MarkLogic’s Data Hub Central offers an easy way to create entities. As a bonus, it automatically creates a TDE Template for you, making your entity accessible through SQL or Optic API queries. However, we ran into an error with this process recently.
After creating an entity and processing some sample data, a member of the team tried to run a simple “select *” on the view associated with the entity. That failed with a “
SQL-TABLENOTFOUND -- Unknown table” error. A little investigation revealed the problem. Let’s look at an example.
Like many developers, I have a rubber duck on my desk. It seems appropriate to use that duck to illustrate the problem.
I fired up a new Data Hub example and used Hub Central to create a RubberDuck entity. It has two properties, size and description, both strings. Looking in my data-hub-file-SCHEMAS database, I see my RubberDuck entity (/entities/RubberDuck.entity.json) and a TDE template (/tde/RubberDuck-1.0.0.tdex). I threw in some sample data:
With just a little more work, I had a couple RubberDuck entities in my final database. Great! Now I can run a nice simple query (in Query Console as the admin user):
select * from RubberDuck.RubberDuck
Hopes for a quick exploration are dashed:
SQL-TABLENOTFOUND: amped-qconsole:qconsole-sql($query, ()) -- Unknown table: Table 'RubberDuck.RubberDuck' not found
This turns out to be a security configuration problem. But wait — I ran that query as my admin user, shouldn’t that work? As it turns out, no. There are some limits on admin users and this is one.
Digging deeper, here are the permissions for the template document (as shown by Query Console):
If a TDE template document has permissions, then those permissions are extended to the triples and rows built by the template.
To solve this, you need to query with a user that has a role with read permissions. For applications, this error is a sign that the user being configured is missing an important role. Odds are, you’re seeing this in development while working with your local admin user. How do I know that?
Looking at the users & roles that make up the Data Hub security model, we can see that
data-hub-developer inherits the
tde-admin role, while
data-hub-operator inherits the
tde-view role. The intent is that users who interact with Data Hub data will have at least one of these roles, which will allow it to read data generated by the TDE templates. Make sure users and roles for your application have these roles assigned appropriately.
If you’re working locally and connecting to Query Console using your admin user, you can give that user the
data-hub-developer role to avoid this error.