Why I get this error? SQL0551N The statement failed because the authorization ID
I want to create a view from another view that I have select statement privilege. However, I can't and I am getting this error. Do you know why? Do I need other type of Select privilege?
SET CURRENT SCHEMA = SCHEMA1;
CREATE VIEW NEWSCHEMA.MYVIEW AS SELECT * FROM DB1.SCHEMA1.VIEW1
WITH NO ROW MOVEMENT;
SET CURRENT SCHEMA = NEWSCHEMA;
COMMIT;
full error msg:
Category Line Position Timestamp Duration Message Error 3 0 01/27/2023 11:24:05 AM 0:00:00.007 - DB2 Database Error: ERROR [42501] [IBM][DB2/AIX64] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "NEWSCHEMA". Operation: "SELECT". Object: "SCHEMA1.VIEW1".
SELECT GRANTEE, GRANTEETYPE, CONTROLAUTH, SELECTAUTH FROM SYSCAT.TABAUTH WHERE (TABSCHEMA, TABNAME) = ('SCHEMA1', 'VIEW1') AND GRANTEETYPE IN ('U', 'R')
Result:
The reason is highly like because of the following CREATE VIEW authorization requirement:
Authorization
The privileges held by the authorization ID of the statement must include at least one of the following authorities:IMPLICIT_SCHEMA authority on the database, if the implicit or explicit schema name of the view does not exist
CREATEIN privilege on the schema, if the schema name of the view refers to an existing schema
SCHEMAADM authority on the schema, if the schema name of the view refers to an existing schema DBADM authorityand at least one of the following authorities for each table, view, or nickname identified in any fullselect:
CONTROL privilege on that table, view, or nickname
SELECT privilege on that table, view, or nickname
SELECTIN privilege on the schema containing the table, view, or nickname DATAACCESS authority on the schema containing the table, view, or nickname
DATAACCESS authority
...
Group privileges are not considered for any table or view specified in the CREATE VIEW statement.
So, you may really have an ability to SELECT from this view, but you probably have it via some group membership, but not personally or via some role.
This is the reason you get this error.
You may ask your SECADM or view owner grant your authorization id a SELECT privilege to resolve the problem.
- To get the previous record which is less than the given date and time
- An arithmetic expression with a DATETIME value is invalid while using PreparedStatement with Arithmetic calculation in sql later
- No authorized routine named "GETVARIABLE" of type "FUNCTION" having compatible arguments was found
- Get columns of index on DB2
- Unable to convert bytes from charset 65535 in to Japanese (5035)
- ibmcom/db2 docker image fails on m1
- IBMi SQL stored procedures - how to set comma / decimal point in numbers
- as400 (IBMi) journals for analysis
- IBM Db2 Query Not Returning Expected Results for JSON Array Objects
- How to split a string value based on a delimiter in DB2
- How to concat an integer value with a string in DB2 procedure
- Calculating Cumulative Percentages in SQL
- Calculating average number of days between two events
- Where are IBM's DB2 and Oracle's SQLJ Translators?
- Keeping the entire set of duplicates with the highest year (per name)
- Dividing Overlapping Periods in SQL
- SQL: Keeping One Instance of Each Duplicate Set
- Analyzing Gap Years in SQL
- restore an ibm db2 from a savf file
- Checking for Differences between Tables and Making Changes
- SQL get one result of counted column
- Translate to foreign languages in SQL query
- Error when extracting YYMMDD dates from table in AS/400
- SQL join, display multiple values into one row
- DB2 With clause conditional select
- Files stay open after close in SQLRPGLE
- DB2 return table in function
- IBM DB2 ODBC DRIVER :: SQL1390C The environment variable DB2INSTANCE is not defined or is invalid
- Set a column unique without being the primary key
- DB2 CLI result output