We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

Hi David,

I am not a z/OS person, but SQLCODE -104 is indicating invalid symbol;

- can you verify that Db2 z/OS allows an identifier starting with digit? Shouldn't it be following the rules of an SQL identifier?
- can you verify that role you are going ti assign to an user has been created and exists?

For Db2 V11.5 for LUW this is how I would create and assign role to an user:

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

We heard back from IBM support that Assigning Users to Roles   isn't supported under DB2 for ZOS .

I see that your example did work.  We've tried Role names without numbers and same results.

Are you using DB2 v12 under ZOS operating system?

Hi David,

I am not a z/OS person, but SQLCODE -104 is indicating invalid symbol;

- can you verify that Db2 z/OS allows an identifier starting with digit? Shouldn't it be following the rules of an SQL identifier?
- can you verify that role you are going ti assign to an user has been created and exists?

For Db2 V11.5 for LUW this is how I would create and assign role to an user:

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

Ok - as I stated before - I am not a z/OS person.

Long time ago I was told that Db2 is a Db2 is a Db2.  Since then I was treating this rather as a warning than as a compatibility statement :-)

Sorry if I confused you - I was using Db2 for LUW (Linux, Unix and Windows) _ I have no clue about Db2 flavours which belong to Smithsonian Institute ...

We heard back from IBM support that Assigning Users to Roles   isn't supported under DB2 for ZOS .

I see that your example did work.  We've tried Role names without numbers and same results.

Are you using DB2 v12 under ZOS operating system?

Hi David,

I am not a z/OS person, but SQLCODE -104 is indicating invalid symbol;

- can you verify that Db2 z/OS allows an identifier starting with digit? Shouldn't it be following the rules of an SQL identifier?
- can you verify that role you are going ti assign to an user has been created and exists?

For Db2 V11.5 for LUW this is how I would create and assign role to an user:

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

Thanks for you feedback!

 

------------- Next Scheduled PTO -------------

TBD

 

Mobile:  231-245-6535

 

Original Message:
Sent: 1/16/2025 5:34:00 PM
From: Jan Nelken
Subject: RE: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

Ok - as I stated before - I am not a z/OS person.

Long time ago I was told that Db2 is a Db2 is a Db2.  Since then I was treating this rather as a warning than as a compatibility statement :-)

Sorry if I confused you - I was using Db2 for LUW (Linux, Unix and Windows) _ I have no clue about Db2 flavours which belong to Smithsonian Institute ...

------------------------------
Jan Nelken

Original Message:
Sent: Thu January 16, 2025 05:10 PM
From: David Perrin
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

We heard back from IBM support that Assigning Users to Roles   isn't supported under DB2 for ZOS .

I see that your example did work.  We've tried Role names without numbers and same results.

Are you using DB2 v12 under ZOS operating system?

------------------------------
David Perrin

Original Message:
Sent: Thu January 16, 2025 04:32 PM
From: Jan Nelken
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

Hi David,

I am not a z/OS person, but SQLCODE -104 is indicating invalid symbol;

- can you verify that Db2 z/OS allows an identifier starting with digit? Shouldn't it be following the rules of an SQL identifier?
- can you verify that role you are going ti assign to an user has been created and exists?

For Db2 V11.5 for LUW this is how I would create and assign role to an user:

------------------------------
Jan Nelken

Original Message:
Sent: Wed January 15, 2025 11:45 AM
From: David Perrin
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

------------------------------
David Perrin
------------------------------

Perhaps you can check whether assigning role to a group will work for Db2 z/OS; if it works then you could create an unique group for each user and thus go around this limitation ...

------------------------------
Jan Nelken

Original Message:
Sent: Fri January 17, 2025 09:47 AM
From: David Perrin
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

Thanks for you feedback!

 

------------- Next Scheduled PTO -------------

TBD

 

Mobile:  231-245-6535

 

Original Message:
Sent: 1/16/2025 5:34:00 PM
From: Jan Nelken
Subject: RE: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

Ok - as I stated before - I am not a z/OS person.

Long time ago I was told that Db2 is a Db2 is a Db2.  Since then I was treating this rather as a warning than as a compatibility statement :-)

Sorry if I confused you - I was using Db2 for LUW (Linux, Unix and Windows) _ I have no clue about Db2 flavours which belong to Smithsonian Institute ...

------------------------------
Jan Nelken

Original Message:
Sent: Thu January 16, 2025 05:10 PM
From: David Perrin
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

We heard back from IBM support that Assigning Users to Roles   isn't supported under DB2 for ZOS .

I see that your example did work.  We've tried Role names without numbers and same results.

Are you using DB2 v12 under ZOS operating system?

------------------------------
David Perrin

Original Message:
Sent: Thu January 16, 2025 04:32 PM
From: Jan Nelken
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

Hi David,

I am not a z/OS person, but SQLCODE -104 is indicating invalid symbol;

- can you verify that Db2 z/OS allows an identifier starting with digit? Shouldn't it be following the rules of an SQL identifier?
- can you verify that role you are going ti assign to an user has been created and exists?

For Db2 V11.5 for LUW this is how I would create and assign role to an user:

------------------------------
Jan Nelken

Original Message:
Sent: Wed January 15, 2025 11:45 AM
From: David Perrin
Subject: DB2 for ZOS - Issue using DB2 Roles and GRANT ROLE statement

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

------------------------------
David Perrin
------------------------------

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?

Roles like other database objects have naming conventions. most state that a object must start with a Alpha..  A-Z, they can't start with a number.

We are using DB2 V12

Attempting to Create a Role and assign the Role to a user using SQL statements.

Following the IBM documentation.

This specific SQL statement:  GRANT ROLE "80MI4400PG" TO USER PROTTA  always fails.  Errors are similar to:

I always get:       SQLCODE : -104                           DSNTIAR CODE :  0                   .
                                                                                  .
  DSNT408I SQLCODE = -104, ERROR:  ILLEGAL SYMBOL ""80MI4400PG"". SOME SYMBOLS    .
           THAT MIGHT BE LEGAL ARE: TO WITH WITHOUT IN ,                          .
  DSNT418I SQLSTATE   = 42601 SQLSTATE RETURN CODE                                .
  DSNT415I SQLERRP    = DSNHPARS SQL PROCEDURE DETECTING ERROR                    .
  DSNT416I SQLERRD    = 3  0  0  -1  12  502 SQL DIAGNOSTIC INFORMATION           .
  DSNT416I SQLERRD    = X'00000003'  X'00000000'  X'00000000'  X'FFFFFFFF'        .
           X'0000000C'  X'000001F6' SQL DIAGNOSTIC INFORMATION                 

I have SYSADM rights.  I've tried about a dozen variations of GRANT ROLE ....

Cannot get past the issue and don't know what next steps should be.  I have opened case with IBM support as well....

Does anyone have guidance to solve this issue?