Explicit privileges are conferred using the GRANT statement, and can be canceled using the REVOKE statement. Both are documented in detail in the command reference topic of this manual. Because the server provides a wide range of privileges covering database objects, components and activities, very precise control over data is achievable. For example, a user can be granted privileges to update, insert or delete rows of a table, to alter the structure of a table, to update specific columns of a table, to retrieve data from a table, and so on.
Privileges are generally associated with an object type. (For example, there are table privileges, column privileges, and database privileges.) In addition there are a number of special administration authorities used to confer comprehensive sets of privileges to certain types of users. See the chapter Security and Authority, and the topics on GRANT and REVOKE in the SQL Reference for more information. Included in these types of authorities are database administrator (DBADM), and super user authorities.
Information on privileges and authorities is stored in the system catalog tables. Each location stores privileges on objects within the location. In addition, the SYSTEM location stores information on administrator authorities for the system and for each location.