When you accelerate queries on data in MaxCompute tables in Hologres, an error may occur if you are not granted relevant permissions. This topic provides answers to some commonly asked questions about permissions on MaxCompute.
FAQ
To view the FAQ about permissions on MaxCompute, click the following links:
Why is the error message "You have NO privilege 'odps:Select' on xxx" returned when I query data in a MaxCompute table?
Problem description
After I create a foreign table in the Hologres console, I cannot query data in the source MaxCompute table. The following error message is returned: You have NO privilege 'odps:Select' on xxx.
Cause
The current Resource Access Management (RAM) user is not granted the SELECT permission on data in the MaxCompute table.
Solution
Contact the MaxCompute administrator to grant the current RAM user the SELECT permission on data in the MaxCompute table. For more information, see MaxCompute permissions.
Why is the error message "The sensitive label of column 'xxx' is 2, but your effective label is 0" returned when I query data in a MaxCompute table?
Problem description
After I create a foreign table in the Hologres console, I cannot query data in the source MaxCompute table. The following error message is returned: The sensitive label of column 'xxx' is 2, but your effective label is 0.
Cause
The current RAM user is granted the permissions to query only part of fields in the MaxCompute table.
Solution
To resolve this issue, you can select one of the following methods:
(Recommended) Join a DingTalk group and contact technical support in the DingTalk group to upgrade your Hologres instance to V0.8. For more information, see Obtain online support for Hologres.
Add the following parameters before the existing query statements:
set hg_experimental_enable_odps_executor=on; set hg_experimental_enable_query_master=on;Obtain the permissions to query all fields in the MaxCompute table. For more information, see MaxCompute permissions.
Why is the error message "You have NO privilege 'odps:Select' on xxx" returned when I select a MaxCompute table across MaxCompute projects?
Problem description
The RAM user that I use is granted the permissions to query data in a MaxCompute table in Project 2. However, when I select the MaxCompute table to query data in Project 1, the following error message is returned: You have NO privilege 'odps:Select' on xxx.
Cause
The current RAM user is granted the permissions to query data in existing MaxCompute tables in Project 2. However, the error message is still returned when I query data in Project 1 and select a MaxCompute table that belongs to Project 2. This is because the RAM user is granted the permissions on Project 2 based on package-based resource sharing across projects. You can add SQL statements to resolve this issue.
Solution
If the current RAM user is granted the permissions on Project 2 based on package-based resource sharing across projects, you can add the following parameter before the existing SQL statements in Hologres to resolve the preceding issue:
// Add the following parameter if you use a Hologres instance of V0.7: set seahawks.seahawks_internal_current_odps_project='holoprojectname'; // Add the following parameter if you use a Hologres instance of V0.8: set hg_experimental_odps_current_project_name = 'holoprojectname';
Why is the error message "You have NO privilege 'odps:List' on xxx" returned when I create a foreign table?
Problem description
When I use HoloWeb or HoloStudio to create a foreign table in the Hologres console, an error occurs. The following error message is returned: You have NO privilege 'odps:List' on xxx.
Cause
The current RAM user is not granted the LIST permission on a MaxCompute project.
Solution
Contact the MaxCompute administrator to grant the current RAM user the LIST permission on the MaxCompute project. For more information, see MaxCompute permissions.
Execute an SQL statement to create a foreign table to query data. For more information, see Create a foreign table in Hologres to accelerate queries of MaxCompute data.
Why is the error message "Access denied by project ip white list: sourceIP:'xxxx' is not in white list. project: xxxx" returned when I create a foreign table?
Problem description
When I use HoloWeb to create a foreign table in the Hologres console, an error occurs. The following error message is returned: Access denied by project ip white list: sourceIP:'xxxx' is not in white list. project: xxxx.
Cause
An IP address whitelist is configured for the current MaxCompute cluster. However, the IP address of HoloWeb is not included in the whitelist.
Solution
After an IP address whitelist is configured, only the IP addresses in the whitelist are authorized to access MaxCompute projects. If you access MaxCompute projects from an IP address that is not in the whitelist, your access request is denied even if you have a valid AccessKey pair. In this case, you can create a foreign table only after you add the IP address in the error message to the whitelist. For more information, see Set IP address whitelists.
Why is the error message "You don't exist in project xxx" returned when I create a foreign table?
Problem description
When I create a foreign table, the following error message is returned: You don't exist in project xxx.
Cause
The RAM user that is used to create the foreign table is not granted the permissions to access the MaxCompute project in which the source MaxCompute table resides.
Solution
Check whether the name of the MaxCompute project that you want to access is valid. If the project name is invalid, replace it with a valid one. If the project name is valid but the issue persists, go to MaxCompute and grant the RAM user the permissions to access the MaxCompute project. For more information, see Permissions.