grant { {create_application|create_user|no_access|administrator} [on system] |{no_access|manager} on application APP-NAME |{no_access||read|write|manager} on database DBS-NAME |filter FILTER-NAME |execute { CALC-NAME |{any|default} [ !on system! |on application APP-NAME |on database DBS-NAME ] } to {USER-NAME|GROUP-NAME}