ODPS-0130013

本文为您介绍错误码ODPS-0130013:Authorization exception的报错场景,并提供对应的解决方案。

错误1:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>

错误信息示例

FAILED: ODPS-0130013:Authorization Failed [4011], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. Explicitly denied by policy. Context ID:<context ID>. --->Tips: CurrentProject:<project_name>; Pricipal:ALIYUN$<account_id>;

错误描述

当前用户访问该proejct时,没有通过policy校验。当proejct设置了对应的policy后,除了project owner以外,其它用户都需要先检验该policy。

解决方案

需要通过命令给该用户授权。

--使用下面命令查看当前项目的policy设置:
get policy;
--返回内容,下面policy代表除了owner以外,其它人都不可以访问该项目
{
"Version": "1",
"Statement":
 [{
    "Effect":"Deny",
    "Principal":"*",
    "Action":"odps:*",
    "Resource":"acs:odps:*:projects/*",
}]
}

--修改policy内容
--把修改好的policy存放成,policy.txt文件
--把effect修改成allow,代表全部用户都可以访问。
{
"Version": "1",
"Statement":
 [{
    "Effect":"allow",
    "Principal":"*",
    "Action":"odps:*",
    "Resource":"acs:odps:*:projects/*",
}]
}

具体关于project基本的policy使用方法,请参见Policy概况

错误2:Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project '<project_name>' is protected

错误信息示例

ODPS-0130013:Authorization exception - Authorization Failed [4021], You have NO privilege 'odps:Select' on {acs:odps:*:projects/<project_name>/tables/<table_name>}. project 'wego_data_center' is protected. You need to contact the project owner to set the exception policy for you. Context ID:<context ID>.   --->Tips: CurrentProject:wg_data_ops; Pricipal:ALIYUN$<account_id>; No permission 'odps:Select' on resource acs:odps:*:projects/projects/<project_name>/tables/<table_name>

错误码描述

当前project开启数据保护策略,不允许外部项目发起的数据访问。

解决方案

  1. 需要本项目的所有者关闭数据保护策略。

    通过命令关闭数据保护开关:

    --true 代表打开,false代表关闭
    set ProjectProtection={true|false};
    --示例
    set ProjectProtection=false;
  2. 切换到同一个项目下操作,不要跨项目操作。