You can specify multiple identifiers in the identifier clause
    when combining an identifier with a system-defined identifier.
    However, you should regard the six system-defined identifiers
    as mutually exclusive. Do not attempt to use them in combination
    with each other. You can combine them with other identifiers
    (UICs and general identifiers). When you specify multiple
    identifiers, separate them with a plus sign (+).

    If you specify multiple identifiers in the identifier clause,
    you define one ACE that determines the access rights that users
    will receive when they hold ALL the identifiers specified in the
    identifier clause. Users who do not hold all of the identifiers
    specified in the identifier clause will not be governed by the
    ACE that is created.

    For example, the first of the two RDO statements in the
    following example defines a single ACE for users with both the
    [CLERK,DAVIES] and REMOTE identifiers, not one ACE for users with
    the [CLERK,DAVIES] identifier and another ACE for users with the
    REMOTE identifier. The second statement shows the ACE created
    in the second position in the ACL, as specified in the DEFINE
    PROTECTION statement:

    DEFINE PROTECTION FOR RELATION A1
    POSITION 2
    IDENTIFIER [CLERKS,DAVIES]+REMOTE
    ACCESS READ+WRITE+MODIFY.
    !
    SHOW PROTECTION FOR RELATION A1
     (IDENTIFIER=[DBS,RICK],ACCESS=READ+WRITE+MODIFY+ERASE+SHOW+DEFINE+
       CHANGE+DELETE+CONTROL+OPERATOR+ADMINISTRATOR+REFERENCES+SECURITY)
     (IDENTIFIER=[CLERK,DAVIES]+REMOTE,ACCESS=READ+WRITE+MODIFY)
     (IDENTIFIER=[*,*],ACCESS=READ+MODIFY)

    To control which users have the ability to create databases, use
    the RDBVMS$CREATE_DB logical name and system rights identifier.
    See the "Oracle Rdb Guide to Database Design and Definition" for
    more information on the RDBVMS$CREATE_DB logical name and system
    rights identifier.