Executing Fast Unload for Db2 for z/OS (PFU) and job fails with the following messages:

PFU0139E - USERID: xxxxxxx  DOES NOT HAVE SUFFICIENT SECURITY PRIVILEGES    
PTFU913 - SAF RACROUTE FAILED - SAFRC X'0008' RC X'001C' RS X'00000000'
USER COMPLETION CODE 0502 ACTIVE LOAD MODULE UTLFUPSF  U0502               

The PFU documentation indicates the following restriction:
Important! You can no longer specify a group ID as a SYSADM ID.  Instead, update the SYSADM value in SETUP or the SYSADM1 value in DSNZPARM with a    
user ID that is defined to the external security server and to DB2. This user ID must have the appropriate DB2 authorizations.    

Available options to resolve the PFU0139E error:

1. Create a PFU member in hlq.CDBAPARM and add syntax:

SYSADM SETUP

Verify the SYSADM setting within the SETUPxx member specifies a user ID that is defined to external security and has appropriate DB2 authorizations.

or 

2. Create a PFU member in hlq.CDBAPARM and add syntax:

SYSADM USER

The user ID executing the PFU job must have appropriate DB2 authorizations when SYSADM USER is specified.