Before revoking a grantee's permission, you need to identify grantees directly or indirectly granted the permission from the original grantee.
The grant chain traces how a grantee has in turn granted a permission to other grantees.
However, when you view the object permissions granted to a specific user, user-extended role, or standalone role, you only see the permissions granted to the selected user or role. You do not see who the user or role has granted the permissions to.
To determine who the selected user or role has in turn granted an object permission to, note the table, column name (if applicable), and the permission to be traced, then display the permissions list for the table object to be tranced. See Setting Table Permissions > Following the Table Permissions Grant Trail for details.