ydb-platform · kunga · Mar 1, 2025 · Feb 27, 2025 · Feb 28, 2025 · Feb 28, 2025
@@ -283,7 +283,7 @@ void TKqpComputeActor::HandleExecute(TEvKqpCompute::TEvScanError::TPtr& ev) {
     IssuesFromMessage(ev->Get()->Record.GetIssues(), issues);
 
     State = NDqProto::COMPUTE_STATE_FAILURE;
-    ReportStateAndMaybeDie(YdbStatusToDqStatus(status), issues);
+    ReportStateAndMaybeDie(YdbStatusToDqStatus(status, EStatusCompatibilityLevel::WithUnauthorized), issues);
 }
 
 IActor* CreateKqpComputeActor(const TActorId& executerId, ui64 txId, NDqProto::TDqTask* task,

diff --git a/ydb/core/sys_view/ut_kqp.cpp b/ydb/core/sys_view/ut_kqp.cpp
@@ -150,7 +150,7 @@ void SetupAuthAccessEnvironment(TTestEnv& env) {
 }
 
 void CheckAuthAdministratorAccessIsRequired(TScanQueryPartIterator& it) {
-    NKqp::StreamResultToYson(it, false, EStatus::INTERNAL_ERROR, 
+    NKqp::StreamResultToYson(it, false, EStatus::UNAUTHORIZED, 
         "Administrator access is required");
 }
 

@@ -32,13 +32,15 @@ Ydb::StatusIds::StatusCode DqStatusToYdbStatus(NYql::NDqProto::StatusIds::Status
         return Ydb::StatusIds::SCHEME_ERROR;
     case NYql::NDqProto::StatusIds::UNSUPPORTED:
         return Ydb::StatusIds::UNSUPPORTED;
+    case NYql::NDqProto::StatusIds::UNAUTHORIZED:
+        return Ydb::StatusIds::UNAUTHORIZED;
     case NYql::NDqProto::StatusIds::GENERIC_ERROR:
     default:
         return Ydb::StatusIds::GENERIC_ERROR;
     }
 }
 
-NYql::NDqProto::StatusIds::StatusCode YdbStatusToDqStatus(Ydb::StatusIds::StatusCode statusCode) {
+NYql::NDqProto::StatusIds::StatusCode YdbStatusToDqStatus(Ydb::StatusIds::StatusCode statusCode, EStatusCompatibilityLevel compatibility) {
     switch(statusCode) {
     case Ydb::StatusIds::STATUS_CODE_UNSPECIFIED:
         return NYql::NDqProto::StatusIds::UNSPECIFIED;
@@ -47,6 +49,9 @@ NYql::NDqProto::StatusIds::StatusCode YdbStatusToDqStatus(Ydb::StatusIds::Status
     case Ydb::StatusIds::BAD_REQUEST:
         return NYql::NDqProto::StatusIds::BAD_REQUEST;
     case Ydb::StatusIds::UNAUTHORIZED:
+        return compatibility >= EStatusCompatibilityLevel::WithUnauthorized
+            ? NYql::NDqProto::StatusIds::UNAUTHORIZED
+            : NYql::NDqProto::StatusIds::INTERNAL_ERROR;
     case Ydb::StatusIds::INTERNAL_ERROR:
         return NYql::NDqProto::StatusIds::INTERNAL_ERROR;
     case Ydb::StatusIds::ABORTED:

@@ -11,8 +11,13 @@
 
 namespace NYql::NDq {
 
+enum class EStatusCompatibilityLevel {
+    Basic,
+    WithUnauthorized
+};
+
 Ydb::StatusIds::StatusCode DqStatusToYdbStatus(NYql::NDqProto::StatusIds::StatusCode statusCode);
-NYql::NDqProto::StatusIds::StatusCode YdbStatusToDqStatus(Ydb::StatusIds::StatusCode statusCode);
+NYql::NDqProto::StatusIds::StatusCode YdbStatusToDqStatus(Ydb::StatusIds::StatusCode statusCode, EStatusCompatibilityLevel compatibility = EStatusCompatibilityLevel::Basic);
 
 struct TEvDq {
 

@@ -22,5 +22,6 @@ message StatusIds {
         SCHEME_ERROR = 14;
         GENERIC_ERROR = 15;
         UNDETERMINED =  16;
+        UNAUTHORIZED =  17;
     }
 }
diff --git a/ydb/tests/functional/tenants/test_auth_system_views.py b/ydb/tests/functional/tenants/test_auth_system_views.py
@@ -162,8 +162,5 @@ def test_tenant_auth_groups_access(ydb_endpoint, ydb_root, prepared_test_env, yd
 
         else:
             assert error is not None, result
-
-            # FIXME: status should have been UNAUTHORIZED
-            # assert error.status == ydb.issues.StatusCode.UNAUTHORIZED
-            assert error.status == ydb.issues.StatusCode.INTERNAL_ERROR
+            assert error.status == ydb.issues.StatusCode.UNAUTHORIZED
             assert 'Administrator access is required' in error.message