本文为您介绍错误码ODPS-0130013:Authorization exception的报错场景,并提供对应的解决方案。
错误1:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>
错误信息示例
FAILED: ODPS-0130013:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>;
错误描述
当前用户访问该Project时,没有通过Policy校验。当Project设置了对应的Policy后,除了Project Owner以外,其它用户都需要先检验该Policy。
解决方案
需要通过命令给该用户授权。
--使用下面命令查看当前项目的policy设置:
get policy;
--返回内容,下面policy代表除了owner以外,其他人都不可以访问该项目
{
"Version": "1",
"Statement":
[{
"Effect":"Deny",
"Principal":"*",
"Action":"odps:*",
"Resource":"acs:odps:*:projects/*",
}]
}
--修改policy内容
--把修改好的policy存放成,policy.txt文件
--把effect修改成allow,代表全部用户都可以访问。
{
"Version": "1",
"Statement":
[{
"Effect":"allow",
"Principal":"*",
"Action":"odps:*",
"Resource":"acs:odps:*:projects/*",
}]
}具体关于Project基本的Policy使用方法,请参见Policy概况。
错误2:Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project '<project_name>' is protected
错误信息示例
ODPS-0130013:Authorization exception - Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project 'wego_data_center' is protected. You need to contact the project owner to set the exception policy for you. Context ID:<context ID>. --->Tips: CurrentProject:wg_data_ops; Pricipal:ALIYUN$<account_id>; No permission 'odps:Select' on resource acs:odps:*:projects/projects/<project_name>/tables/<table_name>
错误码描述
当前Project开启数据保护策略,不允许外部项目发起的数据访问。
解决方案
需要本项目的所有者关闭数据保护策略。
通过命令关闭数据保护开关:
--true代表打开,false代表关闭 set ProjectProtection={true|false}; --示例 set ProjectProtection=false;切换到同一个项目下操作,不要跨项目操作。
错误3:Authorization Failed [4031], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. CheckLabelSecurity failed: The sensitive label of column '<column_name>' is xx, but your effective label is xx
错误信息示例
ODPS-0130013:Authorization exception - Authorization Failed [4031], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. CheckLabelSecurity failed. The sensitive label of column 'status_id' is 2, but your effective label is 0.
错误码描述
当前账号的Label权限等级不足。
解决方案
需要由Project Owner或具备Admin角色的用户为该用户授予访问高敏感等级数据的权限。授权命令如下:
GRANT Label <number> ON TABLE <table_name> [(<column_list>)] TO {USER|ROLE} <name> [WITH exp <days>];Label授权详情请参见Label权限控制。
- 本页导读 (1)
- 错误1:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>
- 错误信息示例
- 错误描述
- 解决方案
- 错误2:Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project '<project_name>' is protected
- 错误信息示例
- 错误码描述
- 解决方案
- 错误3:Authorization Failed [4031], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. CheckLabelSecurity failed: The sensitive label of column '<column_name>' is xx, but your effective label is xx
- 错误信息示例
- 错误码描述
- 解决方案
