>> You already have user RRZE in your database
>> (i.e. RRZE is owner of some objects, or RRZE has granted some rights), try
>
>> SELECT * FROM RDB$USER_PRIVILEGES WHERE RDB$USER='RRZE';

...

> Hm, well no.
> There is no user account.
>
> There was a CREATE ROLE statement which failed during installation
> and many grants to that role which haven't failed.

No, you can't grant anything to non-existent role.
But you can grant rights to non-existent user.

Did you explicitely specify the keyword ROLE ?

GRANT ALL ON TAB TO ROLE R;

> so there are many entries for a user RRZE in RDB$USER but there is
> no USER RRZE in the security DB and there should!

This problem has nothing to do with security database.
Whether RRZE is considered user or role depends only on the database
you are connected (connecting) to.
As I said, you can create role RRZE only if RRZE is not already considered to be user
by the database, i.e. RRZE must not be owner of any db object, nor there must be
any grants to user RRZE.
My guess is that RRZE is the owner of your database ...

Ivan
http://www.volny.cz/iprenosil/interbase/