There are several views in the catalog (syscat) that show authorizations (they usually end in "AUTH") . There is a different view for each object type (e.g. TABAUTH is for table authorizations-select, insert, delete, etc). Each of these views should have a column that is like 'GRANT'. Persons with this authorization can perform the grant on the object for which they have the grant authority.
I usually do not need to look in the syscat catalog for authorizations so i am not 100% on what is there. That is what manuals are created for. Looking in the V9.5 manual (I assume V7 is similar), to grant/revoke connect privilege the user needs to be either DBADM or SYSADM.