SAP Knowledge Base Article - Public

3165869 - Odata : No authorization to access Service

Symptom

Calling Odata service returns error:

No authorization to access Service '%SERVICE_NAME%'

Status code: 403

The following message will also be displayed:

<SAP_Transaction>For backend administrators: use ADT feed reader "SAP Gateway Error Log" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details</SAP_Transaction>

<SAP_Note>See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)

The screen is as below:

Environment

S/4 Cloud as the source
External Web / DataSphere ... as the target

Reproducing the Issue

Run TCode./n/IWFND/GW_CLIENT
-> Input URI:
https://mynnnnnn-api.s4hana.ondemand.com/sap/opu/odata/sap/%SERVICE_NAME%/%CDS_NAME%
-> Click 'Execute'
-> Input user and password and press Enter
-> Status code 403
No authorization to access Service '%SERVICE_NAME%'
Test with Postman
-> Use GET method, input the URL above
-> Click 'Send'

Cause

Missing authorization / role of the user which can be seen by transaction SU53.

Resolution

Find which role has the authorization to access the service:
SUIM -> Roles -> 'Search for Startable Applications in Roles' with the selection
Application Type - SAP Gateway: Service Groups Metadata
Application - '%SERVICE_NAME%'

-> Execute -> The role then is displayed:
Grant the missing role above to the user

If you have no access to the transactions above, please open a SAP case.

Keywords

/IWFND/CM_CONSUMER , 101 , KBA , OPU-GW-COR , Framework , BW-WHM-DBA-ODA , Operational Data Provider for ABAP CDS, HANA & BW , Problem

Product

SAP S/4HANA Cloud Public Edition all versions ; SAP S/4HANA Cloud all versions

Attachments

3165869_2.png
3165869_3.png
Pasted image.png
image.png
image.png
bb4d61e13b7d0a94422da13a85e45a56
image.png