While using DB2 ENCRYPT_DATAKEY feature, getting DSNT408I SQLCODE = -4755 as shown below:
SELECT ENCRYPT_DATAKEY('TEXT', 'DB2KEYLABEL_DB2U', AES256R)
FROM SYSIBM.SYSDUMMY1
---------+---------+---------+---------+---------+---------+---------+---------
---------+---------+---------+---------+---------+---------+---------+---------
DSNE610I NUMBER OF ROWS DISPLAYED IS 0
DSNT408I SQLCODE = -4755, ERROR: AUTHORIZATION ID U934784 IS NOT AUTHORIZED
TO ACCESS KEY LABEL DB2KEYLABEL_DB2U SPECIFIED IN SQL STATEMENT FOR
ENCRYPT/DECRYPT FUNCTION. RACROUTE FASTAUTH REQUEST FAILED
WITH SYSTEM AUTHORIZATION FACILITY RETURN CODE 8 SECURITY SERVER
RETURN CODE 8 SECURITY SERVER REASON CODE 0
DSNT418I SQLSTATE = 42527 SQLSTATE RETURN CODE
DSNT415I SQLERRP = DSNXAVKL SQL PROCEDURE DETECTING ERROR
DSNT416I SQLERRD = -10 0 0 -1 0 0 SQL DIAGNOSTIC INFORMATION
DSNT416I SQLERRD = X'FFFFFFF6' X'00000000' X'00000000' X'FFFFFFFF'
X'00000000' X'00000000' SQL DIAGNOSTIC INFORMATION
---------+---------+---------+---------+---------+---------+---------+---------
DSNE618I ROLLBACK PERFORMED, SQLCODE IS 0
Release : 16.0
Component : ACF2 Option for Db2
Create the db2 Key and add DBM1,MSTR id address spaces as shown below:
SET RESOURCE(CSK)
RECKEY DB2KEYLABEL_DB2U ADD( UID(uid of db2 MSTR/DBM1/IRLM/DIST address space) ALLOW WHEN(CRITERIA(SMS(DSENCRYPTION))))
F ACF2,REBUILD(CSK)
Other thing to note is that Key label needs be in the CKDS file.