Problem:

A user is granted connect, then granted select on certain tables.  Instead of being limited to only those tables the user can access all tables.

Solution:

The data base had been configured as READ_ONLY; this entry was found in the acuxdbc.cfg file:

   read_only  true

Therefore the GRANT operations could not actually update the tables containing the security settings.

The solution is to set "read_only false", or to comment out that setting, then perform the GRANT operations.