Problem:
A user is granted connect, then granted select on certain tables. Instead of being limited to only those tables the user can access all tables.
Solution:
The data base had been configured as READ_ONLY; this entry was found in the acuxdbc.cfg file:
read_only true
Therefore the GRANT operations could not actually update the tables containing the security settings.
The solution is to set "read_only false", or to comment out that setting, then perform the GRANT operations.
