The privileges required depend on the task you are performing.
To create a new table on a dbspace requires the CREATE object-level privilege on the dbspace. To move an existing table or column to a dbspace requires the MANAGE ANY DBSPACE system privilege or the CREATE object-level privilege on the destination dbspace.
In addition to the dbspace requirements, you also require a system privilege for the specific task. For example, you need the CREATE TABLE or CREATE ANY TABLE system privilege to create a table, the ALTER ANY TABLE system privilege to alter the table, and so on.
For example, to create table1, owned by you, in dbspace test1, you require the CREATE object-level privilege on test1, as well as the CREATE TABLE system privilege. To then move table1 from dbspace test1 to dbspace test2 requires either the MANAGE ANY DBSPACE system privilege or the CREATE object-level privilege on test2, the destination dbspace.
You can grant the required privileges to, or revoked them from, a user or a role. Any member in a role inherits the privileges from the role.
By default, the CREATE object-level privilege on IQ_SYSTEM_MAIN, IQ_SYSTEM_TEMP, and SYSTEM is granted to PUBLIC.