A user can grant his access rights (authorizations) to any other user only when DBA gives granting right to that user.
A user has an authorization if there exists a path from root (DBA) to the node, that represent the user.
— Consider an example of delete authorization.
User 5 have two paths by which he can get delete authorization
1. DBA → User 2 → User 4 → User 5
2. DBA → User 1 → User 5.
After sometime if DBA revoked that authority from user 1, then user 5 can use 1st path
Advantage
(i) Helps in maintaining large database.
Disadvantage
(i) Users can attempt to defeat authorization revocation.
Ex. Consider the authorization’s as given in Figure 9.4.
Here DBA gives authority to user 1, user 2 and user 3. User 2 grants authority to user 1 and vice versa. At any time if DBA revokes authority from user 2 then even it has authority by user 1.
So, DBA must be careful while granting of privileges.
Source: Gupta Satinder Bal, Mittal Aditya (2017), Introduction to Basic Database Management System, 2nd Edition-University Science Press (2017)