4.23

Explain why, when a manager, say Satoshi, grants an authorization, the grant should be done by the manager role, rather than by the user Satoshi.


Assume the grant is done by the user Satoshi instead of the manager role. Then if Satoshi leaves the company one day, and the DBA revokes Satoshi’s authorization, all of the employees granted by Satoshi will have their authorization revoked.

If the DBA doesn’t want that, he should have the manager role grant an authorization instead of the user Satoshi.