You can grant permissions to groups to access database objects.
The database owner grants and revokes group encryption permissions.
When SAP ASE is configured to restrict decrypt permission, only the system security officer can grant decrypt permission on tables, columns, and views. When restricted decrypt permission is turned off, the system security officer or the database owner can grant decrypt permission.
Command permissions allow the group to execute create commands. Database owners can assign command permissions to groups in the databases they own.