Symptom
Data Flow execution was failed. Check the details in Data Integration Monitor, below error message is shown:
Group messages: Group: default; Messages: Graph failure: producer1 failed with the following error: org.apache.olingo.client.api.communication.ODataClientErrorException: {‘status’:403, ‘message’: ‘Authenticated user is not permitted to perform the requested operation’}null [HTTP/1.1 403 Forbidden] INZ-5000005: |Reader BODIVView1 Error number <5000005> occurred. There is no additional description. Message parameters are: <org.apache.olingo.client.api.communication.ODataClientErrorException: {‘status’:403, ‘message’: ‘Authenticated user is not permitted to perform the requested operation’}null [HTTP/1.1 403 Forbidden]>. Container is terminated. ExitCode=63
The Data flow is using a "Generic OData" connection with Authentication Type: "OAuth 2.0". The URL in the "Generic OData" connection is using OData API from a Datasphere tenant https://<tenant_url>/api/v1/dwc/catalog.
Environment
SAP Datasphere
Reproducing the Issue
- Open Data Integration Monitor for the Data Flow.
- Go to "Run Details" -> "Message" tab.
- Click "View Details" in the end of the row which Category is "Error".
Cause
The scenario is not supported, because OData API authentication method only allow Three-legged OAuth flow with Authorization code or SAML grant types. But, the Data Flows only support Two-legged OAuth flow with client credentials grant type.
Resolution
Use Authentication Type: "User Name And Password".
It is on the roadmap that OData API authentication support OAuth 2-lagged with client credentials grant type. Now, the release plan is in the end of 2025.
See Also
Keywords
KBA , DS-DI-CON , Connections , Problem