I'm sure this has probably been posted out here somewhere but when I looked quickly I didn't find it so here is a report I have written to do this:
select
name,
decode(BITAND(1, userprivileges),0,null,'x') as Login_Enabled,
decode(BITAND(2048, userprivileges),0,null,'x') as Public_Access,
decode(BITAND(32, userprivileges),0,null,'x') as CreateModify_UserPrivs,
decode(BITAND(64, userprivileges),0,null,'x') as CreateModify_GroupPrivs,
decode(BITAND(16, userprivileges),0,null,'x') as User_Admin,
decode(BITAND(256, userprivileges),0,null,'x') as System_Admin
from kuaf
where BITAND(256, userprivileges) > 0
