SAP Knowledge Base Article - Public

3602307 - Data Flow execution was failed with error message "Graph failure" "ODataClientErrorException" in SAP Datasphere

Symptom

Data Flow execution was failed. Check the details in Data Integration Monitor, below error message is shown: 

Group messages: Group: default; Messages: Graph failure: producer1 failed with the following error: org.apache.olingo.client.api.communication.ODataClientErrorException: {‘status’:403, ‘message’: ‘Authenticated user is not permitted to perform the requested operation’}null [HTTP/1.1 403 Forbidden] INZ-5000005: |Reader BODIVView1 Error number <5000005> occurred. There is no additional description. Message parameters are: <org.apache.olingo.client.api.communication.ODataClientErrorException: {‘status’:403, ‘message’: ‘Authenticated user is not permitted to perform the requested operation’}null [HTTP/1.1 403 Forbidden]>. Container is terminated. ExitCode=63

The Data flow is using a "Generic OData" connection with Authentication Type: "OAuth 2.0". The URL in the "Generic OData" connection is using OData API from a Datasphere tenant https://<tenant_url>/api/v1/dwc/catalog.

Environment

SAP Datasphere

Reproducing the Issue

  1. Open Data Integration Monitor for the Data Flow.
  2. Go to "Run Details" -> "Message" tab.
  3. Click "View Details" in the end of the row which Category is "Error".

Cause

The scenario is not supported, because OData API authentication method only allow Three-legged OAuth flow with Authorization code or SAML grant types. But, the Data Flows only support Two-legged OAuth flow with client credentials grant type.

Resolution

Use Authentication Type: "User Name And Password".

It is on the roadmap that OData API authentication support OAuth 2-lagged with client credentials grant type. Now, the release plan is in the end of 2025. 

See Also

Consume Data via the OData API

Generic OData Connections

Keywords

KBA , DS-DI-CON , Connections , Problem

Product

SAP Datasphere all versions