本文为您介绍错误码ODPS-0130013:Authorization exception的报错场景,并提供对应的解决方案。
错误1:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>
错误信息示例
FAILED: ODPS-0130013:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>;
错误描述
当前用户访问该proejct时,没有通过policy校验。当proejct设置了对应的policy后,除了project owner以外,其它用户都需要先检验该policy。
解决方案
需要通过命令给该用户授权。
--使用下面命令查看当前项目的policy设置:
get policy;
--返回内容,下面policy代表除了owner以外,其它人都不可以访问该项目
{
"Version": "1",
"Statement":
[{
"Effect":"Deny",
"Principal":"*",
"Action":"odps:*",
"Resource":"acs:odps:*:projects/*",
}]
}
--修改policy内容
--把修改好的policy存放成,policy.txt文件
--把effect修改成allow,代表全部用户都可以访问。
{
"Version": "1",
"Statement":
[{
"Effect":"allow",
"Principal":"*",
"Action":"odps:*",
"Resource":"acs:odps:*:projects/*",
}]
}具体关于project基本的policy使用方法,请参见Policy概况。
错误2:Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project '<project_name>' is protected
错误信息示例
ODPS-0130013:Authorization exception - Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project 'wego_data_center' is protected. You need to contact the project owner to set the exception policy for you. Context ID:<context ID>. --->Tips: CurrentProject:wg_data_ops; Pricipal:ALIYUN$<account_id>; No permission 'odps:Select' on resource acs:odps:*:projects/projects/<project_name>/tables/<table_name>
错误码描述
当前project开启数据保护策略,不允许外部项目发起的数据访问。
解决方案
需要本项目的所有者关闭数据保护策略。
通过命令关闭数据保护开关:
--true 代表打开,false代表关闭 set ProjectProtection={true|false}; --示例 set ProjectProtection=false;切换到同一个项目下操作,不要跨项目操作。