Troubleshooting: Authorization error when running GEN or DDL

If the GEN or DDL line command fails with a message about insufficient privileges on a storage group (STOGROUP), you might need to rebind the Db2 Admin Tool package ADB2RET.

Symptoms

When running GEN or DDL against a Db2 object, the load module ADB2GEN fails with message ADB1223E and DSNT408I:

ADB1223E ADB2RET:  Unexpected sqlcode in : Create index-name
DSNT408I SQLCODE = -551, ERROR:  ADB DOES NOT HAVE THE PRIVILEGE TO PERFORM OPERATION CREATE INDEX ON OBJECT stogroup-name

index-name is the name of the index on a global temporary table.

stogroup-name is the name of the STOGROUP.

This message indicates that the user of Db2 Admin Tool does not have sufficient authority to create an index on a global temporary table in the Db2 work file database that is created with STOGROUP stogroup-name. (The work file database stores global temporary tables and their indexes as well as other temporary objects and files.)

Resolving the problem

  1. Check the name of the STOGROUP that is used by the work file database in your Db2 subsystem. In a non-data-sharing environment, the Db2 installation default for the work file database is DSNDB07, and the default STOGROUP for the work file database is SYSDEFLT.
  2. Check whether the Db2 Admin Tool user has sufficient authority to create objects in that STOGROUP.
  3. If the user does not have authority to create objects in the STOGROUP, either grant this authority or rebind the package ADB2RET with a package owner who has SYSADM authority.