0 Replies Latest reply on Jan 2, 2017 1:05 PM by Sanjay Chaturvedi

    TEIID30492 User <tab-DAL_AT> is not entitled to action <READ> for 1 or more of the groups/elements/procedure

    Sanjay Chaturvedi Novice

      I have dv-6.1 installed locally. Here I have setup DV layer on top of XML, Hadoop and Sqlserver.

      Am getting this issue in basic functionality of role based permission model, where I can't do much except relying on teiid designer and to set row based permission model.

      Attached is the VDB.

      Problematic roles are : US role and AT role which is basically nothing but roles created for country based data show. Row based constraints are also enforced on two of the objects:

      "ODSView"."client" and "POstTripDMView"."dimClient" to show country specific data only.

      Constraints :

      countrycode='AT' and  country='AT'

       

      When I try to query either of the two objects ; Am getting this :

      TEIID30492 Remote org.teiid.api.exception.query.QueryValidatorException: TEIID30492 User <tab-DAL_AT> is not entitled to action <READ> for 1 or more of the groups/elements/procedures.

       

      I explored and opened VDB.xml and found entry like any-authenticated=false. So I made it to true manually. I dont know which part of designer set this entry.

      Now Query is working but

      for US user and for AT user : both user are getting data rows for both country. while expectation is to get "only" US data for US user

      So test query is

      select distinct Country from "POstTripDMView"."dimClient"

      which is showing US and AT when user is AT role only/ Teiid security :

      tab-DAL_US=G USR - ROLE - US - DAL READ ONLY

      tab-DAL_AT=G USR - ROLE - AT - DAL READ ONLY