InternalError: dberror($.hdb.Connection.executeProcedure): 258 - SQL error, server error code: 258. insufficient privilege: Not authorized at /sapmnt/ld7272/a/HDB/jenkins_prod/workspace/8uyiojyvla/s/ptime/query/checker/query_check.cc:4003
How to fix / debug this?
In the indexserver-trace is:
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949679 i TraceContext TraceContext.cpp(01028) : UserName=SAPDBCTRL, ApplicationUserName=SM_EFWK, ApplicationName=ABAP:AS2, ApplicationSource=CL_SQL_STATEMENT==============CP:304, Client=010, StatementHash=31c1e1f5ca72868a541d58fc5a77596b, EppRootContextId=0050560204981EE782C14A33A16BC68E, EppTransactionId=47BF1E2CEE9D05A0E005B7CF04FCF981, EppConnectionId=5B7C13CC22061B08E10000000A1807AF, EppConnectionCounter=1, EppComponentName=AS2/sapas2ci_AS2_01, EppAction=EFWK RESOURCE MANAGER
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949656 w SQLScriptExecuto se_eapi_proxy.cc(00144) : Error <exception 71000258: Not authorized
> in preparation of internal statement: delete from _SYS_STATISTICS.STATISTICS_PROPERTIES where key='internal.check.store_results'
[19984]{315590}[100/100235487] 2018-08-22 10:07:13.949904 e SQLScript trex_llvm.cc(00936) : Llang Runtime Error: Exception::SQLException258: insufficient privilege: Not authorized
at main (line 63) ("_SYS_STATISTICS"."SHARED_STORE_USED_VALUES": line 8 col 5 (at pos 456))
This seems rather straightforward:
The application user (the person using SAP NetWeaver) SM_EFWK logged on in client 010 is trying to delete data from an SAP HANA statistics service table _SYS_STATISTICS.STATISTICS_PROPERTIES.
The NetWeaver/ABAP program uses a secondary database connection with the database user SAPDBCTRL.
The error Exception::SQLException258: insufficient privilege: Not authorized is thrown, because this SAPDBCTRL database user, does not have the privilege to DELETE on this table assigned to it (neither directly, nor via schema or role privilege).
If the SQL command is part of an SAP standard program, then I'd check that the recommended setup has been implemented correctly.
If this command comes from a custom program, you may want to either assign the privilege or use a different technical user as SAPDBCTRL is an SAP standard user that shouldn't be modified.
Related
We are trying to replicate data from AlloyDB to Bigquery using Datastream.
We Get "An unknown error occurred. Please try again. If the error persists, contact Google support."
In the Datastream console --> objects list, we see all source tables with Object Status "Failed" and Backfill status "Completed".
In Bigquery we see only a subset of the tables (not all the "Completed" objects were synced).
In the Logs Explorer I can see this error on BQ:
I also see this error: error: {
code: 11
message: "Unsupported primary key column either does not exist or is a pseudocolumn at [1:401]"
}
The column referred in the error is of type enum.
The desired situation is having all the AlloyDB tables replicated into Bigquery.
The error message is not very informative...
What does it mean?
What would be the best way to go about troubleshooting this?
We're actively working on making these error messages be more informative, and improvements are continuously being rolled out as we identify more edge cases. Assuming you followed all the steps in the documentation, then you may need to open a ticket with support for further investigation. If a support ticket isn't an option, you can still report the issue using the public issue tracker
I just had this same issue but connecting to a PostgreSQL in AWS RDS:
Beginning with Postgres 10, passwords are encrypted using SCRAM-SHA-256 in PostgreSQL. Google DataStream still expects MD5 password encryption, or it will generate an "unknown error" in the logs and fail the backfills.
You'll need to update your postgresql.conf (or RDS Cluster Parameter Group if you're using AWS like me):
password_encryption = 'MD5'
Restart the database and make sure the parameter has changed with:
SHOW password_encryption;
Reset the password of your users:
ALTER USER "{username}" with password '{password}';
More info from the PostgreSQL docs: https://www.postgresql.org/docs/current/auth-password.html
I put a user into an AD group, and after that, i used the below syntax to find if he has been put:
xp_logininfo 'domain\group_name', 'members'
and find the user domain\username is listed.
And then, I checked the user's permission path, using the following statements:
xp_logininfo 'domain\user_name', 'all'
execute as user = 'domain\user_name'
None of them worked, and all showing the error message as:
Msg 15404, Level 16, State 19, Line 12
Could not obtain information about Windows NT group/user 'domain\user_name', error code 0x5.
So what happens when query this user?
The error code 0x5 indicates access denied. Here are some troubleshooting methods.
• Check the user indeed exists in the AD group.
• Check if the service account is not disabled.
• Check if the user has dataread permissions.
I got the following exception when i deployed the war on WAS 8.5
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'identityAssociationCleanupTask' defined in URL [wsjar:file:/C:/Program%20Files/IBM/Worklight/WorklightServer/worklight-jee-library.jar!/conf/core.xml]: Invocation of init method failed; nested exception is org.springframework.orm.jpa.JpaSystemException: "WRKSCHM.CLUSTER_SYNC" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=3.57.82 {prepstmnt -234009374 SELECT t0.HOSTVMID, t0.ID, t0.UPDATETIMESTAMP, t0.VERSION FROM WRKSCHM.CLUSTER_SYNC t0 WHERE t0.ID = ? optimize for 1 row [params=(String) identityAssociationCleanupTask]} [code=-204, state=42704]SQLCA OUTPUT[Errp=SQLNQ1FC, Errd=-2145779603, 0, 0, 0, -10, 0]
"WRKSCHM.CLUSTER_SYNC" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=3.57.82
An error occurred during implicit system action type "2". Information returned for the error includes SQLCODE "-204", SQLSTATE "42704" and message tokens "WRKSCHM.CLUSTER_SYNC".. SQLCODE=-727, SQLSTATE=56098, DRIVER=3.57.82
An error occurred during implicit system action type "2". Information returned for the error includes SQLCODE "-204", SQLSTATE "42704" and message tokens "WRKSCHM.CLUSTER_SYNC".. SQLCODE=-727, SQLSTATE=56098, DRIVER=3.57.82; nested exception is <openjpa-1.2.2-r422266:898935 nonfatal general error> org.apache.openjpa.persistence.PersistenceException: "WRKSCHM.CLUSTER_SYNC" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=3.57.82 {prepstmnt -234009374 SELECT t0.HOSTVMID, t0.ID, t0.UPDATETIMESTAMP, t0.VERSION FROM WRKSCHM.CLUSTER_SYNC t0 WHERE t0.ID = ? optimize for 1 row [params=(String) identityAssociationCleanupTask]} [code=-204, state=42704]SQLCA OUTPUT[Errp=SQLNQ1FC, Errd=-2145779603, 0, 0, 0, -10, 0]
"WRKSCHM.CLUSTER_SYNC" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=3.57.82
An error occurred during implicit system action type "2". Information returned for the error includes SQLCODE "-204", SQLSTATE "42704" and message tokens "WRKSCHM.CLUSTER_SYNC".. SQLCODE=-727, SQLSTATE=56098, DRIVER=3.57.82
An error occurred during implicit system action type "2". Information returned for the error includes SQLCODE "-204", SQLSTATE "42704" and message tokens "WRKSCHM.CLUSTER_SYNC".. SQLCODE=-727, SQLSTATE=56098, DRIVER=3.57.82
But I am able to deploy the same on the embedded server of eclipse.
And iam not able to see any internal tables under APPCNTR database.
Iam using worklight 6.0 and i installed using installation manager 1.6.3.
Iam using DB2 10.1,I have manually created APPCNTR,WRKLGHT,WLREPORT databases and set the schemas for WRKLGHT as WRKSCHM and WLREPORT as WLRESCHM.
I followed this http://pic.dhe.ibm.com/infocenter/wrklight/v6r0m0/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdeploy%2Fc_deploy_custom_war_file_to_app_server.html, for Configuring WebSphere Application Server for DB2 manually.
followed http://pic.dhe.ibm.com/infocenter/wrklight/v6r0m0/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdeploy%2Fc_deploy_custom_war_file_to_app_server.html this to Configuring WebSphere Application Server manually and deploying .
Please help me if I have missed any configuration.
You have not provided details about your environment (Worklight version, WAS profile, database) so it is difficult to pinpoint exactly what the problem could be; my answer is based on certain assumptions, such as that you are using DB2.
Looking closely to the error:
WRKSCHM is the schema name that Worklight Server is trying to access through JPA
CLUSTER_SYNC is a table in the 'WRKLGHT' database
This error can be caused by either the table not being properly created (DB2 setup process is incomplete), or by a schema name mismatch (WAS datasource setup incorrect).
Please verify the following on your environment:
DB2 Setup
Make sure that your DB2 is properly configured for Worklight; verify that the necessary databases are created ('WRKLGHT' for Worklight Server, 'WLREPORT' for the Worklight Reports feature and 'APPCNTR' for Worklight Application Center). The following documentation might be useful to you:
Creating the DB2 databases
Setting up the 'WRKLGHT' and 'WLREPORT' databases
Setting up the 'APPCNTR' database
DB2 Schema Configuration
Make sure that your WAS configuration is properly defining the appropriate schema name that you used in the steps above; the schema name is passed to the JDBC driver using the currentSchema property. The following documentation might be helpful as well:
Configuring DB2 on WAS Liberty profile
Configuring DB2 on WAS Standard profile
DB2 Cheat Sheet (how to list the current DB2 schema names)
DB2 schema qualifiers
I hope this will help you get past this problem.
Did any one see this error ??
I'm using Firebird 2.1 and database create statement is getting failed on v.first stored procedure execution.
Error Message:
[869] : There was a problem creating a DBProvider with the following parameters: StoredProcedureName:sel_NextObjectID
2. operating system directive CreateFile failed
3. operating system directive CreateFile failed
Stack Trace
2.at FirebirdSql.Data.FirebirdClient.FbConnectionInternal.Connect()
at FirebirdSql.Data.FirebirdClient.FbConnectionPool.Create()
at FirebirdSql.Data.FirebirdClient.FbConnectionPool.CheckOut()
at FirebirdSql.Data.FirebirdClient.FbConnection.Open()
at FirebirdDBProvider.NewProvider_Internal(String commandText, String connectionString, CommandType commandType)
3 at FirebirdSql.Data.FirebirdClient.FbConnectionInternal.Connect()
at FirebirdSql.Data.FirebirdClient.FbConnectionPool.Create()
at FirebirdSql.Data.FirebirdClient.FbConnectionPool.CheckOut()
at FirebirdSql.Data.FirebirdClient.FbConnection.Open()
at FirebirdDBProvider.NewProvider_Internal(String commandText, String connectionString, CommandType commandType)
You can get this error when you are attempting to connect to a database which does not yet exist.
It is not entirely clear from your post what you mean with 'database create statement is getting failed on v.first stored procedure execution', but I assume you are attempting to create a database and then execute DDL.
To connect to a database, you first need to create it. To create a database you need to use createDatabase first.
Well, deleting all temp file fixed this thing. Found the same issue on firebird too.
1) Make sure your application (on which you're facing this issue) is not running.
2) One Run dialog (Window + R) and type in “%temp%” and click “ok”
3) In the opened folder delete all the files (which can be deleted).
4) Start the application.
Just had same issue, the reason was no free space available on the system drive.
I have an SSIS package that is scheduled to run every weekday morning at 8:15. It copies data to and from Active Directory and SQL. About two weeks ago, it started failing, with no changes having been made to the server (beyond MS updates).
The funny thing is that if I then immediately run the package again, it succeeds. Here is the error text from when it fails:
Date 7/14/2011 8:15:00 AM
Log Job History (Reference: Active Directory)
Step ID 1
Server MMCI-GD1SQL2
Job Name Reference: Active Directory
Step Name Run Package
Duration 00:00:32
Sql Severity 0
Sql Message ID 0
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0
Message
Executed as user: MMCI\service-sql. Microsoft (R) SQL Server Execute Package Utility Version 10.0.1600.22 for 32-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved.
Started: 8:15:00 AM Error: 2011-07-14 08:15:31.88
Code: 0xC0047062
Source: Synchronize Permissions Active Directory Permissions [133]
Description: System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server. ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.RefreshCache()
at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDirectoryEntryAttributes(DirectoryEntry de)
--- End of inner exception stack trace ---
at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.HandleUserException(Exception e)
at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.PrimeOutput(Int32 outputs, Int32[] outputIDs, PipelineBuffer[] buffers)
at Microsoft.SqlServer.Dts.Pipeline.ManagedComponentHost.HostPrimeOutput(IDTSManagedComponentWrapper100 wrapper, Int32 outputs, Int32[] outputIDs, IDTSBuffer100[] buffers, IntPtr ppBufferWirePacket) End Error Error: 2011-07-14 08:15:31.90
Code: 0xC0047038
Source: Synchronize Permissions SSIS.Pipeline
Description: SSIS Error Code DTS_E_PRIMEOUTPUTFAILED. The PrimeOutput method on component "Active Directory Permissions" (133) returned error code 0x80131501. The component returned a failure code when the pipeline engine called PrimeOutput(). The meaning of the failure code is defined by the component, but the error is fatal and the pipeline stopped executing. There may be error messages posted before this with more information about the failure. End Error DTExec: The package execution returned DTSER_FAILURE (1). Started: 8:15:00 AM Finished: 8:15:31 AM Elapsed: 31.343 seconds. The package execution failed. The step failed.
Any thoughts?
Has some new Group Policy been applied that changed the permissions for the account your automated run uses, but which doesn't apply to your user id? I'm assuming when you say "I then ... run the package", you mean your logged-in user id.
Based on the error message that you had provided, the issue seems to be that the task within your package is trying to query an object in Active Directory that might no longer exist.
System.DirectoryServices.AccountManagement.PrincipalOperationException:
There is no such object on the server. --->
System.DirectoryServices.DirectoryServicesCOMException (0x80072030):
There is no such object on the server.
I could be wrong on the below part. I am just speculating what your package might be doing based on the description provided.
Since your package synchronizes data between SQL Server and Active Directory, I assume that the task named Synchronize Permissions Active Directory Permissions selects some form of data stored in SQL Server and updates the content in Active Directory or vice versa. If my assumption is correct, this task is probably Script Task or Script Component. I believe that the code inside this component is failing to select an object (group/user) in Active Directory.
I would check whether a group/user was deleted in Active Directory on the days prior to when the package failed to run.
Hope this helps.