We are trying to create a DB Alias for a DB2 z/OS database. When it gets to the bind step it fails with the following errors (note I've replaced my userid with x's):
SQL0020W The bind or precompile command parameters or
parameter values in the following list were ignored because
they are not supported by the target database: "INSERT".
SQL0551N The statement failed because the authorization ID
does not have the required authorization or privilege to
perform the operation. Authorization ID: "xxxxxxxx".
Operation: "CREATE IN". Object:
We were told by Estuate that we need the following permissions on the database:
GRANT BINDADD TO userid
GRANT CREATE ON COLLECTION * TO userid
In the past, those permissions have been provided to an individual userid. However, our DBA doesn't support that option anymore.
1. Are the permissions indicated above sufficient to create the DB Alias?
2. Can permissions on the DB2 database be granted to a RACF group which my user ID is associated with, or do they need to be granted to an individual userid?
Mark Crawford Principal IT Engineer Applications
Enterprise Business Services - IT Operations
Enterprise Platform Services (EPS)
Enterprise Environments (EE) Compliance Data Delivery (CDD)
Cell: 925-788-5895 Email: Mark.Crawford@kp.org
ServiceNow Group: EOT APP ENV MGMT
Enterprise Environments (EE) Website
NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. v.173.295 Thank you.
1. Are the permissions indicated above sufficient to create the DB Alias?Yes
Yes, permissions can granted to a RACF-group
For both questions the answer is Yes.
Please keep in mind, you have to authorize the RACF-Group in Db2 for every "Object" that will need GRANT CREATE ON COLLECTION * TO RACF-GROUP
The advantage here ist that DBA's doesn't have the need to this for every Uid any more.Now you can GRANT/REVOKE this authorization by adding/deleting the Uid in RACF.regards michael