3165869 - Odata : No authorization to access Service

Calling OData service returns error:

No authorization to access Service '%SERVICE_NAME%'

Status code: 403

The following message will also be displayed:

<SAP_Transaction>For backend administrators: use ADT feed reader "SAP Gateway Error Log" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details</SAP_Transaction>

<SAP_Note>See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)

The screen is as below:

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.  

• S/4 Cloud as the source
• External Web / DataSphere ... as the target

• Run TCode./n/IWFND/GW_CLIENT
  -> Input URI:
  https://mynnnnnn-api.s4hana.ondemand.com/sap/opu/odata/sap/%SERVICE_NAME%/%CDS_NAME%
  -> Click 'Execute'
  -> Input user and password and press Enter
  -> Status code 403
  No authorization to access Service '%SERVICE_NAME%'
  
  
• Test with Postman
  -> Use GET method, input the URL above
  -> Click 'Send'

Missing authorization / role of the user which can be seen by transaction SU53.

1. Find which role has the authorization to access the service:
   SUIM -> Roles -> 'Search for Startable Applications in Roles' with the selection
     Application Type -  SAP Gateway: Service Groups Metadata
     Application         -  '%SERVICE_NAME%'
   
   
   
   -> Execute -> The role then is displayed:
   
   
   
2. Grant the missing role above to the user 

If you have no access to the transactions above, please open a SAP case.

Authorization Object: S_SERVICE

SAP Gateway, SAP OData Gateway, /IWFND/GW_CLIENT, 403, /IWFND/CM_CONSUMER , 101, No authorization to access Service, No authorization, SIUM, SU53, Role, Roles, Search for Startable Applications in Roles, S/4 Cloud , KBA , OPU-GW-COR , Framework , BW-WHM-DBA-ODA , Operational Data Provider for ABAP CDS, HANA & BW , Problem