Skip to Content

How to Setup Hana Authorization Trace

How to activate an Authorization Trace in case of authorization Problems:

(something similar to Transaction ST01 in Netweaver ABAP)



Go to Hana System Administration, Trace Configuration:

Trace_Configuration.jpg

User Specific Trace, select New Configuration (small Icon ‘Create’ upper right Corner of User-Specific Trace)

Context Name is a description for this user-defined-trace

select Indexserver, select ‘Show all components’, select authorization

can be set to ‘INFO’ (this is optional, error is the default)

User_defined_trace.jpg

click on Finish

now trace is active

now Switch to the relevant user an produce the error

/wp-content/uploads/2015/08/error_message_770934.jpg

go to diagnosis Files and select the tracefile

/wp-content/uploads/2015/08/diagnosis_files_770935.jpg

example

[66898]{410859}[124/-1] 2015-08-14 12:32:42.216756 i Authorization    SQLFacade.cpp(01353) : UserId(2637946) is not authorized to do SELECT on ObjectId(2,0,oid=141224)

[66898]{410859}[124/-1] 2015-08-14 12:32:42.217089 i Authorization    SQLFacade.cpp(01750) :

    schemas and objects in schemas :

SCHEMA-141016-_SYS_BI : {} , {SELECT}

TABLE-141224-BIMC_ALL_CUBES : {} , {SELECT}

[66898]{410859}[124/-1] 2015-08-14 12:32:42.217415 i Authorization    query_check.cc(03287) : User AUTHTEST tried to execute ‘select * from _SYS_BI.BIMC_ALL_CUBES WHERE CUBE_NAME = ‘AN_M2MEVAL’ AND CATALOG_NAME = ‘swisscom.its.m2m”

SAP DBTech JDBC: [258]: insufficient privilege: insufficient privilege: Not authorized at ptime/query/checker/query_check.cc:3290

10 Comments
You must be Logged on to comment or reply to a post.