Help Center/ GaussDB(DWS)/ Troubleshooting/ Data Import and Export/ "Access Denied" Is Displayed When the SQL Statement for Creating an OBS Foreign Table Is Executed
Updated on 2024-01-25 GMT+08:00

"Access Denied" Is Displayed When the SQL Statement for Creating an OBS Foreign Table Is Executed

Symptom

When a user executes the SQL statement for creating an OBS foreign table, an OBS error Access Denied is reported.

Possible Causes

  • If the AK and SK in the statement for creating an OBS foreign table are incorrect, the following error information is displayed:
    1
    ERROR: Fail to connect OBS in node:cn_5001 with error code: AccessDenied
    
  • If an account does not have the read and write permissions on corresponding OBS buckets, the following error information is displayed:
    1
    dn_6001_6002: Datanode 'dn_6001_6002' fail to read OBS object bucket:'obs-bucket-name' key:'xxx/xxx/xxx.csv' with OBS error code:AccessDenied message: Access Denied
    

    By default, an account does not have the permission to access OBS data of other accounts. In addition, an IAM user (similar to a sub-user) does not have the permission to access OBS data of the account to which it belongs.

Handling Procedure

  • The AK and SK in the statement for creating an OBS foreign table are incorrect.

    Obtain the correct AK and SK and write them into the SQL statement. To obtain the AK and SK, perform the following steps:

    1. Log in to the GaussDB(DWS) management console.
    2. Move the cursor to the username in the upper right corner and choose My Credentials.
    3. In the upper right corner of the page, click the username and choose My Credentials.
    4. In the navigation pane, click Access Keys.

      On the Access Keys page, you can view the existing access key ID (AK).

    5. If you want to obtain both the AK and SK, click Create Access Key to create and download the access key file.
  • The account does not have the read and write permissions on OBS buckets.

    You must grant the required OBS access permissions to specified users.

    • When importing data to GaussDB(DWS) using an OBS foreign table, the user who performs the operation must have the read permission on the OBS bucket and object where the source data files are located.
    • When exporting data using an OBS foreign table, the user who performs the operation must have the read and write permissions on the OBS bucket and object where the data export path is located.

    For details about configuring OBS permissions, see Configuring a Bucket ACL and Configuring Object ACL in the Object Storage Service Console Operation Guide.

    For details about configuring OBS permissions, see Console Operation Guide > Permission Control in the Object Storage Service User Guide.