The universal user creates an authorization identifier with the SQL statement CREATE USER. He or she then uses CREATE SYSTEM_USER to create an associated system entry by assigning a BS2000 system user ID to the authorization identifier. The database is aware of users created in this way, but they are not authorized in any way to access objects in the database with SQL. To access database objects, SQL users require the relevant privileges (see "Access protection based on privileges in SQL").

The universal user can pass on the property “universal user” to other users by assigning additional system entries with his or her authorization identifier. From the database system's point of view, all system user IDs with this authorization identifier have equal rights. It goes without saying that this means of assigning universal rights should be used judiciously and with extreme care.

The universal user is also able to assign existing users the right to set up additional users (see section “Special privileges”).