DSNT210I bind-type AUTHORIZATION ERROR USING authorization-id AUTHORITY PLAN=plan-id PRIVILEGE=privilege
Explanation
The indicated authorization ID does not have the indicated privilege and therefore cannot invoke the indicated BIND subcommand against the indicated application plan. If the access control authorization exit is active and the AUTHEXIT_CHECK subsystem parameter is set to DB2, this error might occur if ACEE cannot be created for the indicated authorization ID.
- bind-type
- Type of BIND subcommand: BIND, REBIND, FREE.
- authorization ID
- Authorization ID of the plan owner. Note: If you are using a trusted context, the token auth-id might return a role instead of an authorization ID. A role is returned, if a role was in effect and the authorization checking is performed against the role rather than the authorization ID of the session, when the condition was encountered. The role is returned in the following format as a single token:
ROLE: role-name. - plan-id
- Application plan specified in the BIND subcommand.
- privilege
- Missing privilege: BIND, BINDADD
System action
The BIND, REBIND, or FREE operation for 'plan-id' is not performed.
System programmer response
If the indicated privilege is BINDADD, then the privilege to invoke the BIND subcommand with the ACTION(ADD) option must be granted to the indicated authorization ID. If the indicated privilege is BIND, the privilege to invoke a BIND subcommand against the indicated application plan must be granted to the indicated authorization ID.
If you use the access control authorization exit, ensure that the indicated authorization ID is defined in RACF® and granted the indicated privilege in RACF.