Revoking a role does not revoke corresponding grants from open sessions

Description

If a session has set a role X, revoking this role X from the user does not revoke the grants it provided.
I am not 100% sure whether it's design or oversight, but I suspect the latter because a) revoking the grants from the role does revoke them from an open session; b) dropping the role also revokes the grants from an open session. However, it's obviously not practical to do modify a role this way if you only want to deny it for a particular user, and do it immediately.

Test case:

Output:

Environment

None

Assignee

Sergei Golubchik

Reporter

Elena Stepanova

Labels

None

Fix versions

Priority

Major
Configure