从使用ZDM部署的HDI容器向同一项目中的另一个容器授予角色

时间:2019-11-20 11:21:20

标签: hana

我有以下设置:

mta.yaml 

ID: MY_APP
_schema-version: '2.0'
version: 1.0.0

modules:
  - name: core_db
    type: hdb
    path: core/
    requires:
      - name: core
        properties:
          TARGET_CONTAINER: '~{core-container-name}'
    parameters:
      zdm-mode: true
      no-route: true

  - name: raports_db
    type: hdb
    path: raports/
    requires:
      - name: raports
        properties:
          TARGET_CONTAINER: '~{raports-container-name}'
      - name: core
        group: SERVICE_REPLACEMENTS
        properties:
          key: hdi-core-service
          service: '~{core-container-name}'

resources:
  - name: core
    parameters:
      config:
        schema: ${default-container-name}
    properties:
      core-container-name: '${service-name}'
    type: com.sap.xs.hdi-container

  - name: raports
    parameters:
      config:
        schema: ${default-container-name}
    properties:
      raports-container-name: '${service-name}'
    type: com.sap.xs.hdi-container

有两个角色: core_db 模块中的ATERP.roles::raportATERP.roles::raport#,其中schema_privileges授予SELECT,schema_privileges授予SELECT分别具有授予选项。

raports / cfg / core.hdbgrants 

{
   "hdi-core-service": {
     "object_owner": {
       "container_roles":["ATERP.roles::raport#"]
     },
     "application_user": {
       "container_roles":["ATERP.roles::raport"]
     }
   } 
}

当我在SAP WebIDE中构建这两个模块时,将创建HDI容器,并且一切工作都非常顺畅...我可以从 raports_db 中为 core_db中的对象创建同义词并执行常规操作。

但是,当我使用xs bg-deploy命令部署它时,它无法部署 raports_db-blue 并显示以下消息:

OUT Target service: raports
OUT Processing grants files...
OUT  Processing "cfg/core.hdbgrants"...
OUT   Using service "hdi-core-service" of type "hdi"
OUT  Granting schema roles in the container "TEST_TEST_CORE" and the parameters "[]"...
OUT   Granting the schema role "ATERP.roles::raport#" to the principal "TEST_TEST_RAPORTS#OO" in the schema "" with grant option = "false"
OUT  Error: Granting schema roles in the container "TEST_TEST_CORE" and the parameters "[]"... failed [8214221]
OUT  Error: Database error 389: : invalid role name: ATERP.roles::raport#: line 1 col 7 (at pos 6) [8201003]
ERR Error: Error executing: CALL "TEST_TEST_CORE#DI".GRANT_CONTAINER_SCHEMA_ROLES(#CONTAINER_ROLES, #CONTAINER_ROLES_PARAMETERS, ?, ?, ?);
OUT (0s 637ms)
OUT 
ERR  (nested message: HDI call failed)
ERR grantor service: "hdi-core-service", type: "hdi", user: "TEST_TEST_CORE_64NMO3S50ZLGYRYV3N3ION1GM_DT" (hdi_user)
ERR file name: /hana/shared/HXE/xs/controller_data/executionagent/executionroot/9ffc7462-c1a4-4612-9e59-e26186700edf/app/cfg/core.hdbgrants
(...)

select * from sys.roles查询的(相关)结果集:

"ROLE_SCHEMA_NAME", "ROLE_NAME", "CREATOR"
"TEST_TEST_CORE", "zdm_access#", "TEST_TEST_CORE#OO"
"TEST_TEST_CORE_ACCESS_BLUE", "ATERP.roles::raport", "TEST_TEST_CORE_ACCESS_BLUE#OO"
"TEST_TEST_CORE_ACCESS_BLUE", "ATERP.roles::raport#", "TEST_TEST_CORE_ACCESS_BLUE#OO"

因此,这两个角色实际上位于 access 容器中,现在我很清楚为什么错误消息指出ATERP.roles::raport#中的角色名称TEST_TEST_CORE是无效的。但是如何授予 access 容器中的角色?

致谢! 〜Ebu

0 个答案:

没有答案
相关问题
最新问题