When using RCS revoke impact with the COLLAPSE option, the revoke and regrants are executed, however, the old grants are still listed from SYSIBM.SYSUSERAUTH when executing RCQ User reports.
Why are the old grants not removed when the COLLAPSE is executed?
Release : 20.0
Revoke including dependent privileges is controlled via the DB2 subsystem parameter "REVOKE_DEP_PRIVILEGES".
If the SSID has REVOKE_DEP_PRIVILEGES = NO, this means REVOKE cannot have a cascade effect. Hence the entries are still present.
With REVOKE_DEP_PRIVILEGES = YES, the entries are not seen after the collapse command.
IBM Documentation: