-20264 FOR TABLE `table-name`, `primary-auth-id` WITH SECURITY LABEL `primary-auth-id-seclabel` IS NOT AUTHORIZED TO PERFORM `operation` ON A ROW WITH SECURITY LABEL `row-seclabel`. THE RECORD IDENTIFIER (RID) OF THIS ROW IS `rid-number`.

Explanation
primary-auth-id attempted an MLS READWRITE operation on a row without having
the proper Multilevel Security (MLS) authorization. The RID identifies this row.

The RID might be *N when a RID identifier is not available for the row.

System action
The operation that was attempted could not be performed.

Programmer response
If this user is authorized to perform this operation, ensure that this user has been properly
defined to MLS. If the row data needs to be viewed, use DSN1PRINT.

In the case of a view or cursor, where the primary authorization ID is able to access more rows
than it can update or delete, you can add the WHERE clause to limit the rows accessed, based on the
security label of the primary authorization ID. The security label can be retrieved using
GETVARIABLE(SYSIBM.SECLABEL).

SQLSTATE
42512

-20264 FOR TABLE table-name, primary-auth-id WITH SECURITY LABEL primary-auth-id-seclabel IS NOT AUTHORIZED TO PERFORM operation ON A ROW WITH SECURITY LABEL row-seclabel. THE RECORD IDENTIFIER (RID) OF THIS ROW IS rid-number.

Explanation

System action

Programmer response

SQLSTATE

-20264 FOR TABLE `table-name`, `primary-auth-id` WITH SECURITY LABEL `primary-auth-id-seclabel` IS NOT AUTHORIZED TO PERFORM `operation` ON A ROW WITH SECURITY LABEL `row-seclabel`. THE RECORD IDENTIFIER (RID) OF THIS ROW IS `rid-number`.