Denied access for tunnel with id
While working with SAP Cloud Platform (SCP) or Business Technology Platform (BTP), you might face issue with backend system connection via SAP Cloud Connector (CC). Nature of issue might be anything, hence lets check it one by one. So for today, lets focus on Error, Denied access for tunnel with id with WebIDE via BTP.
You will get following log Cloud Connector log-file.
#ERROR#com.sap.core.connectivity.tunnel.client.notification.NotificationClientEventHandler#Thread-103# #Denied access for tunnel with id 'account:///<AccountName>' and attributes: 'applicationAccount:<Account>, applicationName:<Name>, applicationType:<type>'#ERROR#com.sap.core.connectivity.tunnel.client.notification.ApplicationClientConnectTask#Thread-50# #Unexpected exception while establishing application tunnel connection for tunnel: account:///<Account>
com.sap.core.connectivity.tunnel.client.TunnelNotAllowedException: Denied access for tunnel with id 'account:///<Account>' and attributes: 'applicationType:JAVA, applicationAccount:services, applicationName:dispatcher'How to Address the Issue
In Cloud Connector log file you will mainly see error ‘Denied access for tunnel with id‘. This shows that access to specific application is denied at Cloud Connector. This happens if any application is specifically maintained as Trusted in Cloud Connector Applications, thus denying access to any other applications.
To solve this issue, either you need to remove any specific application maintenance as trusted or you need to add each application as trusted with which you want to work.
For example, to solve issue with WebIDE, you need to maintained Application services:dispatcher as trusted application for the Sub-Account from where you are using WebIDE. In the SAP Cloud Connector Administration UI, go to Cloud To On-Premise > Applications & to allow a subscribed application, you must add it to the list in the format <providerSubaccount>:<applicationName>.
Also Read
Error => Permission Denied with Web Dispatcher
The application details can be checked via Cloud Connector log.
#ERROR#com.sap.core.connectivity.tunnel.client.notification.ApplicationClientConnectTask#Thread-50# #Unexpected exception while establishing application tunnel connection for tunnel: account:///<Account>
com.sap.core.connectivity.tunnel.client.TunnelNotAllowedException: Denied access for tunnel with id 'account:///<Account>' and attributes: 'applicationType:JAVA, applicationAccount:services, applicationName:dispatcher'Below is the reference screenshot from SAP Cloud Connector (CC) showing Application maintained as trusted. In below example, services:dispatcher is maintained to address issue with WebIDE as there were already few application maintained as trusted.
Other way to address this issue is to remove all entries maintained, so no specific access restrictions are there.
Reference : SAP Note 2656195
