A user that only has global or namespace "CREATE" permission can grant permissions to another user on its created table, but cannot revoke them.
This bug exists on branch-2.1, from 2.1.1
2.0, 2.1.0, master, and branch-2.2 are not effected.
The bug can be triggered via hbase shell:
#Start hbase shell as superuse
grant 'regularUser1', 'C'
#Run hbase shell as regularUser1
#grant, then revoke 'RX' permission to regularUser2
grant 'regularUser2', 'RX', 'nunuke'
#This will fail on 2.1.1+
revoke 'regularUser2', 'nunuke'