Description:
The INNODB_REDO_LOG_ENABLE privilege can be granted to an account/self even when this privilege has not been assigned. This violates the rule of only granting privileges assigned.

How to repeat:
mysql> SHOW GRANTS \G
*************************** 1. row ***************************
Grants for myuser@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO `myuser`@`%` WITH GRANT OPTION
*************************** 2. row ***************************
Grants for myuser@%: GRANT INNODB_REDO_LOG_ENABLE ON *.* TO `myuser`@`%`
2 rows in set (0.00 sec)

mysql> ALTER INSTANCE DISABLE INNODB REDO_LOG;
ERROR 1227 (42000): Access denied; you need (at least one of) the INNODB_REDO_LOG_ENABLE privilege(s) for this operation

mysql> GRANT INNODB_REDO_LOG_ENABLE ON *.* to 'myuser'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> ALTER INSTANCE DISABLE INNODB REDO_LOG;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW GLOBAL STATUS LIKE '%redo%';
+-------------------------+-------+
| Variable_name           | Value |
+-------------------------+-------+
| Innodb_redo_log_enabled | OFF   |
+-------------------------+-------+
1 row in set (0.00 sec)

Suggested fix:
The priv should not be grantable because `myuser` does not have it assigned to itself.

Hi Mr. Real,

Thank you for your bug report.

But, this is not a bug.

You have granted that privilege to that user, so it can enable / disable it .......

Not a bug.

Well, my original privileges does not have CONNECTION_ADMIN, so I should not be able to grant it to myself.

However, reading the documentation:
"""
(Alternatively, if you have the UPDATE privilege for the grant tables in the mysql system schema, you can grant any account any privilege.)
"""

My account matches this condition, hence I agree this is not a bug.