It stands to reason that you cannot grant privileges without access to the privileges table.
I've created a user to be in charge of a specific database only.
It has GRANT OPTION (@ both 'localhost' and '%').
But it cannot grant anything:
Translation: "Oh, you have forgotten to repeat the meaning of WITH GRANT OPTION explicitly".ERROR 1044: Access denied for user: 'novice@localhost' to database 'mysql'
Surely not. Those extra privileges would then be grantable to others.
But what does WITH GRANT OPTION grant if it all of its functionality has to be specified with other privileges?
Surely something else is wrong, but SHOW GRANTS looks fine, and the user can use its other privileges as intended.
What is the least amount of extra privilege that must be granted for GRANT OPTION to work?