Yeah, that's what I thought...
But that's not true either
to run update statistics on most objects, excluding the objects requiring update any security catalog, only the update statistics permission is required.
1> select * from sysobjects
2> go
Msg 10332, Level 14, State 1:
Server 'ASE157', Line 1:
SELECT permission denied on column audflags of object sysobjects, database testdbX, owner dbo
1> update statistics sysobjects (audflags) with print_progress=1
2> go
Update Statistics STARTED.
Update Statistics table scan started on table 'sysobjects'.
...Sorting started for column 'audflags' (column id = 18).
Update Statistics FINISHED.
Example on a user table
1> select * from tabx
2> go
Msg 10330, Level 14, State 1:
Server 'ASE157', Line 1:
SELECT permission denied on object tabx, database testdbX, owner dbo
1> update statistics tabx with print_progress=1
2> go
Update Statistics STARTED.
Update Statistics table scan started on table 'tabx' for summary statistics.
Update Statistics FINISHED.