While the user DBA has unrestricted privileges to create, alter, manipulate, and drop any object in the database, non-DBA users must have certain privileges in order to execute SQL statements involving objects in the database. Non-DBA users, once created, can connect to the database and proceed to create new schemas (which they will own), and then tables, domains, and so on within them. A new user also receives ownership privileges on their default schema, if it did not exist prior to the creation of the user authorization; if the default schema is already owned by another user, the new user receives the OWNER privilege on it.

Ownership of a database object entails the ability to give privileges on the object to other users using the GRANT command; these privileges may furthermore be given WITH GRANT OPTION, which allows the grantee to give the privileges to yet another user. Privileges granted to another user can later be taken away using the REVOKE command. As a "super-user", the DBA can GRANT or REVOKE any privilege on any database object, including DBA privileges, which confer upon the recipient the same abilities as the user DBA.

Further details about specific privileges can be found in the following sections, which describe the syntax and usage of the privilege-related SQL commands.