Regardless of the number of system entries that have been created, only the universal user is initially authorized to work with the new database using SQL and utility statements. If other SQL users are to take on certain database administration tasks, these users have to have the necessary authorization (to issue utility statements, for example). Moreover, individual users must be granted the right to define schemas (see section “Creating, modifying and deleting schemas”). For this reason, the universal user is able to grant special privileges for the following activities with the SQL statement GRANT:

• the creation and deletion of SQL users (CREATE USER)

• the creation of a schema (CREATE SCHEMA)

• the execution of utility statements (UTILITY)

• the definition of storage devices for the spaces (CREATE STOGROUP)

• the creation of user spaces in a specific storage group (USAGE ON STOGROUP)

• all special privileges (ALL SPECIAL PRIVILEGES)

The universal user is authorized to grant special privileges with the exception of USAGE ON STOGROUP. The owner of this storage group is authorized to grant the special privilege USAGE ON STOGROUP for a given storage group.

With the SQL statement REVOKE, the grantor can revoke each special privilege granted with the SQL statement GRANT.

Further information on special privileges and the granting of privileges in general is provided in section “Access protection based on privileges in SQL”.