Still wanting an answer... MANAGE ANY DBSPACE is not acceptable from a security point of view, when it comes to a user id and password that is used only for backups... it's too powerfuld.
Apparently the 220.127.116.112 BACKUP DATABASE system privilege is not sufficient to run dbbackup with the -x option; it produces the error message "unable to delete transaction log".
What is the minimum required?
Granting the MANAGE ANY DBSPACE system privilege does allow dbbackup -x to run, but that seems... rather ... excessive.
Might as well GRANT NSA privileges, er, GRANT DBA :)
The privilege we check during the delete transaction log operation is indeed MANAGE ANY DBSPACE. Whether it should be or not is debatable (it should probably be BACKUP DATABASE), but that's the one we currently check.