Does not react to role changes

Problem/Motivation

When a user's role changes, the grants are not updated until permissions are rebuilt. This has security implications, as administrators may not understand that permissions need to rebuilt after a role has been given or taken away.

Steps to reproduce

1. Create a role called "access own article" that has the "View own article content" permission.
2. Remove the "View * article content" permission for anonymous user and authenticated user.
3. Create a user ("bob") who has the "access own article" role.
4. Log-in as bob.
5. As the new user, create an article node named "Article".
6. Remove the "access own article" role from bob.
7. As bob, attempt to view the "Article" node.
8. Rebuild node access permissions.
9. As bob, attempt to view the "Article" node.
10. Grant bob the "access own projects" role.
11. As bob, attempt to view the "Article" node.
12. Rebuild node access permissions.
13. As bob, attempt to view the "Article" node.

Expected result:

#5: "Article" accessible.
#7: "Article" not accessible.
#9: "Article" not accessible.
#11 "Article" accessible.
#13 "Article" accessible.

Actual result:

#5: "Article" accessible.
#7: "Article" accessible.
#9: "Article" not accessible.
#11: "Article" not accessible.
#13 "Article" accessible.

Proposed resolution

This bug was also in the branch for Drupal 7, see #2474309: "content_access_author" grant does not react to role changes. There is a patch to be ported.