In pre-16.0 databases, you could create a super-user by granting them DBA authority. Users with DBA authority could perform any privileged task in the system. When you upgrade your database, any users that had DBA authority gets the SYS_AUTH_DBA_ROLE compatibility role, and automatically receives exercise and administration rights for all roles and privileges that are present at the time of upgrade.
When you create a new role and don't specify an administrator at creation time, users with the MANAGE ROLES system privilege (global administrators) can administer the role. Since MANAGE ROLES is one of the system privileges granted to the SYS_AUTH_DBA_ROLE compatibility role, super-users can administer new roles.
However, if you create a new role and assign administrators as part of role creation, administration is then limited to those administrators. Therefore, with SAP Sybase IQ 16.0 and later, if you want your super-user to have administrative rights for new roles, you must explicitly grant it by making them an administrator of the role.
In SAP Sybase IQ 16.0, the SYS_AUTH_DBA_ROLE compatibility role can be migrated to a user-defined role, and once each underlying system privilege has been granted to at least one other role, can be dropped. Therefor, in order to preserve the ability of a super-user to perform any privileged task in the system, before dropping the SYS_AUTH_DBA_ROLE compatibility role, each of its underlying system privileges must be granted directly or indirectly to the super-user.
In pre-16.0 databases, the DBA user was often considered a super-user by virtue of being granted the DBA authority. The DBA user continues to exist with 16.0, and after migration is granted the SYS_AUTH_DBA_ROLE compatibility role. However, the DBA will be unable to administer any role with administrators assigned as part of role creation unless explicitly granted.