If the schema name you are using is not the same as the J2C authentication alias user ID you must grant a sub-set of DB2® privileges to the J2C authentication alias user ID.
The DDL for the Service Integration Bus already contains commented GRANT commands that you can use as a basis for granting access to the SIB tables. However, the other WebSphere® ESB for z/OS® components do not supply any GRANT statements.
Use a schema name that is not the same as the J2C authentication alias to prevent the alias user ID having the power to drop tables. (The power to drop tables is implicitly granted to the creator, that is, the schema.) Note that it does not make sense to grant a privilege like DBADM to the J2C authentication alias user ID because DBADM also has the ability to DROP tables.
GRANT ALL PRIVILEGES ON TABLE cell.tablename TO userid/sqlid
Where userid/sqlid is the J2C authentication alias user ID.