Error in DB2 on z/OS revoke

Question

I am observing weird behavior with db2 z/OS revoke operation.

Suppose I create a user, assign some privileges and try to drop a user or if I try to revoke some privileges, I get error "DB2 SQL Error: SQLCODE=-556, SQLSTATE=42504, SQLERRMC=USER3;CREATETAB; ON DSN00016;TESTJDBC, DRIVER=3.67.28" As per the error code, it means "Cannot revoke a privilege that the user does not possess".

But I see that privilege assigned to an user.

And if assign same privilege and then if try revoking it successfully revokes.

Help me with this

Posting the actual statements that you ran might be helpful. — mustaccio, Apr 21 '16 at 13:58

score 0 · Answer 1 · answered Apr 25 '16 at 23:45

If someone else granted the privilege, then DB2 may be complaining that you weren't the grantor. You might try adding BY <other_grantor>, or just BY ALL to the end of your REVOKE.

Here's the relevant snippet from Knowledge Center:

If the BY clause is not specified, the authorization ID of the statement must have granted at least one of the specified privileges to every authorization-name specified in the FROM clause (including PUBLIC, if specified). If the BY clause is specified, the authorization ID of the statement must have SECADM or ACCESSCTRL authority.

Error in DB2 on z/OS revoke

1 Answers1