I already covered parts of this topic in the past:
- In 2012, I gave an introduction about where to find granted privileges in the catalog. It covers the catalog structure and links to key tables.
- In 2011, 2013 and recently, I discussed trusted contexts, surrogates and the session user as special form of granting privileges and switching identities. I started with a short explaination of trusted context. Next, this introduction covers the concept of surrogates and switching the userid via SET SESSIONUSER. As a follow-up, I looked into related catalog entries for trusted contexts and surrogates which are related to the task scheduler.
- Last year, I wrote about interesting administrative views and and table functions to list privileges. As an example I looked at implicit privileges through group membership.
What is important to know is how to extract the information from the catalog: