DB2 Errors: SQL0569N Authorization ID does not uniquely identify a user, a group or a role in the system.

Posted by

What this error looks like

SQL0569N  Authorization ID "WSCOMUSR" does not uniquely
      identify a user, a group or a role in the system.

If WebSphere Commerce gets this error (or it may look similar for other applications), it looks like this:

2011-03-04 11:37:18.076, 
, com.ibm.commerce.context.content.ant.tasks.UpdateWorkspacesTableTask::performTask(), S1 CWXBR0001E: A generic runtime system exception occured. The exception is: "com.ibm.db2.jcc.a.SqlException: DB2 SQL Error: SQLCODE=-569, SQLSTATE=56092, SQLERRMC=WSCOMUSR, DRIVER=4.3.111

Does this error mean the command didn’t work

Yes – note the “N” on the end.

Common Causes

This error is usually encountered on a grant statement. DB2 does not require that you specify whether you are granting to a user, a role, or a group, so DB2 must determine which one you mean when you do the grant statement. Therefore, if you have a user and a group with exactly the same name, db2 will not be able to determine which one you mean. In that case, the grant statement fails with this error.

The sneaky thing about this error is that you might test something and not encounter it, but then encounter it if you happen to have a user id and a group with the same name. There was one WebSphere Commerce fixpack that granted some permissions without specifying “user” or “group”, and therefore we discovered this error on one system when we had successfully installed the fixpack on other servers.

Common Solutions

The first solution here is to get in the habit of always specifying “user” or “group” when you write grant statements. Instead of:

db2 grant select on orders to my_user
db2 grant select on orders to my_group
db2 grant select on orders to my_role

Use this:

db2 grant select on orders to user my_user
db2 grant select on orders to group my_group
db2 grant select on orders to role my_role

The other solution is to simply make it so that you don’t have a user and a group with the same name – this could be easy or hard depending on your security strategy. In the cases I’ve seen this, normally someone has accidentally created a group as a user or vice-versa, and when they correct it, they don’t drop the incorrect one. If you insist on having a security strategy that includes users and groups with the same name, then this solution is obviously not an option.

Info Center Link for This Error

http://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.messages.sql.doc/doc/msql00569n.html

Lead Db2 Database Engineer and Service Delivery Manager , XTIVIA
Ember is always curious and thrives on change. Working in IT provides a lot of that change, but after 17 years developing a top-level expertise on Db2 for mid-range servers and more than 7 years blogging about it, Ember is hungry for new challenges and looks to expand her skill set to the Data Engineering role for Data Science. With in-depth SQL and RDBMS knowledge, Ember shares both posts about her core skill set and her journey into Data Science. Ember lives in Denver and work from home for XTIVIA, leading a team of Db2 DBAs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.