added the following dbauth where applicable:
ACCESSCTRL
Grants the access control authority. The ACCESSCTRL authority allows the holder to:
Grant and revoke the following database authorities: BINDADD, CONNECT, CREATETAB, CREATE_EXTERNAL_ROUTINE, CREATE_NOT_FENCED_ROUTINE, EXPLAIN, IMPLICIT_SCHEMA, LOAD, QUIESE_CONNECT, SQLADM, WLMADM
Grant and revoke all object level privileges
The ACCESSCTRL authority cannot be granted to PUBLIC (SQLSTATE 42508).
DATAACCESS
Grants the authority to access data. The DATAACCESS authority allows the holder to:
Select, insert, update, delete, and load data
Execute any package
Execute any routine (except audit routines)
The DATAACCESS authority cannot be granted to PUBLIC (SQLSTATE 42508).
EXPLAIN
Grants the authority to explain statements. The EXPLAIN authority allows the holder to explain, prepare, and describe dynamic and static SQL statements without requiring access to data.
SECADM
Grants the security administrator authority. The authority allows the holder to:
//Create and drop security objects such as audit policies, roles, security labels, security label components, security policies, and trusted contexts
Grant and revoke authorities, exemptions, privileges, roles, and security labels
Grant and revoke the SETSESSIONUSER privilege
Execute TRANSFER OWNERSHIP on objects owned by others
The SECADM authority cannot be granted to PUBLIC (SQLSTATE 42508).
SQLADM
Grants the authority to manage SQL statement execution. The SQLADM authority allows the holder to:
Create, drop, flush, and set event monitors
Explain, prepare, and describe dynamic and static SQL statements without requiring access to data
Flush optimization profile cache
Flush package cache
Execute the runstats utility
Create, alter, drop, and set usage lists
WLMADM
Grants the authority to manage workloads. The WLMADM authority allows the holder to:
Create, drop, and alter service classes, work action sets, work class sets, or workloads.
CREATE_SECURE_OBJECT
Grants the authority to create secure triggers and secure functions. Grants the authority to alter the secure attribute of such objects as well.
The following should be could be added for future support, yet we should also add support for these objects types if we are going to add them to grant/revoke structure.
// object permissions
// variable
GRANT READ, WRITE ON VARIABLE <schema>.<variable> TO USER <name> WITH GRANT OPTION
// server
GRANT PASSTHRU ON SERVER <server> TO USER <name>
// module
GRANT EXECUTE ON MODULE <schema>.<module> TO USER <name> WITH GRANT OPTION
// method
GRANT EXECUTE ON METHOD * FOR <schema>.<method> TO USER <name> WITH GRANT OPTION
// workload
GRANT USAGE ON WORKLOAD <workload> TO USER <name>
// security label
GRANT SECURITY LABEL <schema>.<securitylabel> TO USER <name> FOR READ ACCESS
GRANT SECURITY LABEL <schema>.<securitylabel> TO USER <name> FOR WRITE ACCESS
// sessionuser
GRANT SETSESSIONUSER ON USER <user> TO USER <name>