Scenario is to have a user A, who shares a resource with user B. User B then re-shares to user C. B and C can both access the resource. If A revokes B's access I would expect neither B nor C to have access.
Steps to reproduce:
1) Register a resource as A
2) Share the resource with B
3) Log in as B, re-share the resource with C
4) Confirm that both B and C can access the resource
5) Log in as A, revoke B's access (note that A can't see C's access, so this is all they can revoke)
6) Attempt to access the resource as B - denied
7) Attempt to access the resource as C - allowed.
I would expect C's access to be denied once B's access is revoked.
Note we are using a nightly snapshot: OpenAM 13.0.0-SNAPSHOT Build 14956 (2015-August-05 02:52)