A system for controlling user authorities to access one or more databases includes at least one client computer (1), at least one administrator computer (4), an application server (3), a database server (5), and a system database (6). The application server includes an authority setting module (31), an authority verification module (32), a data management module (33), and an authority modifying module (34). The authority setting module is provided for defining system operations, user types and user authorities for ACLs (access control lists). Each ACL includes a database name list (105), a user name list (106), a user type list (107), a user authority list (108), and an ACL modifying interface (109). The system database stores a plurality of ACLs, operation definition data, type definition data, and authority definition data. A related method for adding, deleting and/or modifying authorities of a user by using ACLs is also disclosed.