SQL -555: AN AUTHORIZATION ID CANNOT REVOKE A PRIVILEGE FROMITSELF

Marilyn Stokes

SQL -555: AN AUTHORIZATION ID CANNOT REVOKE A PRIVILEGE FROMITSELF
Is the user that you are trying to revoke the CREATOR of the DB object? If so, they have the inherent rights to DBADM. I had the same issue, the only way around is to rebuild using a different creator id. This is where RACF group usage is ideal.
m

>>> "Hans Landaal" <[login to unmask email]> 01/06 4:24 AM >>>
Recently I received a request to revoke a users DBADM authority. According
to the info in table SYSIBM.SYSDBAUTH the grantee is the same as the
grantor. The grantor has CREATEDBA authority. You probably can guess where
this is going. When I execute the following SQL I receive a '-555 ,an
authid cannot revoke a privilige from itself'.
Executed SQL:
SET CURRENT SQLID = 'userid1' ;
REVOKE DBADM ON DATABASE dbname FROM userid1 ;

When I change the SQL and add the SET CURRENT RULES ='STD' on top there is
no error, DB2 even says 'successful execution', but the authority is still
there. Also I tried to revoke with the install SYSADM, but got errors
again.
The DBADM authority was granted in 1989!!! I don't know which version of
DB2 was running at that time. We are running V5 now.
Does anybody know how I can get rid off the DBADM authority?

Hans