Permissions on system procedures are set in the sybsystemprocs database, where the system procedures are stored.
Security-related system procedures can be run only by System Security Officers. Certain other system procedures can be run only by System Administrators.
Some of the system procedures can be run only by Database Owners. These procedures make sure that the user executing the procedure is the owner of the database from which they are being executed.
Other system procedures can be executed by any user who has been granted permission. A user must have permission to execute a system procedure in all databases, or in none of them.
Users who are not listed in sybsystemprocs..sysusers are treated as “guest” in sybsystemprocs, and are automatically granted permission on many of the system procedures. To deny a user permission on a system procedure, the System Administrator must add him or her to sybsystemprocs..sysusers and issue a revoke statement that applies to that procedure. The owner of a user database cannot directly control permissions on the system procedures from within his or her own database.