Troubleshooting: Authorization error when running GEN or DDL
If the GEN or DDL line command fails with a message about insufficient privileges on a storage group (STOGROUP), you might need to rebind the Db2 Admin Tool package ADB2RET.
Symptoms
When running GEN or DDL against a Db2 object, the load module ADB2GEN fails with message ADB1223E and DSNT408I:
ADB1223E ADB2RET: Unexpected sqlcode in : Create index-name
DSNT408I SQLCODE = -551, ERROR: ADB DOES NOT HAVE THE PRIVILEGE TO PERFORM OPERATION CREATE INDEX ON OBJECT stogroup-name
index-name is the name of the index on a global temporary table.
stogroup-name is the name of the STOGROUP.
This message indicates that the user of Db2 Admin Tool does not have sufficient authority to create an index on a global temporary table in the Db2 work file database that is created with STOGROUP stogroup-name. (The work file database stores global temporary tables and their indexes as well as other temporary objects and files.)
Resolving the problem
- Check the name of the STOGROUP that is used by the work file database in your Db2 subsystem. In a non-data-sharing environment, the Db2 installation default for the work file database is DSNDB07, and the default STOGROUP for the work file database is SYSDEFLT.
- Check whether the Db2 Admin Tool user has sufficient authority to create objects in that STOGROUP.
- If the user does not have authority to create objects in the STOGROUP, either grant this authority or rebind the package ADB2RET with a package owner who has SYSADM authority.