Imagine this scenario: User X in the TOP BU User Y in the TOP BU User X and User Y are Sys Admin, so they can see everything User X creates an Account, called A1 User X creates a Contact called C1 under A1 User Y creates an Account, called A2
At this point, neither A1 nor A2 nor C1 are in the POA table.
User X set A2 as parent account of A1. As a consequence of that, A1 and C1 appear now in the POA table linked to User Y. I understand why this happens, so no problem.
Here is the mystery:
User X REMOVES A2 as the parent of A1. As a consequence of that, A1 and C1 are NOT deleted from the POA table. Only thing that changes is the InheritedAccessRightsMask that gets set to 0 for both records.
You may say now: "Ok, why are you complaining that these 2 records are not removed??" Answer is: "This is a huge problem considering how the p_GrantInheritedAccess is done"
Imagine that there is an Entity called "Summary" which is child entity of the Contact. If User X creates a new Summary under C1 you will notice that in the POA table, Summary will be linked to User Y (with a valid InheritedAccessRightsMask ) even if this HAS NO SENSE AT ALL. This is increasing the size of the POA table but it is also introducing a security bug in the system.