Attempts to IMPORT command using IBM DB2 results in an error SQL0551N "Insufficient privilege to perform operation "LOCK" on object "
When doing IMPORT command user may receive the "SQL0551N" SQL error message and the similar record could be found in the db2diag.log with misleading message saying that TESTUSER doesn't have
1900-01-01-00.00.00.000000+000 I1392553A549 LEVEL: Error
PID : 1 TID : 1 PROC : db2bp
INSTANCE: db NODE : 000
APPID : *LOCAL.db.000000000
EDUID : 1
FUNCTION: DB2 UDB, database utilities, sqluCheckSqlcode, probe:1881
MESSAGE : SQL0551N "TESTUSER" does not have the required authorization
privilege to perform operation "LOCK" on object
DATA #1 : String, 12 bytes
DATA #2 : String, 44 bytes
Error from Import/Export or Load Processing.
This happens because original requirements to grant needed privileges to the user doing IMPORT command wasn't met. The LOCK privilege is implicit privilege and is a part of SELECT
privilege. You can't grant LOCK directly with GRANT command, you can only grant it when you grant SELECT privilege.
During IMPORT operation DB2 doesn't need to fetch any rows from target table, it only needs to lock table to prevent any other activities (thus DB2 checks if USER id has LOCK privilege which is an part of SELECT authority).
Diagnosing the problem
If you have encountered an error SQL0551N "Insufficient privilege to perform operation "LOCK" on object " during IMPORT command that means that you didn't grant SELECT privilege to the user id executing IMPORT command.
Resolving the problem
Check that ALL needed privileges (SELECT, UPDATE, DELETE, CREATETAB) were granted to the TESTUSER as described in DB2 Documentation.